Data reveals a gap in social media risk management and shows that companies have a long way to go in order to mitigate cybersecurity risks for executives

How are businesses approaching digital protection for executives? After polling 600 enterprise leaders, the resulting data collected by SafeGuard Cyber has revealed interesting answers to this question.

The December 2020 survey examined the degree to which these enterprises are utilizing a secure social media strategy for their executives. The resulting data also shed light on what the companies’ biggest cybersecurity fears are—and what a gap there still is when it comes to social media risk management.

When it comes to executive social media risk management, there is still a significant amount of grey area for how risk is owned, distributed, and managed.

One of the key takeaways? Right now, companies are exposing themselves to unnecessary risks because departments are working in silos. So, in order to add clarity to the grey area, enterprises need to prioritize collaboration.

Enterprises Are Aware of the Risks

84% of company executives have been the target of at least one malicious cyber attack, according to Forbes.

What makes executives such hot targets?

• They control critical systems and operations
• They have major influence on the company’s value
• They have access to sensitive and valuable information

According to SafeGuard Cyber, risks and fears of enterprises and their teams are quite formidable:

• 25% believe personal social media of executives is a “major risk factor” to the company’s overall security
• 70% fear brand or reputation damage
• 50% predict risk to shareholder value
• 1 in 3 enterprises are fearful of impersonation or fake accounts
• 1 in 4 enterprises worry about account takeover

Unfortunately, despite the threats, the action taken to mitigate the risk continues to fall short.

The Complexities of Social Media Risk Management

Social media poses unique and new risk management challenges:

• Security teams have virtually no visibility
• Platforms like LinkedIn and Twitter exist across multiple devices
• Social media platforms often cross professional and personal spheres
• Interactions happen at unprecedented volume and velocity

Banning these tools isn’t an option—and security teams know it.

A digital risk survey from SafeGuard Cyber found that:

• 52% of businesses rank the use of unsanctioned channels as their main business security challenge
• 76% of CEOs admitted to skirting the organization’s security protocols to accelerate tasks
• Only 45% of CEOs say they are actively engaged in their company’s cybersecurity management

A major problem with developing an effective social media risk management strategy is lack of responsibility. Risk management roles still appear to be poorly defined, resulting in a lack of clarity about what departments are responsible for what.

When asked which department handles security and compliance, SafeGuard Cyber found that:

• 70% of enterprises cite their IT department
• 46% cite a director or manager
• 37% say the C-level is responsible
• 30% say the CISO is the one in charge
• 18% say the board is the level where the responsibility lies

Clearly, there is little consensus. And unfortunately, for executives and their companies, that makes finding—let alone implementing—real solutions a challenging task.

SafeGuard Cyber found that there is also no industry standard:

• 29% place responsibility with the CISO
• 28% place responsibility with the marketing or communications department
• 19% hand the responsibility to an external agency

Collaboration Is Necessary to Move Forward

At the end of the day, social media risk management can’t belong solely to one department. These cloud-based platforms affect every department in an enterprise, from marketing to HR, and everything in between.

Digital risk has proven to be complex, and a collaborative and communicative approach to managing that risk is necessary to move forward and find real solutions. Departments at these enterprises will also need the tools to properly identify and address potential threats before they escalate into major problems.

As long as companies reject this collaborative approach, they’ll continue to expose themselves to unnecessarily high risk of cybersecurity threats.