4. What’s Social Media?
“
“Social media is an umbrella term that defines the various
activities that integrate technology, social interaction, and
the construction of words, pictures, videos and audio.”
Marta Kagan
8/10/2013
4
7. Organisational Challenge
Social Media managers do not have risk management
written in their job specs…
and Risk Managers do not have enough knowledge of
social to have it on their radar.
>> Unidentified, Unaccounted for, Unmanaged Risks
8/10/2013
7
8. Business model implications (opportunities)
Internal
stakeholders
External
stakeholders
Innovation
8/10/2013
Collaboration
Business processes
Communications
Legal
CRM
8
9. Business model implications (risks)
Business
Compliance
IT policies
Productivity
Reputational (corporate
and product)
Malware attacks
Employee
Information
Leakage
Legal
Ownership
8/10/2013
Customers
9
10. Social Media: A Risk
Management Challenge
Julia Graham, DLA Piper
Peter Hacker, Jardine Lloyd Thompson
Corrado Zana, Marsh Risk Consulting
Christophe Mallet, Carve Consulting
@FERMARisk
#Fermaforum
•10
13. Taxonomy of Social Network Risks
Government and
critical
infrastructures
Individuals and
Families
@ Risk
Enterprises
14. Government and Critical Infrastructures
•SCENE
Political Risks
Broadly, social media can exacerbate these political risks in four ways:
@ Risk
Accelerate: Social media can accelerate the formation of political protests and resistance.
Spread: The global nature of social media can enable civil unrest to more easily and quickly transition
from a single-country phenomenon to a regional event.
Target: Social media users frequently target individuals and organizations perceived as being friendly
or close to unpopular regimes, potentially leading to a loss of income for some businesses.
Deflect: Authoritarian governments may use social media to deflect popular discontent away from
political leadership and toward foreign entities or companies that may be instigating or playing a role
in fueling unrest.
Source: Social Media Adds to Political Risk Equation
in Emerging Markets. Marsh 2013
15. Individuals and families
Cyber Risk Register for individuals
Fraud
Cyberbulling/Pedophilia
Self-inflicted reputational damages
Back-door for bigger targets (social engineering)
@ Risk
17. Ten Deadly Sins of Social Networking
1. Believing who dies with the most connections wins
2. Clicking everything
3. Controlling your people and family but not saying why
4. Endangering yourself and others
5. Engaging in Tweet/Facebook/LinkedIn/Instagram rage
6. Mixing personal with professional
7. Over-sharing company activities
8. Password laziness
9. Privacy compliance is not just a boring stuff
10. We are not there ....really?
8/10/2013
17
20. 1. Social media risk landscape
1.1. What can go wrong? Potential scenarios:
Loss of control (external): customers of the corporate can publicly state
comments/opinions which damage the corporate’s brand, reputation and key
products/services
Loss of control (internal): employees publicly state comments which can lead to a
negative perception on the company, third party, or a key product/service/brand
Third parties: external third parties using a public/corporate social media
environment to express negative comments/perceptions, carry out public disputes
or even “hi-jack” the system for spamming purposes.
Data privacy/security: accidental or purposeful release of sensitive personal
customer data or sensitive corporate data (e.g. trade secrets) into the public forum
via social media channels.
21. 2. Social media risk landscape
2.2. Key risk groupings
Social media
Liability
IT/Cyber
First Party
Breach of contract/
confidentiality
Network security liability
(malware transfer)
Reputational damage
IPR infringement
Privacy breach/liability
Mitigation costs
Libel, slander and
disparagement
Increased “churn”
22. 2. Insurance and risk solutions
2.1. Overview of available insurance solutions
•
Professional Indemnity
•
“Cyber”
•
Media Liability
•
Non-physical Business Interruption
•
Reputation
Well structured and tailored advice (pre/post loss) and coverage (is
required to respond to the myriad of intangible risks presented by social
media. Avoidance of coverage gaps and duplications is a necessity. In
brief, stress test your existing arrangements first.
23. 2. Insurance and risk solutions
2.2. Risk management approach
Social media – control options:
No policy
Controlled access
Key risk management principles:
•
•Guidelines: establishment of a formal
social media policy
•Auditing: conducting audits and risk
assessments across the business
•
Limited access
Full block
Training and HR: integrate social media
policy principles into training (e.g. “common
sense” principles)
Risk management integration: group
committee between risk management, HR,
data/IT security, marketing/
communications, operations etc is essential
24. 3. Social media
3.1. Case study – loss mitigation
Mobile malware threat: Is not only a reality, but is growing at an exponential rate. There are
currently over half a million malware apps for the android platform in circulation
Potential scenario: a corporate has been hacked and as a result there is an interruption in
service to its customers. Furthermore, it has been publicly reported that sensitive and payment
customer data has potentially been breached.
Exposures: increased customer churn rate due to reputational damage, business interruption
(direct loss of revenues due to interruption to services), cyber liability, regulatory action, first
party loss mitigation costs (including potential refunds or credits to the affected customers) etc.
Usage of social media: to efficiently send out clear communications to the affected customer
base to inform them realtime about the incident, what the corporate is doing to rectify the
situation, and when service is due to resume. Can also be used to provide post-loss service
(and remediation) to the affected customer base. Important: communications must be timely,
accurate
and
well
managed
to
avoid
further
worsening
the
loss.
25. 4. Conclusion
Insurance and risk implications
•
•
•
•
•
•
•
•
Social Media Question: Is it social software or business benefit to society what counts?
Transparency: Business have to benefit “society”, if you” can’t beat them, join them”
Risk Landscape: Everything is connected to everything else
Losses: Major data loss through mobile devices just a matter of time
Risk and insurance management: ensuring that the evolving threat landscape is
adequately understood and the appropriate insurance/risk strategies are applied
Insurance: increasing requirement to define, quantify, and determine frequencies for
social-media related losses. Current lack of public loss data and difficulties in quantifying
exposures is limiting available risk transfer (coverage and limits). In addition, application of
integrated insurance and risk solutions can add maximum value.
Risk management: requirement to embed social media into corporate risk management
procedures (across the whole organisation) and vice-versa. Application of common-sense
principles for employees and management.
Loss mitigation: embracing social media to enhance loss mitigation procedures,
particularly the PR aspects, can lead to reduced loss severity.
26. Please fill in the
session feedback
through the
FERMA Mobile app
•26