The State of Security in Communications and Media

We surveyed security professionals worldwide to discover that the state of security in 2024 is a bit of a contradiction. Here, we highlight key findings from respondents in the Communications and Media industry.

Over half (57%) have mature cybersecurity programs but overall, the state of security is still evolving.

The State of Security 2024 is full of contrasts for Communications and Media respondents. Generative AI has gone mainstream, and organizations are racing to implement it to transform their businesses. Yet, security teams are rightfully concerned that generative AI is another tool in adversaries' arsenals. Over half of respondents identified their security programs as “extremely advanced” but many of them also contend with complex environments that are difficult to navigate. And, security teams must appease regulators while they battle cybercriminals.

Splunk for Communications & Media

Racing to harness AI

Communications and Media companies have only begun to scratch the surface of generative AI — but so have cyber threat actors.

There are clear risks: 85% believe more data leakage will accompany increased use of generative AI. And 82% say it expands the attack surface to a concerning degree.

On the flip side, most respondents believe generative AI may alleviate the cybersecurity skills and talent shortage. Ninety percent (90%) say security operations center (SOC) personnel can lean on generative AI to develop their skills, and 89% think it can help them hire more entry-level talent.

Employees – including security teams – are already using public generative AI tools. More than 60% of respondents admit to leveraging generative AI to do their jobs and 62% said most line-of-business end users also rely on public generative AI tools.

This begs the question of governance, and Communications and Media companies are still in the early stages. Thirty-nine percent of companies have not established a generative AI usage policy for employees, despite the high adoption rate.

Who has the advantage with generative AI?

Communications and Media respondents are almost evenly split:

47% say defenders will have the edge

45% believe adversaries will gain the most

For more insight into the race to harness AI, read the State of Security 2024 full report.

Get the Report

Sizing up the threat landscape

The Communications and Media industry leads all other sectors in encountering certain types of incidents. More than half of respondents experienced the following incidents in the last one to two years:

Identity management attacks (58%)
Advanced persistent threats (54%)
Cloud-based and cyber extortion attacks (53%)
Nation-state attacks (52%)

Communications and Media organizations are meeting the threat head on. The majority (94%) will increase spending on cybersecurity in the next one to two years. Some top initiatives include developing an integrated software architecture for security analytics and operations tools, purchasing security automation and orchestration tools, and increasing the use of outsourced resources for security operations.

82%
say it is hard to maintain effective security hygiene and posture due to the expanding attack surface

Navigating internal complexity

Communications and Media organizations disclose the number one reason it’s harder to keep up with cybersecurity requirements: complex security stacks with a surplus of tools and vendors. Nearly two-thirds (62%) say their SOC teams pivot between too many disparate security tools and management consoles.

The sector is also challenged by the talent shortage. Eighty-four percent of respondents admit they’ve considered leaving cybersecurity due to the inability to hire and retain staff with the right skills.

86% say spreadsheets remain a key aspect of security management

84% report that technical debt makes it difficult to keep up with security management

83%claim their organization is not aware of dependencies on third-party assets and connections to vulnerable assets

The mounting pressure of compliance

As connectivity expands and services diversify, it’s unsurprising that regulators are paying attention to the industry. New mandates are coming, so Communications and Media organizations are bracing for impact. In fact, 89% say they will handle compliance very differently one year from now.

It’s already affecting the day-to-day life of security teams. New mandates requiring the timely disclosure of material breaches impact 74% of respondents. And 88% say that increased regulation is causing more senior-level individuals to be on call 24/7.

What are companies doing to get ahead of the compliance wave?

They’re training for it. 92% are ramping up compliance training for the security team.
They’re making it part of everyone’s job. 92% say their teams make compliance part of their daily work.
They’re dedicating entire teams to it. 92% say that maintaining compliance requires an additional, dedicated team.

The momentum continues. Communications and Media organizations can make their cybersecurity programs more resilient.

Learn more about the State of Security 2024 and see how Splunk can help.

Get the Full Report

Communications & Media Overview