Media companies challenge technology providers to improve cyber security posture, DPP research shows

Broadcasters and content providers have challenged their media technology suppliers to improve their cyber security posture and practices, new DPP research shows.

That is one of the key findings of the latest DPP report, The State of Media Technology Security 2024, a research project analysing the current state of IT security within the media industry which revealed the different attitudes to cyber protection among content providers and vendors.

While media and broadcast organisations take a cautious approach when assessing their own protection and defensive capabilities, technology providers believe they have secure systems, products, policies and vigilant staff with little room for improvement in their own security practices — something the content providers say they do not always experience.

"The State of Media Technology Security 2024 reveals a significant divide in how media companies and their technology partners approach cyber security," said DPP Editorial Director Edward Qualtrough, the research lead and report author.

"Broadcasters are cautious and wary of labelling themselves as 'secure'; they know in every area of their business and in each media technology workflow from production to distribution there is more that can be done to improve security. Meanwhile vendors take a much more optimistic — and perhaps somewhat naive — view of their responsibilities in an increasingly connected ecosystem, and of their capability to respond to the growing threat landscape."

The DPP conducted an industry survey to produce The State of Media Technology Security 2024, and 59 organisations took part. Respondents were Chief Information Security Officers and product security leaders at some of the biggest organisations in media and broadcasting, and from key technology providers. All are listed as contributors in the report.

The DPP also facilitated a workshop with CISOs and expert security practitioners from major broadcasters and leading technology providers to provide context, commentary and advice about how to respond to the findings.

The research also revealed how media industry tech transformation initiatives have not necessarily led to better security. At least according to the content providers, who believe product innovations among their supplier base have added complexity and vulnerabilities to existing media business operations.

Vendors though do believe their products have made the industry more secure in all areas, and responded that broadcasters are rarely willing to sacrifice new features in a media tech product in order to improve its security.

The State of Media Technology Security 2024 is supported by Lead sponsor and DPP member company Ross Video.

John Naylor, VP Product Security & Ross Research Labs at Ross Video, said:

"It is evident in this research that vendors and media companies have divergent opinions on the quality of their cybersecurity, with vendors bullish and media companies less confident. Ross Video shares the media companies' view: The whole industry has work to do.

"Beware complacency around cybersecurity – especially with the opportunities AI is giving attackers. It would be remiss or unwise to think you're done. And in the last couple of years, we have seen dozens of large media companies learn that lesson the hard way."

The State of Media Technology Security 2024 report is available for DPP members to download here. The DPP will be presenting and discussing key findings with contributors at the DPP Espresso Summit on Friday 13 September in Amsterdam.

Later in the year the DPP will be releasing the inaugural DPP Media CTO Survey 2024, a research project exploring the technology investment priorities, leadership challenges, recruitment strategies and business goals of CTOs working in media, broadcasting, news and entertainment.