Social Media: Addressing Risk

A Refresher on the Risks, Mitigation Strategies

By , October 16, 2012.
Social Media: Addressing Risk

The biggest social media concern for risk managers is the potential reputational impact to the organization, says risk expert David Bradford, who outlines mitigation steps.

See Also: OPM Breach Aftermath: How Your Agency Can Improve on Breach Prevention Programs

Reputational risk comes in two areas, says Bradford, president of the research and editorial division at Advisen Ltd., which publishes the annual RIMS Benchmark Survey.

"One is from the company's own social media activities, which tend to be a little less regulated and controlled at the corporate level than other communications going through traditional public relations and advertising channels," says Bradford in an interview with Information Security Media Group's Eric Chabrow [transcript below].

The other area of reputational harm comes from public discussion about the organization via social media, "whether it's true or not true," he says. "It could be a rumor. It could be a fact. But it can spread like wildfire."

To mitigate the risks, an organization first and foremost needs to develop a social media policy. "[The company] has to be able to control what's coming out of the company via social media for the official channels," Bradford says.

In the policy, he says, it's important to designate who can talk about the company and what they're talking about. Also, guidelines should be established to provide employees with reminders about how their statements can reflect on the company and to be cautious of their own activities using platforms like Facebook, Twitter and LinkedIn.

Organizations also need to monitor social media to be aware of public attitudes towards the company and what's being said. "And have a plan in place to respond if there's an incident that results in a negative issue being communicated via social media," Bradford says.

In the interview, Bradford also addresses:

  • How organizations should address what he characterizes as the "blur" between work and non-work time brought on by social media and mobile technologies;
  • Increasing interest by organizations in cyber insurance; and
  • Synergies between information risk management and overall risk management within an enterprise.

Bradford is president of the research and editorial division at Advisen Ltd., which publishes the annual RIMS benchmark survey, and serves as its editor in chief. Before joining Advisen, Bradford held management positions at Swiss Re America as head of treaty underwriting, national accounts and eBusiness ventures. Prior to Swiss Re, he was a senior vice president at Reliance Reinsurance, where he founded and managed the special programs department.

RIMS Benchmark Survey

ERIC CHABROW: First off, please take a few moments to tell us about RIMS and the Benchmark Survey.

DAVID BRADFORD: RIMS is the association of risk managers in the U.S. and risk managers are the buyers of insurance at larger companies, and we also have other responsibilities in terms of finding ways to manage and finance the risk of the organizations. The benchmark survey has been published for about 30 years. It started as a way for risk managers to compare their insurance programs against peer groups to see if they're purchasing the right limits and if they're paying the right amount for it.

Over the years, we've expanded the benchmark survey to address other areas of interest for risk managers. Each year now we do a couple of supplemental surveys on topical issues, and for this past survey one of the topical surveys that we conducted was on social media.

Cyber Insurance: A Recent Development

CHABROW: As I flip through the 150-page survey, I saw lots of figures about the cost of risk involving property, auto, workers compensation, malpractice, marine aviation, fiduciary, and so on, but I didn't see much about cyber. In a section about the IT industry, there were two related charts that reported 32 data breaches, an insurance payout of $91 million dollars in 2011, and in a telecom section the study reported ten cases of unauthorized data distribution and $170 million dollars in payouts; otherwise not much on cyber. Why so?

Follow Jeffrey Roman on Twitter: @gen_sec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Breach Tally Shows More Hacker Attacks

The official federal tally of major health data breaches shows that the healthcare sector continues...

Latest Tweets and Mentions

ARTICLE Breach Tally Shows More Hacker Attacks

The official federal tally of major health data breaches shows that the healthcare sector continues...

The ISMG Network