Social media and the potential threat it poses to reputation risk and protection of confidential information are significant risks to European businesses, according to a survey by the
Risk professionals from both organizations were asked which three cyber risks they thought were the greatest threats to business in general and to their own organizations. A total of 186 replied to the online survey during August and September (2011) intended to inform the two organizations’ discussion about risks of the virtual world.
For business in general, reputation risk from social media was cited as a material risk by nearly 50 percent of respondents and loss of confidential information through social media by 20 percent. These concerns ranked social media along with non-malicious operational IT risks, theft of customer information and malicious interference with IT systems as the greatest cyber threats to business in the eyes of the risk professionals.
The emphasis shifted somewhat when it came to respondents’ own organisations. More than half put operational, non-malicious IT risks among the top three, followed by 43 percent who mentioned theft of customer information. However social media risks were next with 42 percent who included them among the biggest exposures to their own organisation with 21 percent concerned about loss of confidential information through social media.
In response to additional questions to FERMA members, one-third of 36 responses said they had already been concerned by a denigration attack. One-quarter of the 98 responses said their company had suffered an attack on confidential information.
Other findings from the surveys:
- Risk managers are widely involved in managing cyber risks in addition to IT security, over 80 percent of the responses. However, legal and company secretarial take part in less than 20 percent; public relations 14 percent; human resources less than 6% and investor relations just 4 percent.
- Most organizations have a policy for their employees on the use of social media (65 percent) or are in the process of implementing one (14 percent).
- Most organizations either map their cyber risks (53 percent) or are in the process of doing so (31 percent).
- The responses came from a wide variety of industries, including telecoms, transport, energy, banking and transport, and many European countries, with the largest number from the United Kingdom.
