In the age of social media proliferation, organizations are often exposed to significant cyber and reputational risks. Common social media strategies include maintaining a Facebook page or Twitter feed, or monitoring blog conversations.

Research conducted by the World Economic Forum (amongst others) indicate that trust in government, corporations, and traditional media has declined—fostering an environment in which social media can be perceived as a reliable source of information.

"Social media is extremely varied, and every situation is different—whether driven by data breaches, product recalls, whistleblowers or workplace violence," noted Simon Barker, Reputational Risk & Crisis Management, Marsh Risk Consulting. "Social media can be the 'canary in the mine' in warning firms of unidentified issues, but once it’s in the public domain, anyone can be listening.”

Managing the impacts of social media really comes down to having the right overall crisis management practices in place, including communications and social media policies which define what employees are permitted to say and whether they can speak on behalf of the company, according to Barker.

Others question for risk managers to consider include:

• Is social media incorporated into the detection, reporting, and escalation criteria in your crisis management plan?
• Are you already monitoring social media? If so, what is being done with the information?
• What do you know about your company’s social media profile and strategy? What are the capabilities of your communications team during a crisis, including in social media?
• Is reputational risk incorporated into ERM or other internal risk dashboards?
• Have you validated your response capability? Do your crisis management exercises incorporate social media risks/drivers?

Barker added, “The key is to acknowledge the role that social media can play and factor it into the overall crisis management approach. Social media exacerbates risks, but it can also be a useful tool to engage directly with stakeholders, as well as identify emerging risks through effective monitoring.”