M+E Daily

By Mathew Gilliat-Smith, CEO, Fortium Technologies

I was inspired to contribute to this season’s M&E Journal after reading the excellent “An Empirical Analysis of the Impact of Pre-Release Movie Piracy on Box-Office Revenue” produced by Carnegie Mellon University in July, 2014. It claims to be the first empirical research into the area of pre-release piracy, measuring the financial effect on those movies released suffering pre-release piracy against those without.

The take away is that, on average, pre-release piracy causes a 19.1 percent decrease in revenue compared to piracy that occurs post-release. The report estimates that pre-release piracy occurs on about 10 percent of all movies. At Fortium we have specialized in pre-release security solutions for the film and TV industry over the last ten years. So, from our perspective, it’s interesting to attempt to analyze the psychology behind the industry’s approach to spending (or not) on security in the specific area of pre-release.

Traditionally, the pre-release sector has not been a target for the large security companies because it is a very low volume business and content producers put only limited budgets toward pre-release security.

That may be because during post production and during the creation of marketing materials to promote the movie release, the number of files or discs produced, and therefore their potential to leak, is small. Until the Carnegie Mellon report, there has been very little published analytical information about the financial impacts on pre-release piracy. As a result, it admittedly can be difficult to measure the financial impact of piracy across different movies, since piracy is only one of many factors—including critical review, general popularity, director appeal, star rating, genre and so on—that influence box office revenue.

Inside security psychology
We would argue, however, that pre-release security should be thought of as a form of insurance, a concept so well established in all of our business processes. It would be unthinkable to run a company without insurance even though we hardly ever claim on the policy – it’s just one of those items you budget for because one day it will save your skin. There is no magic wand to solve the piracy problem and there are new threats arriving all of the time. Particularly noticeable in the last year, even for those outside of the industry, were the high profile leaks of big name movies, some of which happened before the movies showed in the cinema. Add on to that the increased incidence of cyber-attacks and security breaches generally, and everyone seems to be on heightened alert.

Fortunately, there are good solutions for certain workflows or the piracy problem would be a lot worse.

The most important objective is to prevent a high quality leak be-cause that content will last a long time on the Internet and satisfy most of the audience that views it. (A poor quality leak is more likely to deter those who are prepared to wait and pay for the full quality movie.) Let’s look at how return on investment for spending on security is rationalized. Ac-cording to the Carnegie Mellon report, across a sample of 533 movies, about 10 percent suffered pre-release piracy.

The mean box office revenue across this selection was U.S. $53 million and those movies were shown to have lost 19.1 percent more revenue than movies with post release piracy – a considerable dollar value wiped off the profit line.

So, if the losses are that identifiable, how closely aligned is the thinking between the studio CFO who is focused on year-end profits and the post supervisors who are focused on their ever tighter production budgets? Any extra expenditure is not welcome but is that just an attitude of mind? What about the holistic view?

Recently Marsh & McLennan, one of the world’s largest insurance brokers, stated that the majority of large firms lacked insurance that could help them recover from a serious cyber-attack even though most had suffered security breaches in the last 12 months.

A separate security survey released in 2014 suggests that the average cost for the most serious security breach that large U.K. firms face every year to clean up and remedy is $1 million to $1.8 million. For small firms costs are around $100,000.

In the case of insider incidents
One observation in the 2013 “Global Encryption Trends Study” by Thales e-Security discussing the general market is that “employee mishap is considered the main threat to sensitive and confidential data”.

It goes on to say, “Concerns over accidental data leakage outweigh fears about attacks by malicious insiders or hackers by almost a factor of two. ”

It is common to hear that, when a pre-release leak has been forensically detected, no action will be taken against the culprit because it was wasn’t intentionally leaked by them. In busy post production and marketing environments you can’t put extra hurdles in the way of doing the job and there must be a certain bond of trust for the teams that work so hard on these productions.

Does it sound logical that someone being paid to work on a digital asset, i.e. an authorized recipient, would be motivated to leak something that could later be attributed to them? More logical perhaps is that someone else who is not authorized to view the content but ‘happened’ to come across it is the more likely one to leak it.

Prevention is better than cure, which is why encryption is more and more widely used, and it means you are going a long way to putting assets out of harm’s way. Better still is encryption at-rest, which means the encryption stays with the digital asset while it is being worked on.

Assuming it was practical, applying encryption across the board on all content would perhaps be similar to taking out an insurance policy that covers the typical causes of loss, provided however that those premiums were reasonably priced.

Voila, the psychology has changed.

Click to read .pdf version

————————————-
Mathew Gilliat-Smith co-founded Fortium in 1999 and has been responsible for establishing it as a respected provider of anti-piracy software solutions to blue chip film and entertainment businesses. He works closely with studio content security teams to develop customized solutions that secure disc and file based content during post production and after release. Before joining Fortium Mathew held senior management positions in leading publishing, print, logistics and new media companies including Haymarket Publishing and St Ives.