The disruption caused by the rise of the internet and popularity of web-enabled devices is indisputable; industries have been completely flipped upside down as new, online businesses offer consumers products and services that were once unimaginable. As life is moving to the cloud, however, so are the criminals. The US Justice Department estimates that more than 4,000 ransomware attacks have occurred each day since the beginning of 2016, meaning hackers engineer software programs that prevent employees from accessing their computer systems until a ransom total is paid. In 2016, about 72.0% of large companies and 20.0% of small to midsize companies were targets of cyberattacks, according to CNBC and Microsoft, respectively, boosting demand for products and services protecting against cyberattacks. IBISWorld expects the US Security Software Publishing industry to grow 2.6% in 2017, to $12.0 billion. However, while companies are increasingly investing in defending against cyberattacks, large attacks still occur. In fact, just this week, news broke that a cyberattack on credit-reporting agency Equifax Inc. claimed social security numbers and other sensitive information on more than 140.0 million Americans. Equifax is hardly alone; the following four industries and companies have been hit hard by cybercriminals over the past five years.
Movie and Video Production
The Movie and Video Production industry includes companies that produce and distribute motion pictures and videos, such as the Walt Disney Company, NBCUniversal Media LLC, 21st Century Fox, Time Warner Inc. and Sony Corporation. These kinds of companies are prime targets for cybersecurity breaches because of the value of the creative content they produce and the fragmented nature of their supply chains.
Sony Pictures Entertainment, a subsidiary of Sony Corporation (Sony), suffered a massive security breach in October 2014. Hackers broke into the computer systems and stole confidential information, including Social Security numbers, contracts, several movies and personal email chains between executives and actors, and eventually released the stolen information to online publications. As a result, Sony, which accounts for 9.4% of total industry revenue in 2017, sought to prioritize increasing cybersecurity measures. Immediately following the hack, Sony Pictures hired a private cybersecurity firm, FireEye, to dissect the breach and identify vulnerable spots in Sony’s system. Sony’s operating income has fallen at an annualized rate of 9.8% over the five years to 2017, partly due to the increase in cybersecurity. This hack served as a wake-up call to the rest of the industry.
As a result of an increasing number of security breaches, operators in the Movie and Video Production industry have increased preventative security measures. For example, the industry as a whole has experienced an increase in data and file encryption amid increased scrutiny concerning individual access to certain files. As a direct result of the Sony hack of 2014, industry spending on cybersecurity is expected to increase over the five years to 2022.
Operators in the Commercial Banking industry provide financial services to clients in the form of commercial, industrial and consumer loans; major companies include Wells Fargo & Co., Bank of America Corp., JP Morgan Chase & Co. and several smaller corporations like Citigroup Inc. and US Bancorp. With revenue upward of $553.2 billion, this industry is a favorable target for hackers. Companies in the industry store vast amounts of confidential information, ranging from individual Social Security numbers to financial information of large corporations. In addition to hiring private cybersecurity companies, the industry receives assistance from the federal government, which works to prevent breaches by spotting potential hacks and investigating the origin of the hack after a security breach.
Despite these security measures, JPMorgan Chase & Co. (JPMorgan) suffered the biggest breach of customer data from a commercial bank in October 2014. In an SEC filing, JPMorgan reported that more than seven million small businesses and 70.0 million households (about 83.0 million customers) “may” have had private data compromised in a cyberattack. The reason for the uncertainty is that the company has not noticed any unusual fraudulent activity after the incident. As a result of the security breach, JPMorgan built a security team comprising over 1,000 people, including many ex-military cybersecurity experts, to exclusively combat online threats. Additionally, in a 2015 quarterly report, JPMorgan announced that the budget for cybersecurity spending was going to double from $250.0 million to $500.0 million.
Although security breaches have long been a looming threat, the 2014 hack was so immense that it forced operators to increase spending on security. According to the Homeland Security Research Corporation’s Banking and Financial Services Cyber Security: US Market 2015-2020 report, financial service companies spent an estimated $9.5 billion on cybersecurity in 2015. This spending trend is expected to continue as commercial banks increase their online platforms and continue to rely on the Society for Worldwide Interbank Financial Telecommunications, an online network that banks use to transmit information through a set of codes, for everyday operations.
Health and Medical Insurance
Operators in the Health and Medical Insurance industry include carriers of private, group and public health, medical and dental insurance. IBISWorld estimates that revenue for this industry is anticipated to increase an annualized 2.3% over the five years to 2017 to reach $784.9 billion, making it one of the largest industries in the United States. Industry-wide technological adaptation has enabled insurance providers to become largely paperless, with most major medical systems today either using electronic medical records exclusively, or a combination of paper and electronic accounts. Consequently, patient records in both the public and private healthcare sectors have become increasingly accessible, making this industry particularly vulnerable to cyber attacks. Data breaches that enable hackers to obtain highly sensitive patient information carry the risk of these records being used for medical identity theft, in which stolen personal information is used to obtain medical care, purchase drugs or submit fake medical billings. To provide increased protection from cyber attacks, operators in this industry must invest heavily in IT security, cyber consultants, and educational initiatives to keep staff aware of the latest threats.
Anthem Inc. (Anthem), one of the largest managed care providers in the United States and a major player in this industry, was subject to the largest cyber security breach in the healthcare industry to date. In January 2015, Anthem disclosed that 78.8 million patient records containing highly sensitive information, including patient names, birth dates, home addresses and Social Security numbers, had been stolen by hackers. A nationwide investigation concluded the attack was likely ordered by a foreign government. Anthem has since agreed to pay a total of $115.0 million to resolve the litigation, including funding allocated for an additional two years of credit monitoring and identity protection services for those potentially affected by the attack.
Warehouse Clubs and Supercenters
The Warehouse Clubs and Supercenters industry includes large stores that primarily retail a general line of grocery products and merchandise items. IBISWorld estimates that revenue for this industry will increase an annualized 0.9% over the five years to 2017 to reach $459.7 billion. In recent years, operators in this industry have been the subject of several high-profile cyber attacks seeking to obtain customer data. Financially motivated cybercrime makes operators in the retail sector uniquely vulnerable to such data breaches, as hackers often trade credit card information in online marketplaces. This industry has also experienced a rise in ransomware attacks. According to FBI data, ransomware and recovery costs rose to $210.0 million in the first quarter of 2016 alone. To provide increased protection against ransomware attacks and avoid succumbing to ransom payments, operators in this industry must invest in back-ups of their network and system files as well as regularly update all computer software as it becomes available.
Target Corporation (Target) is the second-largest discount retail store in the United States. In December 2013, Target announced a major data breach involving up to 40.0 million customer credit and debit cards. The attack enabled hackers to gain access to sensitive information including customer names; card numbers, expiration dates and CVV security codes; and debit card PIN data. Target later disclosed that the names, phone numbers, email addresses and mailing addresses of up to 70.0 million additional customers had been stolen, raising the potential total number of affected customers to 110.0 million in one of the largest cybersecurity attacks ever reported.
The challenge of cybersecurity remains colossal and is only expected to grow; while total internet traffic volume grew an annualized 20.2% over the past five years, it is expected to accelerate to an annualized growth of 21.7% over the next five years. In 2022, nearly triple the amount of data will be transferred on the internet compared with today, increasing the risk of cybercriminals looking to steal Social Security and credit card numbers, creative content and other pieces of sensitive information.