Cyber risk survey results
Social media are a great means of communicating and building communities. At the same time, their implications for company reputation are a real concern for risk managers. This is the finding of an online survey on cyber risks conducted by FERMA and the Institute of Risk Management (IRM).
The survey, which took place just ahead of the Forum, received a total of 186 replies from members of the two organisations. They were asked which three cyber risks they regarded as the greatest threats to business in general and to their own organisation and then how these risks were managed.
Nearly half of the respondents put reputation risk from social media among the top three for business generally, with a further 20 percent including loss of confidential information through social media as a material exposure.
When it came to their own organisations, more respondents named non-malicious operational IT risks among the top three, followed by theft of customer information and then social media reputation risks.
The risks are real. Of 98 FERMA members who responded to the question, 28 said that their company had suffered an attack on confidential information and 12 out of 36 responses said they had been concerned by a denigration attack.
In terms of managing the risks, risk management is the only corporate function regularly involved in addition to IT security with over 80 percent saying it participates, compared to just under 20 percent for the next highest which is legal or company secretary.
FERMA Vice-President Michel Dennery who conducted a workshop on the risks of the virtual world at the 2011 FERMA Risk Forum said: “The Web 2.0 tools expose us to a lot of risk. We have to take care of the really valuable information, the information that we use to make money, the information that gives us competitive advantage. It needs much more protection today because the environment is much more open.
“At the same time, the new tools also offer a lot of opportunities in greater sharing of information. We can use them communicate with suppliers, shareholders and other stakeholders. They can also help us break down internal silos.”