FORUM 2013 Social media - a risk management challenge


Published on

Published in: Education
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

FORUM 2013 Social media - a risk management challenge

  1. 1. Social Media: A Risk Management Challenge Julia Graham, DLA Piper Peter Hacker, Jardine Lloyd Thompson Corrado Zana, Marsh Risk Consulting Christophe Mallet, Carve Consulting @FERMARisk #Fermaforum •1
  2. 2. Agenda 1. 2. 3. 4. 5. Opportunities & Threats Business model implications Risk challenges and opportunities How to control risks Q&A 8/10/2013 2
  3. 3. What’s Social Media? 8/10/2013 3
  4. 4. What’s Social Media? “ “Social media is an umbrella term that defines the various activities that integrate technology, social interaction, and the construction of words, pictures, videos and audio.” Marta Kagan 8/10/2013 4
  5. 5. Multi-functional opportunities 8/10/2013 5
  6. 6. Pandemic threats 8/10/2013 6
  7. 7. Organisational Challenge  Social Media managers do not have risk management written in their job specs…  and Risk Managers do not have enough knowledge of social to have it on their radar. >> Unidentified, Unaccounted for, Unmanaged Risks 8/10/2013 7
  8. 8. Business model implications (opportunities) Internal stakeholders External stakeholders Innovation 8/10/2013 Collaboration Business processes Communications Legal CRM 8
  9. 9. Business model implications (risks) Business Compliance IT policies Productivity Reputational (corporate and product) Malware attacks Employee Information Leakage Legal Ownership 8/10/2013 Customers 9
  10. 10. Social Media: A Risk Management Challenge Julia Graham, DLA Piper Peter Hacker, Jardine Lloyd Thompson Corrado Zana, Marsh Risk Consulting Christophe Mallet, Carve Consulting @FERMARisk #Fermaforum •10
  11. 11. Agenda 1. 2. 3. 4. 5. Opportunities & Threats Business model implications Risk challenges and opportunities How to control risks Q&A 8/10/2013 11
  12. 12. Taxonomy of Social Network Risks ....forever 8/10/2013 12
  13. 13. Taxonomy of Social Network Risks Government and critical infrastructures Individuals and Families @ Risk Enterprises
  14. 14. Government and Critical Infrastructures •SCENE Political Risks Broadly, social media can exacerbate these political risks in four ways: @ Risk  Accelerate: Social media can accelerate the formation of political protests and resistance.  Spread: The global nature of social media can enable civil unrest to more easily and quickly transition from a single-country phenomenon to a regional event.  Target: Social media users frequently target individuals and organizations perceived as being friendly or close to unpopular regimes, potentially leading to a loss of income for some businesses.  Deflect: Authoritarian governments may use social media to deflect popular discontent away from political leadership and toward foreign entities or companies that may be instigating or playing a role in fueling unrest. Source: Social Media Adds to Political Risk Equation in Emerging Markets. Marsh 2013
  15. 15. Individuals and families Cyber Risk Register for individuals  Fraud  Cyberbulling/Pedophilia  Self-inflicted reputational damages  Back-door for bigger targets (social engineering) @ Risk
  16. 16. Enterprises Cyber Security Risk Register  Compliance infringement  Intellectual Property  Reputational damages  Malware propagation  Cyber Liabilities @ Risk
  17. 17. Ten Deadly Sins of Social Networking 1. Believing who dies with the most connections wins 2. Clicking everything 3. Controlling your people and family but not saying why 4. Endangering yourself and others 5. Engaging in Tweet/Facebook/LinkedIn/Instagram rage 6. Mixing personal with professional 7. Over-sharing company activities 8. Password laziness 9. Privacy compliance is not just a boring stuff 10. We are not there ....really? 8/10/2013 17
  18. 18. Social media friend and foe Managing Intangible Risks
  19. 19. Agenda 1. 2. 3. 4. Risk landscape Insurance and risk solutions Social media – also a friend? Conclusion Peter Hacker CEO Global CTM Practice JLT Specialty
  20. 20. 1. Social media risk landscape 1.1. What can go wrong? Potential scenarios:  Loss of control (external): customers of the corporate can publicly state comments/opinions which damage the corporate’s brand, reputation and key products/services  Loss of control (internal): employees publicly state comments which can lead to a negative perception on the company, third party, or a key product/service/brand  Third parties: external third parties using a public/corporate social media environment to express negative comments/perceptions, carry out public disputes or even “hi-jack” the system for spamming purposes.  Data privacy/security: accidental or purposeful release of sensitive personal customer data or sensitive corporate data (e.g. trade secrets) into the public forum via social media channels.
  21. 21. 2. Social media risk landscape 2.2. Key risk groupings Social media Liability IT/Cyber First Party Breach of contract/ confidentiality Network security liability (malware transfer) Reputational damage IPR infringement Privacy breach/liability Mitigation costs Libel, slander and disparagement Increased “churn”
  22. 22. 2. Insurance and risk solutions 2.1. Overview of available insurance solutions • Professional Indemnity • “Cyber” • Media Liability • Non-physical Business Interruption • Reputation Well structured and tailored advice (pre/post loss) and coverage (is required to respond to the myriad of intangible risks presented by social media. Avoidance of coverage gaps and duplications is a necessity. In brief, stress test your existing arrangements first.
  23. 23. 2. Insurance and risk solutions 2.2. Risk management approach Social media – control options: No policy Controlled access Key risk management principles: • •Guidelines: establishment of a formal social media policy •Auditing: conducting audits and risk assessments across the business • Limited access Full block Training and HR: integrate social media policy principles into training (e.g. “common sense” principles) Risk management integration: group committee between risk management, HR, data/IT security, marketing/ communications, operations etc is essential
  24. 24. 3. Social media 3.1. Case study – loss mitigation  Mobile malware threat: Is not only a reality, but is growing at an exponential rate. There are currently over half a million malware apps for the android platform in circulation  Potential scenario: a corporate has been hacked and as a result there is an interruption in service to its customers. Furthermore, it has been publicly reported that sensitive and payment customer data has potentially been breached.  Exposures: increased customer churn rate due to reputational damage, business interruption (direct loss of revenues due to interruption to services), cyber liability, regulatory action, first party loss mitigation costs (including potential refunds or credits to the affected customers) etc.  Usage of social media: to efficiently send out clear communications to the affected customer base to inform them realtime about the incident, what the corporate is doing to rectify the situation, and when service is due to resume. Can also be used to provide post-loss service (and remediation) to the affected customer base. Important: communications must be timely, accurate and well managed to avoid further worsening the loss.
  25. 25. 4. Conclusion Insurance and risk implications • • • • • • • • Social Media Question: Is it social software or business benefit to society what counts? Transparency: Business have to benefit “society”, if you” can’t beat them, join them” Risk Landscape: Everything is connected to everything else Losses: Major data loss through mobile devices just a matter of time Risk and insurance management: ensuring that the evolving threat landscape is adequately understood and the appropriate insurance/risk strategies are applied Insurance: increasing requirement to define, quantify, and determine frequencies for social-media related losses. Current lack of public loss data and difficulties in quantifying exposures is limiting available risk transfer (coverage and limits). In addition, application of integrated insurance and risk solutions can add maximum value. Risk management: requirement to embed social media into corporate risk management procedures (across the whole organisation) and vice-versa. Application of common-sense principles for employees and management. Loss mitigation: embracing social media to enhance loss mitigation procedures, particularly the PR aspects, can lead to reduced loss severity.
  26. 26. Please fill in the session feedback through the FERMA Mobile app •26