Social media and the potential they pose to reputation risk and protection of confidential information are significant risks to European businesses, according to a survey by the Federation of European Risk Management Associations in cooperation with the Institute of Risk Management (IRM).
Risk professionals from both organisations were asked which three cyber risks they thought were the greatest threats to business in general and to their own organisations. A total of 186 replied to the online survey during August and September (2011) intended to inform the two organisations’ discussion about risks of the virtual world.
For business in general, reputation risk from social media was cited as a material risk by nearly 50% of respondents and loss of confidential information through social media by 20%. These concerns ranked social media along with non-malicious operational IT risks, theft of customer information and malicious interference with IT systems as the greatest cyber threats to business in the eyes of the risk professionals.
The emphasis shifted somewhat when it came to respondents’ own organisations. More than half put operational, non-malicious IT risks among the top three, followed by 43% who mentioned theft of customer information. However social media risks were next with 42% who included them among the biggest exposures to their own organisation with 21% concerned about loss of confidential information through social media.
In response to additional questions to FERMA members, one-third of 36 responses said they had already been concerned by a denigration attack. One-quarter of the 98 responses said their company had suffered an attack on confidential information.
Other findings from the surveys:
Risk managers are widely involved in managing cyber risks in addition to IT security, over 80% of the responses. However, legal and company secretarial take part in less than 20%; public relations 14%; human resources less than 6% and investor relations just 4%.
Most organisations have a policy for their employees on the use of social media (65%) or are in the process of implementing one (14%).
Most organisations either map their cyber risks (53%) or are in the process of doing so (31%).
The responses came from a wide variety of industries, including telecoms, transport, energy, banking and transport, and many European countries, with the largest number from the United Kingdom.
FERMA Vice-President Michel Dennery conducted a workshop on the risks of the virtual world at the 2011 FERMA Risk Forum held in Stockholm from 2-5 October. He said: “The Web 2.0 tools expose us to a lot of risk. We have to take care of the really valuable information, the information that we use to make money, the information that gives us competitive advantage. It needs much more protection today because the environment is much more open.
“At the same time, the new tools also offer a lot of opportunities in greater sharing of information. We can use them communicate with suppliers, shareholders and other stakeholders. They can also help us break down internal silos.”
Dennery welcomed the active involvement of risk managers in dealing with exposures from cyber risks and social media. He commented that part of the risk manager’s role will be to communicate with other functions, such as legal and human resources, which the survey indicated are not often involved, and bring their insights into the risk management process.
Finally, Dennery said: “Companies have to learn how to live in this new environment where information is available immediately anywhere, where private and professional life is merging, and where the balance of authority is shifting. Influential cities have always been located on important communication nodes. The Web provides a global and worldwide open city where companies must take risks for developing their business and preserving their know-how.”