When cybersecurity makes money

Explore our weekly delivery of inspiration, insights, and exclusive interviews from the global BHMEA community of cybersecurity leaders.

Keep up with our weekly newsletters on LinkedIn — subscribe here and listen to The Black Hat Files here.

Discover inspiration and exclusive interviews from the global Black Hat MEA community – in your inbox every week. 

This week we’re focused on…

The cases where cybersecurity can support revenue, instead of being seen by business leaders as a drain on budgets. 

Security leaders are well accustomed to having to justify the cost of their programmes in budget season, building links between risk reduction and financial goals. It’s a defensive posture – both in terms of the work you’re doing, and the way you feel going into budget meetings. 

But when Phillip Wylie spoke to Dan Meacham (VP of Information Security at Legendary Entertainment) for the podcast, he explained how he positioned his role to align with the company’s financials in a very tangible way:

“I went from being a cost centre in the organisation to being a profit centre, by going after unlicensed merchandise.”

Cybersecurity as an operational function 

This makes cybersecurity a function that can directly influence the bottom line. In industries built on intellectual property, the threat landscape spills into marketplaces, social platforms, and digital storefronts – anywhere a brand can be copied and repackaged. 

A film studio worries about counterfeit merchandise appearing online within days of a trailer drop. It worries about unauthorised content circulating before release. Increasingly, it worries about AI-generated assets that look close enough to official material to confuse audiences.

And although none of this is entirely new, the speed and scale of potential breaches (whether they’re malicious or well-meaning) has increased dramatically. 

Importantly, organisations right now are also unsure who’s best placed to deal with these challenges. Brand protection has conventionally been handled by legal teams, and enforcement was reactive. But that doesn’t work anymore – content is created and distributed too fast for slow processes and distant teams. 

So Meacham describes a shift towards treating brand abuse as an operational problem – one that looks a lot like cybersecurity.

Because when you strip it back, the mechanics are the same. You’re monitoring large, messy digital environments. You’re identifying patterns of misuse. You’re tracing activity across platforms and supply chains. And when you find something, you act (quickly) to contain and remove it.

We’d argue that’s very much in the remit of security work.

The commercial implication is hard to ignore.

When counterfeit goods are sold using your brand, you lose revenue. When unauthorised distribution undercuts official channels, that’s margin erosion. When poor quality knock-offs flood the market, that’s brand dilution – which is hard to quantify, but still causes serious damage.

The difference, compared to traditional cyber risk, is that these losses can often be seen and tracked, and then reduced in measurable ways.

Which opens the door to a different kind of conversation at the board level. Instead of explaining what your security prevented, you can show the specific assets you recovered – and that’s a much easier story to tell. 

Generative AI is accelerating this 

It’s never been easier to produce convincing branded content. You used to need design skills and expensive tooling to make assets that can now be thrown together in minutes. This lowers the barrier not just for organised counterfeiters, but for smaller operators (and even enthusiastic fans) to create and sell derivative products.

The motivations vary, but the impact on the brand is almost always negative. More content, more confusion in the market – and growing pressure on the organisation to prove what’s real and what’s not. 

Enforcement is also becoming much harder in the face of AI speed. Content can be generated and re-uploaded as quickly as it’s taken down, and different platforms have different standards; some might respond to requests to remove counterfeit content immediately, but others might take days or weeks. 

So you have to be monitoring constantly, and be ready to launch a coordinated response as soon as you detect a breach. It’s the kind of capability that security teams have been building for years.

Brand IP still needs legal protection

None of this means cybersecurity suddenly owns brand enforcement outright – but it does show how the boundaries are changing. 

Where digital assets are the business, protecting them requires an understanding of how those assets move and where they’re being exploited — often in plain sight.

And that’s where security teams can step up – not just as defenders of value, but as contributors to it.

Read the blog: Can movie fans become threat actors? 

Listen to the podcast: Deepfakes, Superfans & the Battle for Authenticity with Dan Meacham