forum 2013 social media - a risk management challenge
DESCRIPTION
TRANSCRIPT
Social Media: A Risk
Management Challenge
Julia Graham, DLA Piper
Peter Hacker, Jardine Lloyd Thompson
Corrado Zana, Marsh Risk Consulting
Christophe Mallet, Carve Consulting
@FERMARisk
#Fermaforum
•1
Agenda
1. Opportunities & Threats
2. Business model implications
3. Risk challenges and opportunities
4. How to control risks
5. Q&A
8/10/2013 2
What’s Social Media?
8/10/2013 3
What’s Social Media?
8/10/2013 4
“
“Social media is an umbrella term that defines the various
activities that integrate technology, social interaction, and
the construction of words, pictures, videos and audio.”
Marta Kagan
Multi-functional opportunities
8/10/2013 5
Pandemic threats
8/10/2013 6
Organisational Challenge
8/10/2013 7
Social Media managers do not have risk management
written in their job specs…
and Risk Managers do not have enough knowledge of
social to have it on their radar.
>> Unidentified, Unaccounted for, Unmanaged Risks
Business model implications (opportunities)
8/10/2013 8
Innovation
Collaboration Business processes Communications Legal
CRM
External stakeholders
Internal stakeholders
Business model implications (risks)
8/10/2013 9
Business
Customers
Employee
Compliance IT policies
Productivity
Information Leakage
Legal Ownership
Reputational (corporate and product) Malware attacks
Social Media: A Risk
Management Challenge
Julia Graham, DLA Piper
Peter Hacker, Jardine Lloyd Thompson
Corrado Zana, Marsh Risk Consulting
Christophe Mallet, Carve Consulting
@FERMARisk
#Fermaforum
•10
Agenda
1. Opportunities & Threats
2. Business model implications
3. Risk challenges and opportunities
4. How to control risks
5. Q&A
8/10/2013 11
Taxonomy of Social Network Risks
8/10/2013 12
....forever
Government and critical infrastructures
@ Risk
Taxonomy of Social Network Risks
Individuals and Families
Enterprises
Political Risks
Broadly, social media can exacerbate these political risks in four ways:
Accelerate: Social media can accelerate the formation of political protests and resistance.
Spread: The global nature of social media can enable civil unrest to more easily and quickly transition from a single-country phenomenon to a regional event.
Target: Social media users frequently target individuals and organizations perceived as being friendly or close to unpopular regimes, potentially leading to a loss of income for some businesses.
Deflect: Authoritarian governments may use social media to deflect popular discontent away from political leadership and toward foreign entities or companies that may be instigating or playing a role in fueling unrest.
Source: Social Media Adds to Political Risk Equation
in Emerging Markets. Marsh 2013
@ Risk
•SCENE
Government and Critical Infrastructures
Cyber Risk Register for individuals
Fraud
Cyberbulling/Pedophilia
Self-inflicted reputational damages
Back-door for bigger targets (social engineering)
@ Risk
Individuals and families
Cyber Security Risk Register
Compliance infringement
Intellectual Property
Reputational damages
Malware propagation
Cyber Liabilities
Enterprises
@ Risk
Ten Deadly Sins of Social Networking
1. Believing who dies with the most connections wins
2. Clicking everything
3. Controlling your people and family but not saying why
4. Endangering yourself and others
5. Engaging in Tweet/Facebook/LinkedIn/Instagram rage
6. Mixing personal with professional
7. Over-sharing company activities
8. Password laziness
9. Privacy compliance is not just a boring stuff
10.We are not there ....really?
8/10/2013 17
Social media friend and foe
Managing Intangible Risks
Agenda
1. Risk landscape
2. Insurance and risk solutions
3. Social media – also a friend?
4. Conclusion
Peter Hacker
CEO Global CTM Practice
JLT Specialty
1. Social media risk landscape
Loss of control (external): customers of the corporate can publicly state comments/opinions which damage the corporate’s brand, reputation and key products/services
Loss of control (internal): employees publicly state comments which can lead to a negative perception on the company, third party, or a key product/service/brand
Third parties: external third parties using a public/corporate social media environment to express negative comments/perceptions, carry out public disputes or even “hi-jack” the system for spamming purposes.
Data privacy/security: accidental or purposeful release of sensitive personal customer data or sensitive corporate data (e.g. trade secrets) into the public forum via social media channels.
1.1. What can go wrong? Potential scenarios:
2. Social media risk landscape 2.2. Key risk groupings
Liability IT/Cyber First Party
Breach of contract/ confidentiality
Network security liability (malware transfer)
Reputational damage
IPR infringement
Libel, slander and disparagement
Privacy breach/liability
Mitigation costs
Increased “churn”
Social media
2. Insurance and risk solutions 2.1. Overview of available insurance solutions
• Professional Indemnity
• “Cyber”
• Media Liability
• Non-physical Business Interruption
• Reputation
Well structured and tailored advice (pre/post loss) and coverage (is required to respond to the myriad of intangible risks presented by social media. Avoidance of coverage gaps and duplications is a necessity. In brief, stress test your existing arrangements first.
2. Insurance and risk solutions
2.2. Risk management approach
Full block No policy Controlled access Limited access
Social media – control options:
Key risk management principles:
•Guidelines: establishment of a formal social media policy
•Auditing: conducting audits and risk assessments across the business
• Training and HR: integrate social media policy principles into training (e.g. “common sense” principles)
• Risk management integration: group committee between risk management, HR, data/IT security, marketing/ communications, operations etc is essential
Mobile malware threat: Is not only a reality, but is growing at an exponential rate. There are currently over half a million malware apps for the android platform in circulation
Potential scenario: a corporate has been hacked and as a result there is an interruption in service to its customers. Furthermore, it has been publicly reported that sensitive and payment customer data has potentially been breached.
Exposures: increased customer churn rate due to reputational damage, business interruption (direct loss of revenues due to interruption to services), cyber liability, regulatory action, first party loss mitigation costs (including potential refunds or credits to the affected customers) etc.
Usage of social media: to efficiently send out clear communications to the affected customer base to inform them realtime about the incident, what the corporate is doing to rectify the situation, and when service is due to resume. Can also be used to provide post-loss service (and remediation) to the affected customer base. Important: communications must be timely, accurate and well managed to avoid further worsening the loss.
3. Social media 3.1. Case study – loss mitigation
4. Conclusion Insurance and risk implications
• Social Media Question: Is it social software or business benefit to society what counts?
• Transparency: Business have to benefit “society”, if you” can’t beat them, join them”
• Risk Landscape: Everything is connected to everything else
• Losses: Major data loss through mobile devices just a matter of time
• Risk and insurance management: ensuring that the evolving threat landscape is adequately understood and the appropriate insurance/risk strategies are applied
• Insurance: increasing requirement to define, quantify, and determine frequencies for social-media related losses. Current lack of public loss data and difficulties in quantifying exposures is limiting available risk transfer (coverage and limits). In addition, application of integrated insurance and risk solutions can add maximum value.
• Risk management: requirement to embed social media into corporate risk management procedures (across the whole organisation) and vice-versa. Application of common-sense principles for employees and management.
• Loss mitigation: embracing social media to enhance loss mitigation procedures, particularly the PR aspects, can lead to reduced loss severity.
•
Please fill in the session feedback through the FERMA Mobile app •26