Book a demo
Get Trial

Company risks without using OSINT

  • /
  • /
The Risks Incurred by Companies That Do Not Use Open Source Intelligence Services In Their Business Operations

Open Source Intelligence, or OSINT services, have become an irrevocable part of doing business in the modern world, where having information on clients and counter parties is critical to ensuring the securityand uninterrupted nature of operations.

The open sources available reveal vast amounts of data about anyone who has ever left a digital footprint, allowing companies or interested parties to gather intelligence on individuals or companies without surpassing the boundaries of the law or any regulations on the use of personal information.

Given that social network and internet users freely and voluntarily share information on their behavior habits and statuses, having access to such data can allow businesses to reveal critical weaknesses in their own structures, potentially harmful behavior among employees, or detect fraud or misconduct on the part of clients and counterparties. The benefits of using OSINT are numerous.

There is a downside to refraining from resorting to such services in daily operations. Companies that do not use OSINT face multiple risks, regardless of their area of business.

Examples of neglecting OSINT and allowing bad reputations to destroy or significantly harm a company's image are numerous. In 2016, Facebook defamed itself during the highly controversial US presidential elections and started looking like a disseminator of toxic misinformation. In 2018, Facebook's brand image was tarnished by a massive personal data breach that released millions of personal account details to the open public. In 2019, the company's image suffered another blow when employees started complaining about appalling working conditions.

Boeing is another shining example of bad reputation management and OSINT neglect. In 2019, the company suffered heavy reputational damages when it was revealed, after a series of plane disasters, that the company had been neglecting open claims about poor engineering and aircraft servicing, and did not properly screen its contractors for quality or conduct. The result is hundreds of deaths in aircraft crashes and the loss of multi-billion contracts on the ill-fated Boeing 737-Max model.

The given material will examine the risks that are affected by information breaches,
as OSINT is all about conducting searches for information in open sources.

  1. Market risks
  2. Credit risks
  3. Liquidity risks
  4. Operational risks
  5. Legal risks
  6. Reputational risks
In addition to the aforementioned, risks can also be divided into two types in
accordance with the nature of their emergence.

The first type of risks is of an internal nature. Such risks are caused by the operations of the company based on the business activities of its management, as well as specific indicators, such as productivity, marketing strategy, equipment used and others.

The second type of risks is external and is not directly related to the production processes inside the company. The given risks are formed by economic, political, and geographical reasons, as well as other external factors.

Market Risks

Market risks incurred by companies include the risk of losses due to changes in the value of the business' portfolio. The given assets include products and manufactured goods that bear market value and were purchased for further resale. Market risks are characterized by their macroeconomic nature and are reliant on indicators of the financial system, such as market indices. All market risks are divided into:

  • Interest rate based;
  • Currency exchange rate based;
  • Stock price based.

OSINT services are best applied for negating stock price based risks, as negative information in social media can rapidly deteriorate the value of a company's shares.

A vivid example is that of Elon Musk's Twitter posts, which have historically had a detrimental effect on the share price of Tesla stocks.

By refraining from using OSINT services, a company bears the risk of being the last to know about data theft and its subsequent sale on Darknet channels. The company will also not have access to information about counterparties in M&A transactions and will not be able to conduct background and cross-checking to screen candidates for employment.

Credit Risk

Managing credit risks is the main task of banks and other credit organizations. Credit risk management consists of a number of steps needed to determine the cost of borrowed funds, formulate principles for working with a loan portfolio, and outline the main provisions of a credit policy. Subsequent monitoring and in-depth analysis of creditworthiness and dealing with problematic debtors is the routine of banks. Analysis of the effectiveness of the measures undertaken is the final stage of the process.

Credit risk assessment involves analysis of the maximum losses that a bank can incur over a certain period of time with a pre-calculated probability fraction. Among the common causes of loss is a decrease in the value of the loan portfolio, which occurs as a result of the complete or partial loss of solvency of a large number of borrowers. The concept of qualitative assessment involves the collection of detailed information about borrowers and its analysis for determining the financial stability of a potential client, as well the liquidity of collateral, their business activities, and other similar indicators.

If a bank does not resort to OSINT, it risks missing out on an immense stratum of information about its borrowers. The digital footprint that people leave in social media networks is sometimes a reliable indicator of their lifestyle than what they try not to show in business relations. Most importantly, it is easier to seek out information in social networks, and banks do not even need to conduct in-depth investigations to reveal important details about their clients. More importantly, OSINT should
be applied for constant monitoring of clients during the loan period to keep track of the client's status.

Liquidity Risks

Asymmetric information in microeconomics is the uneven distribution of information between parties to a contract. In a situation of asymmetric distribution of information, one of the parties knows more than the other about the subject of the contract, the conditions for its conclusion, or its behavior in the process of execution. Kenneth Arrow was the first to attention to the presence of information asymmetry in an article in 1963, «Uncertainty and the Economics of Welfare in Health Care,» in the American Economic Review.

Not using OSINT means aggravating information asymmetry, as open-source information remains concealed, and decisions are made without proper intelligence, thus increasing the risk of making wrong decisions.

Operational Risks

According to the decision of the Basel Committee (Basel II, 2004), operational risk is the risk of losses associated with inadequate or unsuccessful internal processes, systems or human errors, or with external events. The Basel Committee identified seven main categories of events that lead to losses:

  • Fraud within the company;
  • External fraud;
  • Occupational practice and labor safety;
  • Customers, products and business practices;
  • Damage to physical resources;
  • Business crashes and system failures;
  • Execution, supply and process control.

The use of OSINT is implied for monitoring the actions of employees and customers, as well as searching for affiliations and connections. Access control systems can also be combined with information from social media to identify connections using OSINT. Personal privacy concerns may arise in such a scenario, but high-ranking employees understand the risks of conflicts of interest and must be ready to sign consents on the analysis of personal information

Legal Risks

Changes in legislation during the transaction period, incorrect documentation, and the inconsistency of laws of different states can mean risks for companies operating with cross-border clients.

If a company does not rely on OSINT, legal risks can arise for it and increase due to the presence of numerous regulations affecting sanctions, anti-terrorist, anti-money laundering and other activities. OSINT can help companies identify potential threats from counterparties regarding such regulations.

If a company does not rely on OSINT, legal risks can arise for it and increase due to the presence of numerous regulations affecting sanctions, anti-terrorist, anti-money laundering and other activities. OSINT can help companies identify potential threats from counterparties regarding such regulations.

Reputational Risks

Reputation is one of the main assets of a company that garners the trust of clients and partners. Reputation management services is a gigantic industry and companies are eager to pay third-party OSINT companies to keep their reputations pristine.

Tarnishing a company's reputation is as simple as having an employee or contractor release an unethical post on any social network or make an inconvenient statement to the press. Internet users will do the rest by disseminating the information and having it reflect on the company's image, and ultimately – on its share price and profits.

External factors can also affect a company's image. Such factors include the actions
of competitors or contractors, poor logistics, catastrophes, acts or god etc.

OSINT is critical for managing reputational risks both prior to the occurrence of a negative event and after its occurrence for damage control purposes. OSINT allows companies to conduct in-depth analysis of employees and contractors to identify the potential for unethical or threatening conduct. Such services also act as a life of defense and counterattack when dealing with negative comments in social networks and other media channels.

Methodology For Using OSINT In Mitigating Risks

The methodology for dealing with all risks is the same and involves three steps:
  • identification;
  • damage assessment;
  • formation of defensive measures;
The main applications for OSINT in mitigating risks are the following:

  • Minimizing risks when working with counterparties;
  • Minimizing operational risks when working with partners for product purchases;
  • HR screening, recruitment and teambuilding;
  • Mitigating information security risks;
  • Mitigating reputational risks and ensuring brand security;
  • Ensuring successful mergers and acquisitions;
  • Preventing internal data theft by employees;
  • Preventing reputational damages.
Considering the potential consequences, all the risks arising from such situations can be categorized into three types:

Permissible – when the company is threatened with loss of profits if certain actions were not taken. In this case, commercial activity is not deprived of economic feasibility, since the amount of potential losses does not exceed projected income.

Critical – when an organization faces the possibility of a loss of revenues exceeding projected income. In the worst case scenario, the company risks losing all the funds allocated for the transaction.
Catastrophic – when the company loses solvency. The amount of losses exceeds equity. This category includes situations like environmental catastrophes or those threatening the safety of citizens.


OSINT services are vital for mitigating all manner of risks faced by companies. It is immeasurably to rely on OSINT than risk mitigating threatening situations and solving their consequences.

Companies of all sizes need to understand that using OSINT is currently the best, cheapest and most reliable source of information on employees, clients and counterparties that can be obtained from Social Media and even the Darknet on a continuous basis. Such intelligence mining operations must be conducted constantly for monitoring the surrounding environment for potential threats and responding proactively to risks.

The earlier you start working with risks, the cheaper they are for you

The list of failed companies that did not rely on OSINT tools for proper information management is long and painful to read, but the bottom line is – who wants to end up like them?
Start your investigation now
Get in touch and get a free consultation on your specific cases