In the realm of cybersecurity, the gaming industry has witnessed remarkable year-on-year growth, boasting a reported revenue of nearly $110 billion in 2017 alone. This expansion has garnered significant attention, but regrettably, not all of it is positive. The industry's evolution, transitioning from individual experiences to a networked ecosystem, brings with it a growing emphasis on in-game and real-life economies, rendering it increasingly vulnerable to cyber-attacks and criminal activities. For game developers and publishers, this susceptibility poses a potential disaster.
While ‘cheats’ have always been used in video games, what the industry is facing now is a far greater issue. Malicious programs like ransomware, account or identity theft, fraud, and personal data mining (or ‘doxing’) are now real challenges that developers and publishers face every day. While cybersecurity can be costly, some game companies have reported up to 40% annual revenue losses to cyber-crime and microtransaction fraud. Security has never been more important. For those in the industry thinking that cyber-crime or hacking will never be an issue for them, there are several key factors that they need to be informed about.
Loss of revenue due to inadequate cybersecurity measures
Cyber-attacks can have untold negative impact on a game’s profitability. In-game fraud is rife across every gaming platform, regardless of whether it’s PC, mobile, or console. Hacking to siphon loot, items, or even in-game currency result in direct financial losses to the developer, and when it comes to scale, the sky really is the limit. In November 2016, EA reported in-game currency losses in FIFA of almost $20 million in only two years. Payment transaction processing vendors are not immune to hacking either, making it extremely advisable that publishers and developers install their own precautionary processes in how payments are processed.
It isn’t just fraud and hacking that can lead to revenue loss. When Xbox Live was targeted in February 2016, the network was taken down for over a day. All payments and transactions were put on hold, resulting in massive losses for Microsoft and countless other developers and publishers worldwide. And with many regions having no set legal regulations or recourse, those in the industry creating and maintaining the targeted games are very often left to bear the burden and losses alone.
Damage to Reputation
Perhaps the most important consequence of all to consider is the resulting loss of reputation brought on by a cyber-attack. Games are sold on the back of a developer’s good reputation. Trust is built on player’s knowing their payments are being made safely and their personal information is being stored responsibly. That’s why large-scale hacks – like the ones suffered by Sony’s PlayStation Network in January and December of 2016 – can be so detrimental to a developer’s continuing operations. It goes without saying that if a developer can’t guarantee their personal information (like their credit card information for example) will be kept safe from hackers, players will disassociate themselves entirely from them.
Player Faith
On the most basic level, poor game cybersecurity implementation can lead to players abandoning your game en-masse. Take for example the July 2016 hacks on the popular mobile game Pokémon Go. According to the group of hackers claiming responsibility for the crime, the attack was carried out as a warning to the developers to improve the app’s stability. The attack made the app completely inaccessible to users. The player experience was completely upended, and the app’s security was brought entirely into question. No matter how popular a game is, if players do not feel your game is going to be online and active when they want to play it, they will find a new, more reliable game to play.
Such hacking and in-game programming can have other far-reaching consequences – for example, calling into question the integrity of eSports competitors – there are other legislative issues that publishers and developers have to worry about.
Legislation and Regulation
It’s true that some recent legislation does indeed play in the favour of the industry. One recent law passed in South Korea would see those making or intending to supply programs or cheats that violate a game’s terms of service punished with a 5-year prison sentence or a fine of up to $43,000. However, not all laws may be as favourable to developers or publishers. Should it become regulated, a precedent may be set for large fines or other recourse that may hinder a developer’s operations over player data leaks and breaches (as was the case in the above-mentioned Sony hack).
Another important legislative factor for those releasing games in Europe is the General Data Protection Regulation (GDPR) coming into effect on May 25th, 2018. The GDPR creates tighter restrictions for bodies handling personal data in regards to how information is used, stored, and protected. This will be important for developers and publishers as it requires them to inform players about how their information is being used as well as what precautions are taken for future breaches.
When it comes to a unified solution for losses and consequences as outlined above, the most effective methods always come from strong cybersecurity mechanisms. Effective cybersecurity controls put in place in the short term can prevent any combination of long-term impacts for developers and publishers alike.