I wrote recently about my painful experience with a stolen debit card number as the result of a data breach at a games company I've loved for many years. The company certainly wasn't hoping to be attacked, and had implemented some security, but hadn't fully recognized just how many threat vectors there were, and how catastrophic the outcome could be.
I was really disappointed for several years about the incident that cost me lots of time and worry while trying to clean up the financial fallout from having my info stolen. I've come to trust again a little at a time. I'm spending money happily on a few games and storefronts. I still refuse to use a bank card on any website or online business. (I rarely use it in the physical world). I spend less than I used to, and I'm slower to complete a purchase if it means entrusting a new card to a game publisher whose data security stance I don't know.
We recently ran a developer study that showed 84% of game companies have been targeted by cyber attacks within the past year. Of those surveyed, 66% suffered a DDoS attack, and 38% had account hacks impact their games. Content and data theft were also on the list, impacting approximately one out of every six games.
For those of us in the games industry, player trust is critical. We need players sharing info with us. We NEED them to be inclined to spend more money with us, and we expect it to be as frictionless as possible. Unfortunately, they don't trust us, and for good reason. Some of the industry leaders I talk to say their plan is to hope they don't get attacked.
I think we should all know by now that every company is a potential target, and hope is still not a plan.