SOCIAL MEDIA RISK FACTORS FOR THE FINANCIAL SERVICE INDUSTRY AND BEYOND
MANAGING RISK, UNLOCKING VALUE
August 1, 2012 Your Presenters
Jeff Auker Robert Goodsell Director, PwC Managing Director, PwC
2 First Point
3 Second Point
4 http://www.flickr.com/photos/swimvixen2/420802315/ If You Choose Not To Decide, You Still Have Made A Choice
- Rush, Freewill
5 Disciplined.
Social.
Media.
Strategy + Objectives + Measurement - Risk
6
http://www.zazzle.com/i_love_discipline_tshirt-235430896282680870 Thumbnail
1 The Business Value of Social 2 Identifying Risks
3 Managing Risks
7 1 THE BUSINESS VALUE OF SOCIAL MEDIA
8 Business Has Gone Digital...
1999 2002
2005 2009
9 …Digital Has Gone Social…
901,000,000 active users of Facebook (Over half access via mobile) FACEBOOK, APRIL 2012 39% of Americans spend more time socializing online than 45-50 year olds face-to-face make up the BADOO, APRIL 2012 fastest growing US segment of 22% of Americans visit social media users social networking sites EDISON RESEARCH, JUNE 2012 several times per day EDISON RESEARCH, JUNE 2012
93% of recruiters use LinkedIn to 61% of US companies listen to source candidates what is being said about them CNET NEWS, JULY 12, 2012 in social networks INSITES CONSULTING, JUNE 11, 2012
The meetup.com SF Chihuahua group consists of 594
members who have. met up 53 times since November 2006 10 San Francisco Chihuahua Meetup, Meetup.com, 2011 …And Social Has Gone Mobile
Smart phone penetration 90% doubling
of US has a mobile every 3 years phone
11 80% of the attention your brand receives online is offsite – Postrank
90% of the data in the world today has been created in the last two years alone – IBM
Volume
Velocity Variety 12 Evolving Customer Expectations
Traditional Media Social Media Authenticity Talking points Real conversations Collaboration One-to-many Many-to-many Organization Designed segments Self-selecting Ownership Firm creates & curates Co-creation & curation Transparency Preserve brand Open disclosure
TRUST
13 CPE Question 1
Monthly Facebook users do NOT outnumber:
A. The 3rd, 4th, and 5th most populous nations -- combined B. The population of all European countries -- combined C. Mobile phone users in Africa and Latin America D. Total world population in 1800 E. The number of YouTube views of Justin Bieber’s “Baby” video
14 CPE Answer 1
Monthly Facebook users do NOT outnumber:
A. The 3rd, 4th, and 5th most populous nations -- combined B. The population of all European countries -- combined C. Mobile phone users in Africa and Latin America D. Total world population in 1800 E. The number of YouTube views of Justin Bieber’s “Baby” video
15 The 3 Ages Of Social Communications
In the 2500 years of recorded human history, human social interactions have been driven by two-way networked interactions
Agrarian Industrial Information
60 years 4000 BC 1940 2000 16 Implication 1: The Thank You Economy
17 Implication 2: The Networked Enterprise
Organizational Business Stakeholder Structure Process Engagement 1950’s + 1980’s + 00’s +
Stake holder Manager Source Make Deliver
Engage Stake Engagement Stake Target Acquire Retain ment SME holder Platforms holder Platform
Ideate Develop Launch Staff Staff Staff Stake holder
How do I organize and command skill sets? How do I structure my How do I identify and engage business processes? communities that can help me address business objectives?
18 How do I identify and engage communities that can help me address business objectives?
Strategy Risk Measurement
19 Unlocking the Business Value of Social
1 Brand Awareness
2 Acquisition
3 Customer Service 4 Research 5 Risk Management 6 Crisis Management 7 Product Development 8 Social Enterprise
9 Recruiting
20
Many Companies Are Still Winging It...
While the vast majority of companies are now engaged in some form of social media…
Just 12% consider themselves effective 27% of companies rely on the users2 intuition of their executives to assess the business value of 40% of companies admit to social media initiatives.1 having no training or governance of social media2
45% consider linking Social Media to 28% of companies do not ROI the greatest challenge to 1 measure the performance of success. social media marketing. At all.1
Only 29% consider their social media initiatives “strategic.”1
1The Economics of the Socially Engaged Enterprise, Pulsepoint Group & The Economist, May 2012 21 2Usefulsocialmedia.com March 2012 Current State Of The Art
22 Path To Maturity
Co-Creation Engagement Presence
Controls
Experimentation
23 2 IDENTIFYING RISKS
24 Social Media Crises Originate Evenly Across Platforms
25 Most Crises Can Be Avoided Or Lessened
26 Bad Experiences Are Quickly Amplified
27 Typical – And Some Not So Obvious – Risks
Risk #3: Gaps in Risk #1: Privacy internal expertise Even if employees know your Do know where your agency is rules, do they know the rules of tonight? the networks & tools they use?
Risk #4: Regulatory Is it clear what regulators demand of you?
Risk #2: Gaps in Risk #5: Porous accountability borders Do your processes and accountabilities What happens when internal and have gaps exposed by new technologies? external blur?
The people in charge The people in charge of of talking are in the listening are in the Risk #6: Employee marketing But… service or sales department. department.* relations What are the responsibilities of the employer who knows too much? 28 CPE Question 2
According to Altimeter, what % of social media crises could be avoided or mitigated (approximately)?
A. 90% B. 75% C. 50% D. 25% E. 10%
29 CPE Answer 2
According to Altimeter, what % of social media crises could be avoided or mitigated (approximately)?
A. 90% B. 75% C. 50% D. 25% E. 10%
30 3 MANAGING RISKS
31 Risk Management Is In The Early Stages
63% 29% of organizations believe that of organizations believe they social media presents a have the necessary controls serious security threat to the in place to mitigate risk organization posed by social media
65% 35% of organizations do not have of organizations that have an a policy in place that informs acceptable social media use employees of acceptable use policy actually enforce the of social media, or are policy unsure if such policies exist
Source: Websense, Ponemon Institute, Global Survey on Social Media Risks, Sep. 2011 32 Risk Management Is In The Early Stages
54% 51% of organizations worry about of organizations worry about loss of confidential increased exposure to information or violation of malware and viruses confidentiality policies
Source: Websense, Ponemon Institute, Global Survey on Social Media Risks, Sep. 2011
50%
40% 43%
37%
30% 32%
20%
10% Have a security strategy for Have a security strategy Have a security strategy employee use of personal devices for mobile devices for social media
Question 17: “What process information security safeguards does your organization currently have in place?” (Not all factors shown. Total does not add up to 100%.) (PwC Global Survey) 33 The Risks May Be New, But Proven Approaches Still Hold
Reputational Risk Operational Risk • Employees posting sensitive • Publication of inappropriate information on personal content accounts • Inadequate monitoring and • Ineffective corporate social response to social media media usage • Unauthorized sources posing • Information security issues and as Morgan Stanley malware
Social Media Ecosystem
Regulatory & Legal Risk • Regulatory inquiries and fines • Legal expense and judgments • Unclear legal ownership of social media accounts 34 Social Media Execution Framework
1
6 2
5 3
4
35 Internal Audit Objectives
There are generally five objectives that come from internal audit of social media : 1. Evaluate Strategy – Evaluate whether effective oversight and strategy have been established for social media 2. Evaluate Design – Evaluate the design, communication, operating effectiveness of the enterprise’s social media policies and processes 3. Evaluate Consistency – Evaluate consistency of the company brand and messaging on external facing corporate owned social media channels 4. Evaluate Training – Evaluate whether appropriate levels of training have been established to ensure all personnel have been provided sufficient information regarding the organization's approach, policies, and procedures related to social media 5. Evaluate Reliability – Evaluate the reliability and accuracy of the established monitoring and reporting controls
36 Key Questions For Your Clients
Have you performed a social media risk assessment? Have you mapped social media risks with 1 various regulatory and compliance requirements?
Does your organization have a social media strategy? 2
Has the organization established an appropriate social media governance framework, including 3 leadership and accountability, policies and guidance, and stakeholder involvement?
How do you educate your employees, stakeholders, and partners about social media risks? Are 4 employees aware of their responsibilities with regards to use of social media?
Is your organization monitoring or listening what’s being said on social media channels? Have 5 you developed a process for responding to social media threats?
Have processes been established for creation and management of social media channels? 6
Are the social media channels and platforms scanned for vulnerabilities? Is there an threat and 7 vulnerability management program and is social media included in that?
How do you measure and monitor the return on investment? Do you have an information 8 management strategy to integrate social media content?
37 Determining Scope
In Scope VS Out of Scope
Which business teams should be involved and which decision-making stakeholders should be involved?
Business Team Examples:
Digital Public Customer Employee Business Customer Legal HR/Ethics Security marketing Relations Relations Communication Services Insights
Decision-Making Stakeholder Examples:
Operations Employee Operations Community Corporate Blog Chief Ethics Operations Process Lead Response Lead Lead Relations Lead Supervisor Owner Officer Lead
Should the audit include internal social collaboration tools as well? Should international social media channels, brands, and accounts be included? Which processes (governance, processes, people, security and tech) should be focused on?
38 Enterprise Deployment - Overview
Define Program Scope and Universe Define universe and objectives and Establish Governance associated policies and guidance which Model reflect governance strategy Define corporate stance on social media strategy
Deployment Deploy social strategy in organization
Analyze Risk Posture Perform risk analysis to ensure alignment between projected and actual risk levels
Operations & Management Sustainability and long term operations 39 Social Enterprise
Social Media Governance and Executive Sponsorship
Social Media Strategy, Objectives, and Policy
Human Risk, Business Marketing & Information Resources and Compliance, Sponsorship Communications Security Legal and Audit
• Business objectives • Social media • Terms of use • Authentication and • Risk assessments and KPIs universe and policy • Code of conduct and authorization • Risk management • Monitoring metrics • Community staff rules • Certification & • Regulatory and ROI management • Partnership accreditation compliance measurement • Brand management agreements • Monitoring & • Internal controls • Information • Crisis management • Training and incident response • Internal audit management awareness • Vulnerability enforcement • Staffing scanning
PwC 40 CPE Question 3
Which of the following is not typically a type of social media risk?
A. Reputational & Perception B. Data Security & Protection C. Financial & Operational D. Legal & Compliance E. Insurable & Logistical
41 CPE Answer 3
Which of the following is not typically a type of social media risk?
A. Reputational & Perception B. Data Security & Protection C. Financial & Operational D. Legal & Compliance E. Insurable & Logistical
42 Thank you
Jeff Auker Robert Goodsell Director, PwC Managing Director, PwC 860-597-2206 612-596-6343 [email protected] [email protected]
43 SOCIAL MEDIA RISK FACTORS FOR THE FINANCIAL SERVICE INDUSTRY AND BEYOND
MANAGING RISK, UNLOCKING VALUE