Coro Cybersecurity received an AAA Rating from SE Labs for Enterprise Advanced Security Protection. Read the report
Coro Cybersecurity

4 reasons creative agencies should prepare for cyberattacks

November 18, 2022


For the 120,000 communications and creative agencies in the U.S., the threat of cybercrime isn’t new. As early as 2009, the FBI publicly warned that hackers were targeting PR agencies.  Yet few agencies have proactively addressed the threats.

Over the past decade, many of these same agencies have worked diligently to help their clients establish crisis communications plans, engage in rapid response, and mitigate brand reputation damage, both proactively and more commonly, in reaction to cyberattacks. Ironically, the upsurge of “cybersecurity” work for agencies hasn’t translated into the prioritization of digital security for their own brands – leaving them more vulnerable than ever to cyberattacks.

While attacks on agencies haven’t frequented the news cycle (yet), there are recent attack examples that suggest the industry is a priority for attackers. Just last year, Omnicom Media Group had to take down IT servers because of a massive cyberattack. The media giant was lucky and didn't suffer any data loss, but the fact that an attack got through in the first place is a bad sign for a company of such size with so many resources.

Additionally, many attackers now regularly seek out access to social media brand channels, many of which are run by marketing, digital or social agencies, and hide cyberattacks directly within posts. The origination of such an attack is often untraceable. And finally, earlier this year an international hacker group stole a bunch of press releases, which eventually netted them $100 million in illegal earnings.

Why are agencies attractive to hackers?

While you’re likely familiar with recent large-scale cyberattacks targeting enterprises, government agencies, and politicians made famous by the news, you may be less aware of the millions of cyberattacks that now target small and medium-sized businesses on an hourly basis. As those larger public and private institutions continue to spend millions on technology and people to harden their cyber defenses, attackers have shifted their targets toward companies with lucrative data and assets that don’t have the resources to implement such defense-in-depth. Hence the risk to the majority of communications and creative agencies is rising faster than the industry can accommodate.


Four primary reasons why agencies are an attractive target for cyberattacks:

  1. Agencies retain sensitive customer data, marketing strategies, market and competitive research, and more - often for multiple clients. That means agencies hold a treasure trove of data.
  2. Agencies are often known for their flexible, bring-your-own-device environments and remote worker policies. But this flexibility, coupled with the fast pace of agency life, means employees are more likely to inadvertently connect to a compromised network or miss critical device updates and protections that leave them vulnerable to attack.
  3. Turnover has long plagued agencies, and with turnover comes an often-overlooked threat - data theft.
  4. Agencies are often early adopters of technology, many of which are reliant on cloud services (Box, Dropbox, Office365, Slack, G-Suite, etc.) for business operations, productivity, and efficiency. Because of limited IT resources, these agencies often don’t realize that these cloud apps are highly vulnerable to cyberattacks, even with the security protections inherent to each service.

What’s at stake for agencies?

Knowing the risks, clients are increasingly demanding that agencies obtain cyber insurance and commit to cybersecurity. Cybersecurity has become a cost to doing – or at least to growing – business. Unfortunately, like many small and mid-sized businesses, most agencies don’t know the reality of their security risks, nor do they know who to trust and where to begin with creating, implementing, and executing a comprehensive cybersecurity strategy.

Such an excuse – no matter how much truth there may be to it – is no longer acceptable. Today, clients of all sizes trust agencies with their sensitive data. A single breach can tarnish client relationships, result in lost business, interrupt business continuity, facilitate lawsuits, and force agencies to close their doors for good.

In fact, 60 percent of hacked small and medium-sized businesses go out of business after six months, according to the National Cyber Security Alliance. For any agency to sustain, grow and gain top-tier clients, it can no longer afford to ignore cybersecurity.

Data breach protection for agencies that use the cloud

Coro protects agencies using the most popular cloud applications like G-Suite, Office 365, Slack, Dropbox, and Box from data loss, unauthorized users, and malware spread with no cumbersome installations or restrictions on where employees can work. In addition, Coro prevents remote workers from joining rogue Wi-Fi networks while also blocking suspicious activity associated with BYOD policies – all without interrupting the user or the company.

Our platform uses AI to continuously get smarter at detecting and mitigating threats, providing security for users, devices, and SaaS applications all in one platform. It’s security for agencies, done!

Want to learn more about what makes our award-winning platform so unique?