Upload
blue-hill-research
View
160
Download
2
Embed Size (px)
Citation preview
BLUE HILL RESEARCH
Foundations of Social Media
Risk ManagementDecember 9, 2014
David Houlihan
Principal Analyst
Finance: What’s the ROI & TCO?
Information Technology: How do I implement & manage this?
How does this affect our business?
Line of Business: Does it improve my performance?
Focuses on technology investment questions.
Common Questions:
Understanding Social Media Risk
What is social media risk?
How do I understand the value at risk?
How do we effectively respond to these risks?
Challenges of Social Media Risk Management
• Technology is still emerging and changing
• Lack of transparency regarding how social media is used across the enterprise
• Difficult to estimate / quantify cost of risk
• Multiple or unclear owners for social media risk
• Unclear legal and regulatory requirements for social media use and policy
Poll 1: What’s Your Top Challenge ManagingSocial Media Risk?
(A) KEEPING PACE WITH CHANGES TO SOCIAL MEDIA
(B) UNDERSTANDING HOW SOCIAL MEDIA IS USED
(C) QUANTIFYING THE COST OF RISK
(D) LACK OF CLEAR ENTERPRISE OWNERSHIP
(E) UNCERTAINTY REGARDING LEGAL REQUIREMENTS
(F) OTHER
Personal Social Enterprise SocialCorporate Accounts
Individual personal / professional tools
Internal corporate collaboration platform
Exposes organizationindirectly
External corporate comms platforms
Exposes organizationdirectly
Exposures about recordor compliance
Social Media Categories
Hacked Jeep Twitter account announces sale of Chrysler to Cadillac.
We All Have An Idea of What’s at Risk. . .
Netflix under SEC scrutiny for potential Regulation FD violation over CEO Reed Hastings’s Facebook brag about Netflix’s subscriber count.
2012
Feb 2013
Stock market drops $136 billion after hackers tweet about explosion at the White House from Associated Press accounts.
Apr 2013
BBC uncovers over 800 investigations of police officers for posting racist content to social media sites and attempts to “friend” alleged victims of crimes.
Apr 2013
Hearst Entertainment executive Scott Sassaretires after legal department receives sexually explicit text messages Sassa sent in a suspected catfishing and extortion scam. Apr 2013
Disclosure Risk
n. Intentional or accidental release of sensitive information
Business
Legal
Reputation
- Loss of intellectual property- Loss of competitive market advantage- Delayed or lost transactions/customers
- Regulatory and private legal liability
- Brand damage- Lost revenue- Erosion in shareholder value
Employees or closely related third-parties
+
Discourse Riskn. Publication of content that harasses others, or negatively impacts corporate image
Business
Legal
Reputation
- Delayed or lost transactions/customers
- Legal liability
- Brand damage- Revenue loss- Erosion in shareholder value
Employees with access to corporate social media
Identifiable employeesusing personal
social media
Third-parties’ discussion of organization
…
…
Conflict of Interest Risk
n. Use of social media to connect individuals inappropriately or in violation of restrictions
Business
Legal
- Loss of intellectual property- Loss of competitive market advantage
- Regulatory and private legal liability
Employees or closely related third-parties
Reputation
- Brand damage- Lost revenue- Erosion in shareholder value
Fraud Risk
n. Use of social media to obtain access to employees or sensitive information
Business
Legal
- Loss of intellectual property- Loss of competitive market advantage- Delayed or lost transactions/customers
- Regulatory and private legal liability
Third-partiesseeking access through social media
Reputation- Brand damage- Lost revenue- Erosion in shareholder value
Poll 2: What Type of Social Media Risk Causes You the Most Worry?
(A) DISCLOSURE
(B) DISCOURSE
(C) CONFLICT OF INTEREST
(D) FRAUD
(E) OTHER
HarmWhat are the potential results of a risk event?
1. Direct financial costs2. Reputation and brand erosion3. Lost customers and revenue4. Lost shareholder value5. Regulatory penalties, legal exposure, and litigation cost
Determining the Strategy That’s Needed
ScopeWhat are the risk events that could affect our organization?
1. Requirements on corporate statements and disclosures2. Constraints on relationships and information sharing3. Sensitivity of information handled by organization4. Public “profile” of the organization
LikelihoodWhat is the probability that a risk event will occur?
1. Number of employees using corporate social media2. Number of employees using personal social media3. Variety of social media tools used per employee4. Frequency of use
Mapping Costs to Investment Planning
Cost of Prevention /Mitigation
+ResultingCost of Risk
< Cost of “Doing Nothing”
Estimated Harm ($) ofIncident
Likelihood (%) ofIncident
X
Estimated Potential (#) Incidents
X( (Preventative Investments ($)
Cost ($) of Doing Nothing
- Value ($) of Mitigation(
(
BudgetResidual Risk
Inherent Risk
Source: Symantec’s 2011 Social Media Protection Flash Poll
Financial Costs$641,993
What’s at Risk?
Average costs following social media risk incidents:
Litigation Costs$650,361
Lost Revenue$619,360
Reduction in Stock Price$1,038,401
Reputational Losses
Direct Losses
- Expense- Does not affect
authorized users- Does not limit
risks resulting from personal accounts
POLICY EDUCATION MONITORACCESS
CONTROL
- Little preventative value
- No identification of issues
- No control over activities
- Expense- No control
over activities
Advantages and Disadvantages
- Set standards and limit liability
- Identify issues
- Maintain records for remediation & liability
- Limit ability to access and misuse
- Educate employees on standards & encourage behavior change
Poll 3: Where has your Organization Placed Resources to Combat Social Media Risk?
(A) POLICY
(B) EDUCATION, TRAINING, AND AWARENESS
(C) SOCIAL MEDIA MONITORING
(D) SOCIAL MEDIA ARCHIVING
(E) ACCESS CONTROL
(F) OTHER
Poll 4: Which of the Following is Your Top Priority for Social Media Risk Investment?
(A) POLICY
(B) EDUCATION, TRAINING, AND AWARENESS
(C) SOCIAL MEDIA MONITORING
(D) SOCIAL MEDIA ARCHIVING
(E) ACCESS CONTROL
(F) OTHER
Employee engagement
Clear communication of
requirements and responsibilities
Motivation for behavior change
Principles and guidelines of
ambiguous situations
Encourage, retention, application,
and promotion
Employee Education Program
Objectives
1. Explain social media risks and standards
2. Encourage compliance with social policies and standards
3. Identify guidelines and best practices that reduce risks
4. Encourage self-motivation and ownership
Thank You!To join the conversation, follow us on
Phone: +1 (617) 624-3600Contact Sales: [email protected]
Contact Research: [email protected]