Gartner Blog Network

Risk Management and Social Media: A Paradigm Shift

by Kristin Moyer  |  February 9, 2009  |  26 Comments

Maureen O’Neil here.  During recent interactions with clients, I wasn’t surprised to hear that many are considering social media initiatives.  That’s because the fastest growing segment of Web content is blogs, message boards and social communities.  These forms of social networking upend the traditional form of top-down information dispersal because information freely flows in and out of an organization.

Social networking sites provide businesses a new way to extend their brand identity, establish a community experience for their customers and provide personalized interactions.  At the same time, such sites usher in novel forms of risk that can’t always be mitigated through traditional risk management strategies. Facebook, MySpace and LinkedIn and Twitter, along with countless blogs and chats are Web environments where anonymously supplied information about a company’s products and services are shared and compared, in some cases inaccurately.

Social media exposes firms to significant risks including serious damage to a company’s reputation.  With a proactive approach you can influence and counteract how your organization is portrayed on these social media.  That requires companies to create an Internet reputation risk management plan that addresses what visitors to your site express, what your employees share on other sites and most significantly what things are said about your firm on sites over which you have no direct control.

Here’s how to begin to get a grip on protecting your reputation on the Web;

  • Actively engage on social network venues to understand how reputation can be impacted by the interactions
  • Gather information on the social media activities your company is considering.  Then assess the areas of vulnerability, create counteraction plans and communicate them to employees.
  • Dedicate at least one employee to the monitoring of your online reputation
  • Build a process to identify new reputation risk elements as social media evolves

The risks enterprises face as a result of participating in social media are real.  But so too are the benefits.  Therefore don’t let risk blind you from taking advantage of the transformational communication opportunities arise from social media. 

I’ll let my colleague French Caldwell have the last word. Here is his pithy take on risk management, Risk Management and Business Performance Are Compatible):

“Risk management is perceived as the opposite of business agility. In reality, risk management is about building a more agile enterprise – that is enabling an organization to take the greatest amount of risk in the safest way possible. It’s not about saying “no” to taking a risk; it’s about how to say “yes”.

Additional Resources

Category: insurance  

Tags: insurance  risk-management  social-media  

Kristin R. Moyer
Research Vice President
14 years at Gartner
more than 20 years IT industry

Kristin Moyer is a Research Vice President in Industry Advisory Services/Banking and Investment Services. She has more than 20 years of experience across the global high-technology industry in a variety of roles. Ms. Moyer's research coverage includes… Read Full Bio

Thoughts on Risk Management and Social Media: A Paradigm Shift

  1. Toby Bell says:

    Hi, Maureen. Great post. Relates closely to research I’ve written over the past couple of years. I’d add that different vertical industries have very different risk profiles. Professional services firms absolutely depend on positive reputations and must address Internet reputation management as a priority, whereas wireless telcos may (oh, never mind….). My point is that every enterprise should first assess its present reputation risk profile and plan accordingly. Key issues to address at a strategic level:

    Social media is an unfamiliar territory for enterprises, with very different rules of engagement.

    Social media blurs the demarcations between public and private information, increasing the likelihood that consumers will unintentionally or negligently say publicly what they meant to say privately.

    Time scales on the internet are more compressed and the implications of a negative event can be far-reaching. Scenario planning for crisis management is critical.

    There is no governing body required either to listen or react to complaints about social media participants…. and most of the reputation resources on the Web are relatively new.

    An enterprise toolbox to engage effectively in reputation management will comprise several pieces of software as well as several services agencies. Gartner is engaged in detailed research here.

  2. Jenn O'Meara says:

    For companies concerned with risk management, an Internet reputation risk management plan is a sound idea. From a risk mitigation standpoint, proactively managing an interactive/social media strategy is far more beneficial than reacting to negative content that can be posted. Not only do companies benefit from being transparent in their communications, A proactive social media strategy enables companies to benefit from being transparent in their communications by allowing them to engage with their audience on a number of different levels.

  3. Lori-Ann says:

    I run a small legal service company and have considered social networking as a way to create more visibility for my company.

    How do I monitor/discover what might already be out there on the sites regarding our Company?

  4. Eric Pautz says:

    Nikos Drakos is the Gartner point for Social Networking and a stellar resource for understanding the technology and the benefits/pitfalls relating to utilizing a SN platform.

  5. Steve Leigh says:

    Steve Leigh here. Begin by searching various search engines with search terms that point to your company. This strategy will reveal the most readily available content about your company. The most obviously dangerous websites are the “” sites that are prevalent across the web.

    The second task is to find blog content itself. While you can search for your organization’s name, in many cases to find relevant blog content, you will need to search for discussion forums relevant to the business your organization is in. You will then need to read the full blog strings to find where your company might be mentioned. Consistently use the “Search Blog” search options on the search options with relevant search terms.

    Other content could certainly be posted in social networks such as Facebook, Glassdoor, and Linkedin, but these are very difficult to track and even more difficult to address since most of this content is only accessible if you are friends with author of the content. Note that there is an inverse relationship between the impact of the contact and the ease of finding it. In other words, the content that is easy to find probably impacts the most people, while difficult to find content, probably has a smaller public impact.

    One other approach is to hire a service to monitor your brand in cyberspace. According to the research note Brand-Monitoring and Anti-phishing Services Intersect Several Security Markets (G00151182) by Arabella Hallawell, Avivah Litan. They identify some recommendations and identify vendors that provide these services. They say in this note, “As blogs, message boards and social network sites continue to dominate the Internet culture, brand-monitoring services and security vendors must extend their technologies and services to cover these areas. Companies are increasingly concerned that employees and external parties might be writing damaging comments ranging from defamatory statements to major intellectual-property or business plan disclosures on external blogs or message boards. Currently, there is a dearth of services to help companies understand their exposure in these areas. Some services measure what is being said about a company from a “buzz” and communications perspective. Data leak prevention (DLP) tools can help companies monitor what their internal employees are posting on blogs and Web mail, but these tools are being deployed only by a limited number of companies. Subsequently, there is an opportunity for brand-monitoring vendors to partner with companies offering these capabilities or to offer new services in this area. Two vendors offering these capabilities are Cyveillance and Brandimensions.”

    The best ways for you to deal with any negative content, wherever it is found, is to address it warmly and professionally. There are two key dangers, one is to appear to simply deliver the approved corporate language and to not appear human. The other is to get caught up in the emotion of the situation and appear unprofessional. As we all know there are at least two sides to every story, and if you find a blogger berating your organization a clear non-emotional expression of the reasons behind the company’s actions can help other readers to understand that you are both reasonable and fair in the way your organization deals with consumers.

  6. Lauren says:

    Social networking certainly seems to have advantages. Consumers are turning to alternative methods of media and thus circumventing many forms of marketing that were effective in the past. Social networking could be used to address some of the key challenges that marketers are facing today, as their customers become increasingly immune to traditional direct marketing techniques. However, marketers should proceed with caution. With social networking marketers run the risk of losing. any semblance of control over their brand. When they create a page on a social networking site for their brand and what happens next may often be beyond their control. For example, what other advertisements will get served next to the brand? What user’s profile will show up there? If marketers plan to use social networking the should consider the risks of doing damage to a brand that has taken years to build.

  7. Maureen O'Neil says:

    Toby, Thanks for your comments. For those of you participating Toby is one of our core research analysts in this area.

  8. Janet says:

    Valid concerns, however, should companies that follow sound and reputable business practices have to be overly concerned with emotional or unfounded complaints and comments? At what level of pain should there be a response?

  9. Toby Bell says:

    It can be surprising to even well-managed companies that one angry customer with an axe to grind can leverage the Web to escalate his/her issues to exponential extent. By failing to monitor and partipate in the conversation when it begins, more damage can be done. In some cases, though, silence is a very appropriate response.

    Any level of pain warrants consideration. Taking the pulse of present reputation and being able to detect when a negative reputation event has occurred and having a response ready are key. Most enterprises wouldn’t know how to put a number on the value of a good Internet-based reputation. The early numbers are usually negative – losses associated with a crisis.

  10. Lori-Ann says:

    Thanks Steve. It is all a bit much for a non-technical person to absorb.

    Although, I agree with both you and Toby that damage can be done by an individual with an axe to grind, it seems difficult to protect against this hazard and still take advantage of the networking benefits.

    I guess it is a matter of risk tolerance for each company. For a company like mine with a focused marketing strategy, it seems as though networks such as Linkedin, although difficult to track, may be a more contained arena for testing the waters.

  11. Steve Leigh says:

    The first step is to start. Join Linkedin and/or Facebook and start understanding how these networks are being used. Also, search some blogs and pick three or four that have discussions related to your business. Also select those that have quite a lot of activity. While blogs from a single person can be informative and inspiring, for your purposes here you would want lots of interaction. Finally, don’t try and reinvent the wheel. There are lots of companies creating their own social networks using Ning or other tools, but the first step is to figure out how to leverage existing blogs and social networks to help build your business.

  12. Steve Leigh says:


    This is a very good question. There is no hard and fast rule about when to step in. It is imprtant to recognize that things are being written, and you can do something about it. In many cases I would view these situations as more opportunities for an organization to show their responsiveness and fairness. I have seen several blog strings where someone is really going off on a company. The company steps in and explains why they took the actions that they did. After reading these I have the sense that the company had reasons for what they did and that these reasons seem fair. While the original offended party did not come back and admit that the company was right, other readers understood both sides of the story.

    So, I guess the non-hard and fast rule would be. The more you do it the more you mitigate risk. Sorry that’s so fuzzy and unmeasurable.

  13. Maureen O'Neil, Gartner Analyst says:


    I am wondering about your comments and how they may apply to Gen X/GenY consumers. If companies are too cautious with social media, do they run the risk of not tapping this key market segment?

  14. Maureen O'Neil, Gartner Analyst says:

    Steve, Toby and others,

    Where in an organization does this type of monitoring and response belong? Is it marketing/pr, legal, strategy makers?

  15. Maureen O'Neil, Gartner Analyst says:

    To all I should mention that Steve Leigh is a research analyst in our Financial Services group, focusing on P&C as well as Life insurance. Steve has published on this topic as it relates to his focus area.

  16. Melanie says:

    I am an A/E and this is great insight for all current and potential Gartner clients! What are the top three issues in this area my clients should be aware of moving through 2009?

  17. Lori-Ann says:

    Steve – you are so right, research and knowledge are my best offense and defense. Thanks for your insight.

  18. Here are the top three (OK 4) things that insurers (and other companies) should be thinking about in 2009. The good news is that none of these recommendations cost very much.

    1. Social Networking is not going away – Most business recognize that social networking has been growing at unbelievable rates over the past several years. Wikipedia quotes Comscore to indicated that in June of 2008 Facebook attracted over 132 million unique visitors. What is not as well known, is that this experience is not just for the young. Increasingly all ages are adopting new social networking applications. Ning for example has over 600,000 individual social networks. These have been created by groups, clubs, churches and schools to effectively launch their own Facebook.

    2. Create a strategy – Figure out what you want to do. Do you want to simply promote your brand, inform people about your product, allow customers to transact business or sell new products? The answer to this question will determine whether social networks can even help you. Experiment and understand social networks first, and then you will be able to leverage them effectively.

    3. The watering hole – The metaphor goes both ways. Think of it either as the African watering hole, or your local pub. Its where the people or “prey” come together and find essential “nourishment”, but if you look like a predator, you will chase them all away. Businesses must be very careful not to frighten away the locals. We all know how it feels to have Jerry the insurance agent sit down at our table. So, don’t be like that. When businesses enter these environments, they must find creative ways to keep their authenticity, while communicating their message. Amazon has tried to do this with reviews, but when people sniff out the fact that some reviews are sponsored, they disappear.

    4. Go to where the people are – Some businesses are exploring the idea of creating their own social network or virtual environment. I recommend that while this might be an effective longer term strategy, a first step is to figure out how they might leverage existing networks. Some companies for instance use YouTube to distribute entertaining ads, hoping they’ll go viral for free distribution. Others are beginning to create groups on Facebook where consumers can join to get information and updates.

    Expect that these sites will continue to expand as virtual environments continue to develop, GPS continues to expand and mobile devices contain more sensing capabilities, such as weather, mood or task. It is not difficult to see how social networking becomes the center of virtually all communications and life sharing.

    I hope that gives you some ideas.

  19. Jerry says:

    If all of the statements are either factual, or personal opinion, how effectively can the organization “control the chatter”? The basis of the web, and social media, is the free flow of information. It may seem idyllic, but there is a fine line between monitoring the firm’s reputation vs. turning off the target audience…

  20. Jerry, I agree entirely. Firms must be very careful not to over control. They should recognize that they are seeing into a reality that was formerly invisible to them. Negative conversations about their firm, complaints, and irritations have been happening over lunch tables for centuries. The beautiful thing is that social networking now enables the firm to become an active part in these conversations. But, as you point out, they risk alienating customers that they wish to court.

  21. Melanie says:

    Thank you for the feedback – it definitely gives me some ideas and talking points to discuss with clients throughout 2009 and beyond who are considering their own social network or virtual environment. Learning where this responsiblity will reside within a company could be interesting as it would seem it could cross many areas and have significant overlap in ownership.

  22. Maureen O'Neil, Gartner Analyst says:

    Melanie, thanks for your thoughts and comments. Please consider how we might use this blog forum for your clients.

  23. Don says:

    Janet, Jerry and Steve
    While I agree that corporations need to be fully aware of the conversations that are happening in cyberspace, you have be careful to respond with facts and try to remove the emotion from the issue. You can’t win an emotional battle with a unhappy party but you can refute inaccuate information and reinforce your position.

  24. Lauren says:

    Maureen, I think marketers may not be able tap into the younger consumers without using alternative outlets such as social networks and so yes in a sense they would miss out on these consumers if they don’t at least explore social media on some level. That said, one of the reasons that user-generated marketing works is that people often don’t realize its marketing. However, Facebook and MySpace have already begun to complain that their sites are being overrun by corporate profiles and advertisements. Thus, by trying to trick these young consumers into this form of marketing, it may have the reverse effect. The users may feel duped and the whole purpose of the technique would subsequently be undermined.

  25. Maureen O'Neil, Gartner Analyst says:


    You bring up a critical point which is the proactive planning for this. Doing nothing, responding and all other options can be appropriate but will not ultimately effective without an over arching plan or strategy.

  26. […] Risk Management and Social Media: A Paradigm Shift If you mitigate the risk then it’s not about saying “no” to taking a risk; it’s about how to say “yes” – like the difference between saying "why" and "why not". (tags: socialmedia fintech banking banks finance) […]

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.