As social media proliferates to become an accepted and enduring part of corporate life, organizations should invest time to understand and manage relevant risks. Although the benefits are clear -- direct access to customers, shortened feedback cycles, and personalized marketing -- the risks are less understood.
A new research report on social media risk, by analyst and consulting firm Altimeter Group, describes four broad categories of concern:
- Damage to brand reputation
- Releasing confidential information
- Legal, regulatory, and compliance violations
- Identity theft or hijacking
Key risks. The following chart offers a breakdown of survey respondents' view of risk sources in relation to social media:
It is interesting to note that 66 percent of respondents consider damage to reputation or brand a significant or critical risk, while only 32 percent called release of confidential information a significant or critical risk. This finding strongly suggests that social media professionals may underestimate the potential likelihood that employees might inadvertently, or even deliberately, release such information. However, it is also possible that respondents have sufficient confidence in their organization's social media policies to alleviate this concern.
Social media risk team. Overwhelmingly, in most organizations the social media team is responsible for managing social risk, as the following diagram illustrates:
Importantly, the report does make clear that social media risk management should involve a broad group of participants, include representatives from marketing, human resources, legal, IT, communications, and security.
Social media policies. According to the report, most corporate policies around social media relate to privacy, as shown below:
WHAT'S MISSING FROM THE REPORT
The Altimeter report is beneficial because it shines a light on an important aspect of social media. The relative immaturity of social media has caused it to lag behind other corporate domains, such as project management and legal, where risk management is highly structured and well understood.
Despite its utility, the report focuses almost entirely on risks emanating from the organization itself, particularly information leakage that can damage a brand or cause the public release of confidential information. It pays only cursory attention to an equally, if not more important, source of social media risk -- comments and campaigns from external sources such as a blogs and Twitter. Although the survey briefly discusses this set of issues, the coverage remains incomplete.
Managing risk that responds to external threats is a far more complex undertaking than developing internal policies that govern employee behavior and disclosure. External threats are less susceptible to control and generally can only be addressed through influence (or legal means, in some cases), which is precisely where the challenge and difficulty lies. Moreover, managing external threats effectively requires coordinated action between the social media team with legal, PR, and senior management. All this increases the level of complexity in responding to external social media threats.
We found that 76% of crises (including external and internal) could have been diminished or avoided had companies been ready. This was based on analysis of 50 social media crises that had achieved mainstream media attention.
The following chart, supplied by Jeremiah, lists the primary causes of social media crises:
Finally, the framework described in the report is relatively generic but does conform to standard approaches to risk management. Readers should be aware that the utility of such frameworks is limited unless an organization commits to putting in place the components needed to execute risk management processes on an ongoing basis.