[Skip to content]

Sign up for our daily newsletter
The Actuary The magazine of the Institute & Faculty of Actuaries

Cyber risk threat to firms ignoring social media

Companies that ignore the pros and cons of social media or block access for employees are ‘sticking their heads in the sand’, according to Towers Watson.

The scale of social media, the nature of the interactions it can lead to and the risks posed to organisations by inappropriate employee activities are all areas where companies should be proactive, the consultant said.

Social media is already producing some significant business benefits for many companies, says Towers Watson. However, the blurring of boundaries between workplace and marketplace; professional and private life; and on and off-line activity, means the simple banning of access to social media at work or tolerating but not guiding social media usage - does not work and can be counterproductive for employers.

"When thinking about the potential of social media, employers are often put off by the perceptions of lost productivity, leakage and potential liability risks," says senior consultant Andy Blacknell.

"Given social media usage is likely to increase and most individuals using it are also employees, employers need to ask themselves if it is really less harmful to leave employees to their own devices or rather to provide them with appropriate social media capability and guidance. We believe the solution is to have social media policies embedded in each organisation."

Towers Watson research shows that more than half of companies block social media sites due to concerns about employees disclosing private or sensitive financial or competitive information or about employees spending too much time on social sites.

Tim Jaggs, senior consultant, said: "Blocking access to social sites may have reduced risk in the past, but in future is likely to increase it while also limiting the benefits active social media engagement can produce. With more and more people using social media, employers need to exploit social media opportunities, so it is essential they educate employees about both the risk and the potential.

"Each organisation has to decide its social media policy according to its circumstances but, if for no other reason than to establish some defensibility in the event of a liability claim, every employer should have a formal social media policy, supported by insurance for social media activities."

According to the firm, the vast majority of companies (73%) have not purchased insurance against any form of cyber risk, including social media liability. Of the 27% that have acquired some form of policy, 61% bought £6million to £30million limits.

Tim Jaggs added: "Companies have to continue to find better ways to manage and mitigate all kinds of cyber risks. In the social media space, the lack of a formal policy increases the risk of uncontrollable activity, therefore to support risk management, employers should have a contingency plan, which includes insurance, in their social media policies in case things go wrong. Blocking access is the cyber equivalent of sticking your head in the sand."

Follow @TheActuaryMag on Twitter

Join The Actuary’s LinkedIn group