Covering film sector threats, old and new
Film piracy by hackers costs studios and post-production companies hundreds of millions in lost revenues each year. Recent high-profile cyber attacks on Netflix and Disney, possibly the result of a breach at a third-party post-production company, highlight the need for insurers to address this evolving threat. Insurance products must ensure that post-production companies are covered not only for traditional commercial risks, but also for the hard costs involved in recompiling and reinstating systems and projects after a hack, decrypting content and drives, and (often most importantly) for restoring their ability to deliver on contractual deadlines. The latter is critical to preventing or avoiding the reputational damage that may arise from cyber-attacks and security breaches.
All businesses are vulnerable, but the entertainment industry’s reliance on secrecy renders it especially so. Films and television episodes lose much of their cash value to an individual after the first viewing. That makes early release by hackers a uniquely costly crime. One estimate put the cost of an illegal premature release of Expendables 4 at $100 million.
The threat is hardly new. After a cyber-attack on Sony Pictures in 2014, five stolen, unreleased films were posted online. Since then, hundreds of episodes and feature films have been hacked and illegally released, or leaked due to accidental internal security failures. Hackers are aware that simply uploading an unreleased film online can reduce its profitability by as much as a fifth. In the wake of the Netflix and Disney hacks, some studio executives want to combat this by bringing more work in-house. This would limit the number of people with access to proprietary entertainment content, but would cut out third-party vendors.
Post-production companies, which often work on multiple film or TV projects simultaneously, are less likely to have the same level of cyber security as major film studios. Hackers are aware of the tight completion and delivery deadlines studios place on them, and spotted an opportunity for extortion by preventing a release. That has made encryption/ransom hacks the second-largest cyber risk this time-sensitive industry faces. Delayed release can have severe reputational implications for post production houses, which makes them potential goldmines, and positions them as prime targets.
Post-production companies must be vigilant of the potential for security breaches, including accidental human error. Retaining the services of cyber-security and threat-intelligence experts, implementing their recommendations, and training employees in security protocol are essential actions. TMK’s VFX and Post Production Media Insurance includes proactive risk management funding for penetration testing, for example, which tests cyber and physical security. Companies must also ensure access to the cash and expertise necessary to rebuild after an attack. Our product provides all these resources, alongside risk management strategies and post-attack onsite support.
We understand the potency of this developing threat, and the fact that post-production companies face the same traditional risks we have covered for decades. New perils continue to appear, but the old ones do not go away: the threat of fires, theft, business interruption, and damage to technical equipment are as big as ever. We also know that buying multiple policies is costly, and increases the likelihood that an unforeseen gap in coverage may be discovered at the worst time, when making a claim. VFX and Post Production Media Insurance ensures companies are protected against the spectrum of potential losses. The hybrid product comprises traditional commercial insurance, cyber, and reputational management cover. It is tailored specifically to address the specialist needs of post-production companies. It is an innovative solution which genuinely meets the evolving threats the post-production sector faces.