Social Media: What's the Risk?

If ten years ago you mentioned the term social media, people would have looked at you wondering what you were talking about. Today social media is becoming an integral aspect of everyday life. Here are a few staggering statistics as of January 2010:

1. 400m people on Facebook
2. 60m people on Linkedin (average age of 43 with a college degree)
3. 1/3 of all adults have used Twitter

With these statistics in mind, insurance companies have started to examine what exposures a person or business will uncover using social media. The following are some risks that you need to be aware of:

1. Personal injury suits as the result of an unintentional libelous comment on a blog or Web posting.

2. Identity Theft

3. Privacy Liability

4. Theft or Destruction of Data

5. Hacker attachs against Third Parties

6. Crisis Management Expenses

Since 2005, 227 million data records of US residents have been exposed due to security breaches, according to the Privacy Rights Clearinghouse. One high profile case involved TJ Maxx. In January 2007, the US retailer revealed that it had experienced an ‘unauthorised intrusion’ into its computer systems and it later emerged that 46.2 million credit details may have been compromised. Credit card, debit card, check and merchandise return transactions, drivers’ licence numbers, names, and addresses were all exposed in incidents dating back to 2003.


Lloyd’s of London offers the following tips for businesses on how to manage cyber risks:

- Have a formal process in place to update software, firewalls and anti-virus programmes regularly and promptly.

- Safeguard mobile devices that hold sensitive personal data. Encryption is a key tool to do this.

- Safeguard personal information within the workplace, segregating pay information and personal details on a separate part of the network and restricting access to staff on a “least privilege” need to know basis.

- Develop a firm set of operational and procedural guidelines to support security policies and standards that must be followed to maintain security.

- Implement regular staff training on security procedures and employ rigorous staff vetting when hiring.

- Make sure you have a crisis management plan in place which has been rehearsed and can be executed as soon as you detect a potential security breach.

- The first 24 hours of a security breach is critical: implement the crisis plan immediately. Time is of the essence, particularly if regulatory reporting is required.

- Having insurance in place is a big bonus for companies involved in a security breach. In addition to covering many of the major costs, insurers have many of the resources to advise a company on what they need to do, as well as expert contacts to handle the situation expediently.