The digital signage industry can no longer rely on outdated notions of obscurity as protection. As public visibility grows, so does the risk - and one compromised screen can damage reputation far beyond traditional IT breaches. Integrators, and software vendors (ISVs) must take full ownership of cybersecurity, especially for on-premises installations. Cybersecurity must be treated not as an add-on, but as an operational cornerstone of modern digital signage.
Opinion: Cybersecurity in Digital Signage – Time to Take Ownership
For years, the digital signage industry rested on the illusion of immunity. With isolated systems and relatively few devices compared to broader IT infrastructure, hacking seemed unlikely. But those assumptions are obsolete today. A single compromised public screen can attract more attention – and reputational damage – than dozens of infected office devices. The very strength of digital signage – its visibility – has become its vulnerability.
Security Expectations Have Changed
Today, no enterprise buyer makes digital signage decisions without thorough penetration testing. ISO certifications are often required, especially as modern signage increasingly integrates sensitive internal data. End-users are demanding robust safeguards – and rightly so.
And yet, the industry continues to fall short. Hacked screens remain common, surfacing online as cautionary tales. Whether it’s unchanged default passwords or unpatched servers, breaches are happening not because cybersecurity is impossible – but because ownership is unclear.
Broken Responsibility Models
On-premises systems in particular suffer from weak accountability. Integrators and ISVs often install the solution and leave maintenance to the customer. But this hands-off approach is no longer viable. Security demands expertise, urgency, and clear ownership. Blaming the customer after an incident won’t hold up – reputational risks will inevitably point back to the vendor.
The solution? On-premises setups must come with comprehensive service packages, ideally structured as Managed Service contracts. Anything less leaves too much room for error.
Security That’s Practical, Not Theoretical
Take one recent example: a major digital signage software update requiring a 700MB patch for each display player before server updates could be applied. In networks with thousands of screens, that’s unmanageable. Time, bandwidth, and administrative strain mean many servers simply won’t be updated – leaving vulnerabilities wide open.
To their credit, the vendor offers a modern and very competitive secure cloud-based CMS with continuous updates. But customers cling to on-prem licenses, drawn by appealing pricing. Until the industry embraces managed services and makes cybersecurity manageable, these gaps will persist.
Leadership, Not Finger-Pointing
Cybersecurity isn’t a customer’s burden to carry alone. The digital signage industry must take full ownership – designing updates that are efficient, supportable, and built into the service from day one. Security is no longer optional, and passing the buck is no longer acceptable.
