Blog post

Why Social Media Risks Are Skyrocketing and What You Can Do to Protect Your Company

By John A. Wheeler | October 06, 2014 | 3 Comments

Tech and Service ProvidersSecurity and Risk Management LeadersRisk ManagementLegal riskLegal and ComplianceIT risk managementIRMintegrated risk managementDigital riskAudit and Risk

In the news today, social media risks for individuals are certainly grabbing the headlines. Celebrity hacking, child exploitation, identity theft and fraud, just to name a few. However, the risks for corporations are even greater when you consider the sheer volume of social media channels and number of ways people can use those channels to destroy shareholder value. Chief Information Officers seem to agree that the new digital world companies face is increasingly risky. According to Gartner’s 2015 CIO Survey released today at our US Symposium in Orlando, FL, 89% of CIOs agree that the digital world is creating new types and levels of risk for business.

First, let’s focus on the two areas where the new types of risks can emanate – inside the company and outside the company. Below is a sample listing of risks categorized into these two areas:

Inside the company

  • Improper disclosure of company information in violation of securities trading laws
  • Improper disclosure of personally identifiable information in violation of privacy laws
  • Employee disclosure of proprietary data / intellectual property
  • Employee fraud
  • Disgruntled employee disclosure of grievances and/or company practices

Outside the company

  • Cyber-attack / malware
  • Fraudulent representation of company identity
  • Customer complaints / negative commentary about the company
  • Personal employee conduct impacting company reputation

So, the real question for business and IT leaders today is “what can you do to protect your company?” Gartner has identified three key ways that companies can improve their ability to address these risks.

1. Develop a clear policy and employee training for social media use

Representatives from IT, legal and human resources must collaborate to create a comprehensive policy that outlines accepted use of social media for employees. In addition, this policy must be communicated and reinforced through regular training of all employees. Failure to do so will not only result in inappropriate social media usage, but also potential litigation risk from future legal discovery of inaccurate information.

2. Establish a social media risk management function

Evaluating social media risk cannot be a one-time event given the dynamic nature of the activity – both within and outside the company. Ongoing risk assessments should be conducted by business representatives and risk experts to determine the risk trends and mitigation strategies. Unfortunately, according to a recent survey by Grant Thornton, 59% of companies do not conduct regular social media risk assessments. These companies are essentially “flying blind” when it comes to social media usage.

3. Provide technology capabilities to support social media risk management

New technologies are available to help companies perform regular risk assessments as well as ensure proper compliance with laws and regulations. Social media monitoring tools can help evaluate communications by key employee groups such as sales and marketing. In addition, software tools for advanced analytics related to external social media usage, such as customer sentiment analysis applications, can prove to be very useful in proactively identifying sources of reputation risk.

I’ll be exploring these issues and more today with Gartner Symposium attendees and look forward to hearing how companies are utilizing these steps to mitigate the ever-present risks of social media.



The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed


  • Pretty great post. I just stumbled upon your weblog and wanted to mention that I have truly enjoyed browsing your blog posts.
    In any case I’ll be subscribing to your rss feed and I am hoping you write again soon!

  • It’s very easy to find out any matter on net as compared to textbooks, as
    I found this article at this website.

  • Ken Hawrylak says:

    You bet. The current landscape is a minefield of epic proportions for those unversed in such matters. Fortunately there are professionals that specialize in Social Media and SEO. Applying the principles of risk management and information security ALONG WITH the tools now available, we are able to wade through the mess and emerge relatively stink free. We are dealing with people and there is a huge spectrum of opinions, ideas and beliefs, on which you will stub your toes once in a while.