The ‘firehose of falsehood’ in the boardroom: Navigating information risk as a strategic imperative

Every day, we hear about Artificial Intelligence (AI) driving disinformation and financial crimes. Political interference, misleading videos during conflicts, AI-powered financial and identity fraud, and troll farms continue to dominate conversations about truth, financial security, governance, and civil discourse. Consider the scale: deepfake videos number in the millions annually, and humans detect only a quarter of them; phishing e-mails are mostly AI-generated; and Generative AI-enabled fraud is projected to reach $40 billion by 2027. For organizations and brands, corporate leaders once viewed misinformation as a minor issue to be managed by corporate communications or as a temporary reputational setback. Today, information risk is a complex, enterprise-level threat that can fundamentally alter the business environment.

Recent research highlights a shift from targeted persuasion — communication aimed at convincing specific people — to information saturation and disruption, in which the goal is to overwhelm people with excessive information. The RAND Corp. calls this the “firehose of falsehood,” a model that uses high-volume, rapid messaging — often with inconsistent or conflicting statements — to flood audiences and make it hard to determine what is true.

For Boards and senior executives, the nature of the threat has shifted. The risk is no longer just a single false story but the erosion of a shared factual reality. This complicates crisis response and investor relations. These risks are real — they are documented globally and are especially relevant in the Philippines, one of the world’s most active social media environments. The challenge stems from information saturation and disruption, the “firehose of falsehood” model: high-volume, rapid, and often contradictory messaging that overwhelms rather than persuades. For Boards, the primary threat is not a single false narrative, but the loss of a shared factual baseline. This makes both crisis response and stakeholder communication harder. This context frames the tactics behind modern disinformation.

THE THREE PILLARS OF DISRUPTION
Modern disinformation campaigns, whether driven by state or decentralized actors, typically pursue three main objectives:

• Confusion: Flooding the information space with conflicting narratives reduces the public’s ability to distinguish fact from fiction.

• Division: Messaging exploits social and political divisions, pitting stakeholders against each other.

• Erosion of Trust: Ongoing exposure to manipulated content erodes public trust in institutions, including corporations.

WHY WE ARE ‘PATIENT ZERO’
Corporate leaders in the Philippines face heightened exposure. Researchers call the country “patient zero” for large-scale social media manipulation. The Philippines has some of the world’s highest rates of social media use. It is also a “fake news factory,” where coordinated campaigns, influencer networks, and “troll farms” precisely shape public perception.

In this environment, brand reputation is not just about performance; it is a target of coordinated narrative attacks. We are now seeing the rise of several new tactics:

• Synthetic Media (Deepfakes): AI now enables the creation of hyper-realistic fabricated content. This includes fake CEO statements or false evidence. Such content can be used to blackmail or undermine real corporate communications. Deepfakes also make it easier to create false evidence or to undermine real evidence (“liar’s dividend”).

• Memetic and Viral Content: Short, emotionally charged content spreads faster than factual information. Content that triggers anger or fear often bypasses analytical reasoning.

• Narrative Framing: This technique presents factually correct information in a way that still deceives. By emphasizing some details and omitting others, communicators can mislead stakeholders.

• “Insider” Leaks: Disinformation often appears as content claiming to be privileged or suppressed knowledge. These so-called “leaks,” which are unverified information from anonymous sources, can quickly gain traction during corporate crises.

These can gain traction quickly, especially when official information is limited. Emotionally charged content spreads more widely and influences judgment. Anger and fear reduce analytical processing, and high emotional arousal increases sharing behavior.

The Philippine environment presents unique amplifiers:

• High Social Media Penetration: The country ranks among the highest globally in time spent on social media, increasing exposure to viral misinformation.

• Influencer and Networked Campaigns: Political messaging, influencer marketing, and entertainment now blend, blurring the line between organic and coordinated content.

• Trust Dynamics: Public trust in institutions can shift quickly, making narratives — positive or negative — more volatile. According to the World Economic Forum, misinformation and disinformation erode trust and exacerbate societal divides.

QUANTIFYING THE ENTERPRISE RISK
This is not merely a social problem. It is a systemic enterprise risk with tangible impacts:

• Financial and Market Risk: Disinformation can trigger sudden market swings that can affect stock prices and erode partner confidence.

• Operational and Internal Risk: External narratives can trigger internal polarization. This can fracture workforce cohesion and hinder decision-making.

• Regulatory Risk: Governments are watching as the EU and UK increase scrutiny of how companies manage their roles in the information ecosystem. Various countries have implemented some form of “truth in content.” Failing to address these risks can result in significant political and regulatory exposure.

A DELIBERATE RESPONSE FOR THE BOARDROOM
Given the speed and scale of these threats, Boards must act decisively. Move beyond reactive measures: establish a dedicated information risk committee at the Board or executive level. Implement regular scenario planning and tabletop simulations to strengthen readiness and crisis response. Require periodic briefings on emerging manipulation tactics and annual reviews of information risk management policies to ensure alignment with evolving threats. Take these concrete steps now to embed a strategic mandate in practical governance.

• Integrate information risk into Enterprise Risk Management (ERM). Disinformation is false or misleading information spread to deceive. It should be recognized as a formal category within enterprise risk governance, not merely a public relations issue. Boards can formalize this by including information risk in the enterprise risk register. Establish clear reporting lines for relevant risk committees or the Board. Ensure that regular risk reports specifically address information threats. Assign Board-level or executive oversight of information risk to ensure accountability and integration across business functions.

• Invest in Narrative Tracking. Boards should use social listening tools to detect coordinated activity and emerging narratives early. When selecting tools, Boards should consider several criteria, including the ability to scale enterprise needs, comprehensive coverage of relevant platforms, support for local languages, advanced alerting, and compliance with data privacy requirements. Tools with intuitive dashboards and customizable reporting also enhance Board-level oversight. Assess vendors on these points to catch issues before they reach a tipping point.

• Build Resilience through Literacy. Leaders and employees should receive media literacy training to help them recognize misinformation, including synthetic media, misleading narratives, and manipulative content. Key goals include critically evaluating digital content, understanding viral dynamics, identifying sources, verifying claims, and practicing accurate messaging during incidents. A 2025 study identified effective and ineffective corrections, provided practical insights for social media platforms, and suggested designs for more effective interventions.

EXPANDING THREAT LANDSCAPE: BEYOND STATE ACTORS
While state-sponsored campaigns often attract attention, similar tactics are also used by political actors, activist groups, competitors, and opportunistic bad actors. Social media manipulation by political actors is now an industrial-scale problem, prevalent in over 80 countries. We must recognize that information risk is persistent and multidirectional, not limited to geopolitical conflict.

KEY TAKEAWAYS FOR DIRECTORS
• Information risk is now a core strategic risk, not merely a communications issue.

• Modern propaganda often aims to confuse and divide, not merely persuade.

• The Philippines presents a high-exposure environment because of high digital literacy and consumption levels.

• Emotional and viral dynamics can quickly escalate reputational crises.

• Proactive governance and preparedness are essential for mitigating the impact.

The contemporary information environment moves quickly and operates on a vast scale. Disinformation campaigns, whether state-driven or decentralized, exploit this speed and complexity to influence perception, behavior, and trust.

CALL TO ACT
Today’s information environment is complex and contested. Managing disinformation cannot be confined to corporate communications. Information risk is now a core strategic threat that can destabilize stock prices, polarize workforces, and erode customer trust.

Boards must ensure that information integrity is a core part of enterprise risk management. Institutional strength in the “post-truth” era depends on leadership. Leaders must understand both the company’s messaging and how the broader information environment is manipulated. Boards need to build institutional resilience. This is not just about responding to incidents but about protecting information integrity in a contested landscape. To support effective governance and clear accountability, oversight of information risk should be formally assigned to the Board. Ideally, this responsibility would be given to the Risk Committee, or, if not already established, to a dedicated Information Risk Committee or to a designated Board officer, such as the Chief Risk Officer, who would ensure that strategies and controls are in place and regularly reviewed. This explicit assignment clarifies ownership and supports strong follow-through on mitigation and preparedness.

A disciplined, research-informed approach, paired with local market awareness, will be critical to navigating this evolving risk landscape.

Gil B. Genio is governor and secretary of the Management Association of the Philippines or MAP. He is a retired banker and Globe and Ayala executive, and a member of the Analytics and AI Association of the Philippines and the Institute of Corporate Directors. He is an independent director at GT Capital Holdings, the Puregold Price Club, and Megawide Construction.

[email protected]

iamgilgenio@gmail.com