Social Media s Role in Crisis Management: A Call for Greater Legal Vigilance



Similar documents
The Importance of Cyber Threat Intelligence to a Strong Security Posture

Third Annual Study: Is Your Company Ready for a Big Data Breach?

SMALL BUSINESS REPUTATION & THE CYBER RISK

Protecting against cyber threats and security breaches

Aftermath of a Data Breach Study

Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age

75% On the Record. Is Your Organization s Records Management Program Providing High Value or High Risk?

The Importance of Senior Executive Involvement in Breach Response

Managing the Ongoing Challenge of Insider Threats

APICS INSIGHTS AND INNOVATIONS SUPPLY CHAIN RISK CHALLENGES AND PRACTICES

Is Your Company Ready for a Big Data Breach?

Application Security in the Software Development Lifecycle

We believe successful global organisations can confront fraud, corruption and abuse PwC Finland Forensic Services

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution

Information Security Services

THE CCO. IMPROVING COMPANY REPUTATION: THE CCO s MANDATE

Impact of Data Breaches

Powerhouses and Benchwarmers

Be Prepared. For Anything. Cyber Security - Confronting Current & Future Threats The role of skilled professionals in maintaining cyber resilience

White Paper on Financial Institution Vendor Management

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution

How to Assess Legal Risk Management Practices

Cyber Security Incident Response High-level Maturity Assessment Tool

2012 Bit9 Cyber Security Research Report

CYBER SECURITY, A GROWING CIO PRIORITY

IT Governance, Risk, and Compliance

FFIEC Cybersecurity Assessment Tool

THE ADOPTION OF DIGITAL MARKETING IN FINANCIAL SERVICES UNDER CRISIS

ISO27032 Guidelines for Cyber Security

Introduction. Corporate Investigation & Litigation Support

Digital Women Influencers: Millennial Moms

2012 Application Security Gap Study: A Survey of IT Security & Developers

MARSH REPORT October International Business Resilience Survey 2015

State of Cloud Survey SOUTH AFRICA FINDINGS

Remarks for Admiral David Simpson WTA Advocates for Rural Broadband Spring Meeting Cybersecurity Panel

Healthcare and IT Working Together KY HFMA Spring Institute

PREMIER SERVICES MAXIMIZE PERFORMANCE AND REDUCE RISK

Data Security in the Evolving Payments Ecosystem

Global Corporate IT Security Risks: 2013

Seamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue.

SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.

Cyber security: Are Australian CEOs sleepwalking or a step ahead? kpmg.com.au

Remarks by Thomas J. Curry Comptroller of the Currency Before the New England Council Boston, Massachusetts May 16, 2014

Combating a new generation of cybercriminal with in-depth security monitoring

INFORMATION SECURITY STRATEGIC PLAN

Security Awareness Training Solutions

SUSTAINING COMPETITIVE DIFFERENTIATION

Click to edit Master title style

What You Don t Know Will Hurt You: A Study of the Risk from Application Access and Usage

ITL BULLETIN FOR SEPTEMBER 2012 REVISED GUIDE HELPS ORGANIZATIONS HANDLE SECURITY-RELATED INCIDENTS

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS

Cyber security Building confidence in your digital future

DATA BREACH RESPONSE READINESS Is Your Organization Prepared?

Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices

Leveraging a Maturity Model to Achieve Proactive Compliance

The economics of IT risk and reputation

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

A BUSINESS CASE FOR BEHAVIORAL ANALYTICS. White Paper

Technical Testing. Network Testing DATA SHEET

Surviving Contact with Reality Crisis exercises as a key element of cyber incident and crisis management response.

Cybersecurity and the Threat to Your Company

Nationwide Cyber Security Survey

2014 REPORT ON THE STATE OF DATA BACKUP FOR SMBS

Technical Testing. Application, Network and Red Team Testing DATA SHEET. Test your security defenses. Expert Testing, Analysis and Assessments

Nine Steps to Smart Security for Small Businesses

Enterprise Software Security Strategies

Mitigating and managing cyber risk: ten issues to consider

Executive Suite Series An Akamai White Paper

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Calgary s Nonprofit Sector. After the flood. A report on Calgary and area flood impact, emergency preparedness and lessons learned

PRIORITIZING CYBERSECURITY

risk management & crisis response Building a Proactive Risk Management Program

GUIDE TO IMPROVING INFORMATION SECURITY IDENTIFYING WEAKNESSES & STRENGTHENING SECURITY

Bridging the data gap in the insurance industry. Cyber crisis management: Readiness, response, and recovery

Cybersecurity Issues for Community Banks

Cybersecurity and internal audit. August 15, 2014

State of Cloud Survey GLOBAL FINDINGS

Top 5 Global Bank Selects Resolution1 for Cyber Incident Response.

Data Loss Prevention Program

Fraud Solution for Financial Services

How To Create An Insight Analysis For Cyber Security

Some companies never recover from a disaster related loss. A business that cannot operate will lose money, customers, credibility, and good will.

TRENDS IN BUSINESS CONTINUITY AND CRISIS COMMUNICATIONS SURVEY

Business Continuity Management

Cyber Security: Confronting the Threat

NOVEMBER 2014 CYBER & DATA SECURITY RISK SURVEY CONTENT:

Defining the Gap: The Cybersecurity Governance Study

FlyntGroup.com. Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk

Technology and Cyber Resilience Benchmarking Report December 2013

Fraud Prevention Checklist for Small Businesses

Defending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014

The Pitfalls of DIY Approaches to Disaster Recovery

Issues management Crisis management Crisis communication

Defensible Strategy To. Cyber Incident Response

Cyber Governance Preparing for the Inevitable Perimeter Breach

Crisis Communications 2014:

Managing Cyber Threats Risk Management & Insurance Solutions. Presented by: Douglas R. Jones, CPCU, ARM Senior Vice President & Principal

Symantec Cyber Security Services: DeepSight Intelligence

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?

Kuala Lumpur, Malaysia, May Report

Transcription:

Social Media s Role in Crisis Management: A Call for Greater Legal Vigilance

INTRODUCTION From a viral video purporting to show poor treatment of banking customers, to a UK retailer s rogue employee live-tweeting mass layoffs, to a prestigious university s social media pages maliciously hacked no sector is immune to reputational assaults via social media. Response to Internet attacks can be taxing on even the most seasoned crisis managers. At Weber Shandwick, we understand that crises are integrated communications challenges. Crises can erupt in numerous ways and be amplified by myriad sources social media is just one major part of today s crisis management equation. Recognizing the importance of an interdisciplinary approach to social crisis management, global communications and engagement firm Weber Shandwick wanted to explore the current perspective of a crucial member of the response team: legal counsel. The role of in-house counsel in ensuring regulatory and legal compliance at times of crisis is critical, and with persistent episodes of digital vulnerability worldwide, determining the needs and preparedness of corporate counsel is essential to successful proactive reputation management. In conjunction with KRC Research, Weber Shandwick conducted a telephone survey of 100 senior and mid-level practicing lawyers 50 in the and 50 in the UK who work as in-house counsel for Fortune Global 1000 companies and who personally engage in reputation risk management. The 20-minute interviews were conducted between May 13 and June 5, 2015. For the purposes of our survey, a corporate social media issue or crisis was defined as an event or opinion that is magnified on social media and potentially impacts the company s reputation. The findings from our research are striking. Despite recognizing that a company s reputation is its most valuable asset and holding a variety of concerns around the risks posed by social media, in-house lawyers are not sufficiently engaging in social crisis preparedness and management. Moreover, differences appear to exist between UK and lawyers in terms of readiness and areas of concern. The research serves as a wake-up call for legal executives to more actively safeguard their companies from legal and reputational threats on social media, no matter where they originate. PETER DUDA, EVP/MANAGEMENT SUPERVISOR, CO-HEAD GLOBAL CRISIS AND ISSUES, WEBER SHANDWICK Five key insights are outlined in this report, followed by recommendations for how corporate lawyers can more effectively engage in social media crisis preparedness and management. 1. In-house counsel have limited experience with and training in social media crises 2. Most legal departments are not very involved in planning for social media crises 3. In-house counsel lack confidence in their company s social crisis responsiveness 4. Despite concerns, in-house counsel have a false sense of security about imminent online threats 5. In-house counsel face challenges along multiple stages of a social media crisis journey Social Media s Role in Crisis Management: A Call for Greater Legal Vigilance Page 2

KEY FINDINGS 1. IN-HOE COUNSEL HAVE LIMITED EXPERIENCE WITH AND TRAINING IN SOCIAL MEDIA CRISES A modest 21% of lawyers report that their company experienced a social media crisis during their tenure. For these few veterans, the leading consequences of these crises have been internal, including declines in employee morale and attrition or layoffs. Notably, legal departments tend to take a back seat to discovery of online social problems, whereas digital, communications and/or marketing departments have been at the detection forefront, according to the lawyers surveyed. Problematically, training around what social media means for their companies is at lower-than-expected levels. Only half (54%) of the lawyers surveyed have received instruction on how social media impacts their companies, leaving many without this background. When training is offered, it takes multiple forms, including classes offered by employers and/or a third party consultants hired to provide advice and instruction, and conferences or continuing education classes. Social media training is inconsistent. Among companies with guidelines for using social media (73%), not all are training their legal counsel around the world on those policies: only 47% of UK companies do so compared to 73% in the. 2. MOST LEGAL DEPARTMENTS ARE NOT VERY INVOLVED IN PLANNING FOR SOCIAL MEDIA CRISES While a large majority of in-house counsel say their department is involved in planning for social media crises, only 21% say they are very involved, and lawyers in the UK report somewhat lower involvement than those in the. Whether this stems from legal departments choosing not to plan or other departments not including legal in the planning stages, this lack of involvement is surprising given that social media attacks are far more prevalent than they were even three years ago. Our research suggests a correlation between those who have personally experienced a social media crisis and involvement in preparation. LEVEL OF LEGAL DEPARTMENT S INVOLVEMENT IN SOCIAL MEDIA CRISIS PREPARATION TOTAL 21% 56% 23% 24% 58% 18% UK 18% 54% 28% Very involved Fairly involved Not involved Even while their departments are at least somewhat involved in crisis preparedness, the lawyers surveyed spend very little of their own time doing so. On average, in-house counsel devoted about 2.4% of their time in the last year to social crisis planning, and almost half (47%) say they didn t spend any time personally preparing for such an event. This finding is paradoxical, given that all lawyers in the study are involved in advising their company on matters related to risk and reputation management. Social Media s Role in Crisis Management: A Call for Greater Legal Vigilance Page 3

One reason that in-house counsel devote minimal time to social crisis planning may be that few boards ask legal about preparedness for a social media issue or crisis. Boards of directors might be asking company leadership about crisis preparedness, but in-house counsel aren t getting the phone calls. Only one-quarter (27%) of lawyers have had their Board of Directors ask their department about the company s preparedness for a social media issue. Again, we see even less activism in the UK (20% of UK boards have asked legal departments about social media crisis preparedness vs. of boards). An important building block of crisis preparedness is social media monitoring. While many lawyers have monitoring programs in place, a closer look at how the monitoring occurs suggests a need for greater digital vigilance. First, not all legal departments are monitoring 29% are doing nothing to monitor activity involving their companies on social sites. Additionally, a minority is engaging in important types of monitoring 40% observe what employees are saying and only monitor coverage of their company. Only 19% of lawyers are getting reports from another source. And again, we find differences by region: legal departments are more actively engaged in digital social monitoring than those in the UK. This is not to say that each department in a company needs to do its own monitoring. On the contrary, organizations can benefit from a centralized monitoring system that shares information with different parts of the company. TYPES OF SOCIAL MEDIA MONITORING CONDUCTED BY LEGAL DEPARTMENT Monitors social media for what employees are saying about company 36% 40% 44% Monitors social media for what is being said about company 30% Gets social media monitoring reports from another source 14% 19% 24% Monitors competitors social media activity 19% 18% 20% None of the above 20% 29% Total UK Finally, social media crisis communication plans are in place at almost two-thirds (63%) of companies represented in the survey, leaving a sizeable number of companies without a plan for how to respond when problems arise. Even fewer report other important preparedness activities. For example, only 40% say their companies conduct preparedness drills. Social Media s Role in Crisis Management: A Call for Greater Legal Vigilance Page 4

CURRENT PREPAREDNESS ACTIVITIES OF COMPANIES Conducts planning or preparedness drills involving a social media issue or crisis XX% 40% XX% 42% XX% Consults with external legal counsel on social media crises 26% 36% 46% Has a dark site or dark tab to use in the event of a social media crisis 26% 35% 44% Consults with external communications, marketing or digital firms on social media crises Total UK 30% 3. IN-HOE COUNSEL LACK CONFIDENCE IN THEIR COMPANY S SOCIAL CRISIS RESPONSIVENESS It is clear that in-house counsel at and UK corporations are not fully prepared for the inherent risks of social media, so it is not surprising that lawyers express only moderate levels of confidence in their company s ability to manage a crisis in the social realm. No more than half of survey respondents believe their company would be excellent (9%) or very good (40%) at managing a social media crisis. RATING OF COMPANY S ABILITY TO MANAGE A SOCIAL MEDIA CRISIS TOTAL 49% 39% 12% 52% 32% 16% UK 46% 46% 8% Excellent/Very Good Good Fair/Poor The average time lawyers expect it will take their companies to activate a social crisis plan is troubling. In-house counsel estimate that it would take 38 hours to act certainly too long in the 24/7 world in which social crises intensify. A lack of response within 24 hours, and even faster in especially sensitive situations, leaves corporate reputations vulnerable to enduring damage. Stronger involvement at the pre-crisis stage by in-house counsel can produce more agile and effective crisis response teams: Lawyers who are involved in social crisis preparation are more confident than those who are not involved in their company s ability to manage a social media crisis. RATING OF COMPANY S ABILITY TO MANAGE A SOCIAL MEDIA CRISIS (BY LEGAL S INVOLVEMENT IN CRISIS PREPARATION) VERY/FAIRLY INVOLVED* 58% 36% 5% NOT INVOLVED 17% 48% 35% Excellent/Very Good Good Fair/Poor * Percentages do not add to 100% due to rounding Social Media s Role in Crisis Management: A Call for Greater Legal Vigilance Page 5

4. DESPITE CONCERNS, IN-HOE COUNSEL HAVE A FALSE SENSE OF SECURITY ABOUT IMMINENT ONLINE THREATS The research uncovered a potential reason UK and lawyers are not fully preparing for a social media crisis a high proportion believe their company is immune from digital crises that can cause legal risk. A full nine in 10 legal executives say it is not likely that a social media crisis will impact their company and cause a legal risk in the next year. This perspective on their own company s social media vulnerability is counterintuitive, given the other strongly held views by the lawyers surveyed. An overwhelming majority (91%) consider reputation to be a company s most valuable asset. Most also see the potential for a problem in social media to turn into a crisis: 85% agree that social media has greatly increased the potential for a minor problem to turn into a major crisis. And, many believe most reputation-damaging crises are self-inflicted (88% of lawyers and 62% of UK lawyers), which suggests preventative measures are a worthwhile investment of time and effort. The false sense of security around social media is even more remarkable considering the specific concerns lawyers express around the legal risks posed by the digital medium. The top concerns presented by social media according to the lawyers surveyed are: sharing of confidential information on social media, inflammatory comments about the company, and data breaches or hacking. DIGITAL ISSUES OF DEEP CONCERN FROM LEGAL RISK PERSPECTIVE Improper sharing of confidential information on social media 50% 46% 54% Inflammatory comments on social media regarding company, executives, or its products or services 36% 43% 50% A data breach or hacking 43% 52% Criticism about company going viral on social media 42% 50% Complaints posted on social media about company customer service 28% 37% 46% Employees posting on social media about company 35% 32% Current and former employees rating company on sites such as Glassdoor 26% 32% Senior level executives posting on social media about company 22% 28% XX% Total UK Social Media s Role in Crisis Management: A Call for Greater Legal Vigilance Page 6

It is worthwhile to consider some differences of opinion between UK and lawyers. UK lawyers express deeper concern around confidential information shared on social media as well as data breaches, while those in the are more deeply concerned about inflammatory comments and criticism of their company going viral. Data breaches or hacking are a lesser concern in the relative to other problems explored in the research, which is curious, since Americans have witnessed a number of widely publicized breaches over the last few years. This finding certainly calls for further research, but one hypothesis may be that the recent spate of data violations (affecting 43% of American companies last year, according to the Ponemon Institute) has moved crisis managers to prepare for such scenarios, but perhaps less so for the other areas of legal concern. 5. IN-HOE COUNSEL FACE CHALLENGES ALONG MULTIPLE STAGES OF THE SOCIAL MEDIA CRISIS JOURNEY Interviews with the 21% of lawyers experienced in handling social media crises revealed a continuum of challenges that can be expected at each stage of a digital emergency. A number of enduring themes, present throughout a crisis journey, emerged from these social crisis veterans when asked what s most difficult about effectively managing a social media crisis: ASSESSING THE SITUATION EARLY ON AND THEN GAUGING RESPONSE EFFECTIVENESS PROVES CHALLENGING FOR MANY. Difficult to prioritize our efforts as the issues are emerging not only from social media but various other sources. Find out what exactly the negative commenter needs. UK To prioritize which social media platform has to be targeted first and preparing plan accordingly. Most difficult would be getting prepared for the surprise elements which may come up while working on resolving the issue. THE SPEED AT WHICH CRISES MOVE ONLINE IS SWIFT AND DEMANDING. These crises happen so quickly and it s the timing which is most difficult to handle. UK The speed with which it rapidly spreads affects the stock situations simultaneously. Scheduling: the most difficult thing to manage is time. UK INTERNAL AND EXTERNAL PRESSURES COMPLICATE CRISIS MANAGEMENT, INCLUDING THE NEED FOR DISPARATE TEAMS TO COME TOGETHER AND COORDINATE HOW TO MANAGE THE CRISIS, AS WELL AS WORKING WITH OTHER STAKEHOLDERS. The most difficult is to plan together the investigation and the steps to minimize the damage. Pressure from both the external and internal sources makes it more difficult. Managing the media along with working on stopping the issue to spread further. UK Managing stakeholders. UK Recovering the damage already caused by the crisis. Social Media s Role in Crisis Management: A Call for Greater Legal Vigilance Page 7

CLOSING THOUGHTS The research has demonstrated that although in-house counsel place high value on their company s reputation and agree that social media presents legal and reputational risks, most feel they are immune from a social media crisis that will cause a legal risk, and they are only moderately planning for crisis mitigation and response. And when faced with a problem on social media, the resolution and recovery process has proven challenging for lawyers. These findings call for greater awareness around social media vigilance by corporate legal departments, as well as legal involvement in developing policies, guidelines and training programs designed to safeguard corporate reputations from digital attacks. Based on our extensive experience in crisis management, Weber Shandwick offers the following guidelines for in-house counsel: FAMILIARIZE YOURSELF WITH YOUR FIRM S SOCIAL MEDIA CAPABILITIES. In-house counsel are an integral part of the crisis response team. As such, and if not already, counsel should be intimately involved in setting corporate social media policies and collaborating on crisis response plans. Such involvement will infuse your organization s crisis strategies with the legal and regulatory considerations critical to recovery from social media attacks and engender more self-confidence in the ability of the organization to respond to a crisis. PREPARE IN PEACETIME. It is critical that in-house counsel improve their social media crisis preparedness training. Participate in interdisciplinary dry runs and crisis training. Weber Shandwick s firebell offers interactive crisis simulation exercises that enable a response team to hone its approach in different scenarios under virtual, real-time conditions. And although simulations can t anticipate every possible situation, hands-on practice helps teams build the agility and confidence they need when faced with a fastmoving digital challenge. CONTINUOLY REVIEW AND ADJT. Hold regular review sessions with the interdisciplinary crisis team. Consider recent experiences and lessons learned to update your cyber risk and security protocols, incident response plans and vulnerability assessment tools. Vigilance and resilience is key to a sustained online reputation management strategy. Provide counsel on any communications online and offline that your company plans to release in the wake of a crisis. It is important that legal vet communications to provide a legal perspective and ensure that what is being said about the crisis aligns with company policy. Social Media s Role in Crisis Management: A Call for Greater Legal Vigilance Page 8

For more information about Social Media s Role in Crisis Management: A Call for Greater Legal Vigilance, please contact: Peter Duda Executive Vice President and Co-lead Global Crisis and Issues Weber Shandwick pduda@webershandwick.com +1 212-445-8213 Rod Clayton Executive Vice President and Co-lead Global Crisis and Issues Weber Shandwick rclayton@webershandwick.com +44 20 7067 0431 David Krejci Executive Vice President, Crisis Management firebell founder Weber Shandwick dkrejci@webershandwick.com +1 952-346-6158 Lauren Melcher firebell Global Product Manager Weber Shandwick lmelcher@webershandwick.com +1 952-346-6047 Mark Richards Senior Vice President/Management Supervisor KRC Research mrichards@krcresearch.com +1 202-230-8767 /WeberShandwick @WeberShandwick /Company/Weber-Shandwick /WeberShandwick /WeberShandwickGlobal +WeberShandwick

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information