STOCKHOLM—Cybersecurity exposures don't begin and end with hacking—organizations' own employees often give away sensitive information of their own accord through social networking sites, experts say.

The explosion in the use of sites such as Facebook and Twitter over the past few years has widened the scope of cyber-related risks that organizations face as employees regularly mix their professional and private lives, a panel of experts said at the Federation of European Risk Management Assns.' biennial forum held in Stockholm earlier this month.

To guard against the risk, organizations must rethink their security training procedures. In addition, significant insurance capacity is available to cover these risks.

“Today, with the new ways that there are to communicate and exchange information, we have to think that there are no more boundaries. Everything from private life and professional life is completely mixed,” said Laurent Dellhalle, general secretary of Bureau Europeen d'Information Commercial, a credit and information security organization in Décines, France, during a session at the forum.

The speed at which the messages are transmitted adds another dimension to the risk, Mr. Dellhalle said. Companies have little control over information because employees use social networks to distribute the information globally within seconds, he said.

And employees often distribute sensitive information unwittingly, said Christian Aghroum, Prilly, Switzerland-based chief security officer at SICPA Management S.A., a security ink provider.

For example, by updating resume information on LinkedIn, employees may inform competitors about sensitive aspects of their work. In addition, employees who use Twitter to send messages about their whereabouts while traveling for work and their schedule may being giving competitors clues about sensitive company operations, he said.

Previously, employees may have disclosed this information in personal meetings, and they may feel that it is still appropriate to disclose this information to friends or colleagues. “But now you are not speaking in a restaurant, you are speaking to the whole world,” Mr. Aghroum said.

Companies should ensure that they inform employees that there must be a clear line between private and professional use of social networks, and they should have training on these issues, he said.

But the training needs to take into account the preferences of different groups of employees, Mr. Aghroum said. Older employees generally are quick to understand the difference between private and public use of social networks, but younger employees frequently require more training.

And younger employees are more engaged by e-learning techniques than traditional meeting-based training or printed guidebooks, he said.

Significant capacity is available in the insurance market to cover cyber-related risks, said Luc Vignancour, deputy manager in the FINPRO department at Marsh Inc. in Paris.

In the Continental Europe market, about e50 million ($66.9 million) is available, and by tapping the London market as well, policyholders can obtain a total of e100 million ($133.8 million) in cyber risk capacity, he said.

The policies typically cover: extra security expenses; notification costs associated with informing people whose information may have been accessed; liability claims; ransom payments in the event that hackers take control of a system and threaten to release confidential information; and loss of funds, in the event that hackers access a financial system and transfer funds.