Europe’s Risk Managers Concerned by Social Media Reputation Damage

The U.S. isn’t alone in having to deal with the increased threats from social media and the potential they pose to reputation risk, as well as the protection of confidential information. These risks are also becoming more significant for European businesses, according to a survey by the Federation of European Risk Management Associations [FERMA] in cooperation with the Institute of Risk Management (IRM).

“Risk professionals from both organizations were asked which three cyber risks they thought were the greatest threats to business in general and to their own organizations,” FERMA’s bulletin explained. “A total of 186 replied to the online survey during August and September (2011) intended to inform the two organizations’ discussion about risks of the virtual world.”

For general business activities “reputation risk from social media was cited as a material risk by nearly 50 percent of respondents and loss of confidential information through social media by 20 percent. These concerns ranked social media along with non-malicious operational IT risks, theft of customer information and malicious interference with IT systems as the greatest cyber threats to business in the eyes of the risk professionals.”

However, when queried about their own organizations, those responding indicated that “more than half put operational, non-malicious IT risks among the top three, followed by 43 percent who mentioned theft of customer information.” Social media risks were next with “42 percent, who included them among the biggest exposures to their own organization with 21 percent concerned about loss of confidential information through social media.”

In response to additional questions to FERMA members, “one-third of 36 responses said they had already been concerned by a denigration attack. One-quarter of the 98 responses said their company had suffered an attack on confidential information.”

Responsibility for dealing with these emerging cyber perils has largely fallen on risk managers, who are widely involved in managing cyber risks in addition to IT security. Additional responsibility also falls on legal and company secretarial, “who take part in less than 20 percent; public relations 14 percent; human resources less than 6 percent and investor relations just 4 percent.”

FERMA also noted that “most organizations have a policy for their employees on the use of social media (65 percent) or are in the process of implementing one (14 percent). Most organizations either map their cyber risks (53 percent) or are in the process of doing so (31 percent).

“The responses came from a wide variety of industries, including telecoms, transport, energy, banking and transport, and many European countries, with the largest number from the United Kingdom.”

FERMA Vice-President Michel Dennery conducted a workshop on the risks of the virtual world at the 2011 FERMA Risk Forum held in Stockholm from 2-5 October. He stated: “The Web 2.0 tools expose us to a lot of risk. We have to take care of the really valuable information, the information that we use to make money, the information that gives us competitive advantage. It needs much more protection today because the environment is much more open.

“At the same time, the new tools also offer a lot of opportunities in greater sharing of information. We can use them communicate with suppliers, shareholders and other stakeholders. They can also help us break down internal silos.”

In his closing remarks Dennery stressed: “Companies have to learn how to live in this new environment where information is available immediately anywhere, where private and professional life is merging, and where the balance of authority is shifting. Influential cities have always been located on important communication nodes. The Web provides a global and worldwide open city where companies must take risks for developing their business and preserving their know-how.”

Source: FERMA

Topics Cyber Europe Risk Management