22 min read
Léa BOUTRON - Feb 23, 2023

Detecting Your Reputation Risks: Risk Matrices and Analysis for Social Media

How can you better detect and assess the risks that may threaten your organization and its members? Among all the potential risks, how do you position the risks related to your company's reputation? How, with the multiple messages and information posted on social networks, can you sort out the risky data from those that present a low threat? We will try to present the methods and tools that will help you in this challenge.


1. Risk Detection: An Evolution of Major and Emerging Risks

Risks are generally classified into six major categories. This is notably the approach of insurance and reinsurance companies which obviously base their activity on risk management and forecasting.

  • Natural and environmental hazards: landslides, cyclones, storms, earthquakes, avalanches, heat waves, forest fires, floods, and volcanic eruptions
  • Technological risks: directly and unequivocally linked to human activity, they include industrial, nuclear, biological, computer, and internet risks (cyber attacks, data theft, uncontrolled algorithms, etc.)
  • Economic risks: disruption of demographic balance (aging of the population), environmental degradation (inflation, unemployment), and overly powerful economic factors
  • Societal risks: migratory flows linked to conflicts and climate change, increasing social tensions, and deterioration of mental health
  • Regulatory risks: complex and restrictive regulatory environment, fines and sanctions, increased technicality for small organizations
  • Political risks: at national, European, and international levels. Government instability, local conflicts, protectionism, geopolitical and economic problems


Some are qualified as major risks with a low frequency and a high level of seriousness. Risk management tools are used to characterize risks according to the probability of occurrence and the severity of the impact if the event occurs.

But more and more, according to the events of the last four years, our organizations, companies, and environment have to face a systematization of risks such as climate risks, cyber risks, health risks, and even war risks. The levels of severity and frequency are sometimes profoundly altered. Thus, the planet has seen an increase in environmental and climatic risks and events in recent years. According to the World Meteorological Organization (WMO), the number of meteorological disasters has increased fivefold over the last 50 years. 

In relation to the economic organization (company, association, NGO, public institution), the risks can be categorized as follows:

  • Financial risks: market developments, currency risk, borrowing capacity, credit risk, and liquidity risk
  • Operational risks: supply chain malfunctions, equipment and material failures, energy costs, and IT risks
  • Strategic risks: market disruption, uberization, changes in customer demand and consumption patterns, competition, and regulatory changes
  • Legal risks: regulatory violations, non-compliance with rules (health, private data), lawsuits, and fines.
  • Environmental and social risks: natural disasters, climate change, social and political unrest
  • Reputational risks: negative publicity, image damage, and customer dissatisfaction, resulting from the failure to manage other risks or from the actions of stakeholders


2. Brand Reputation Risk

Reputation risk is a risk that stands apart. Relatively recent in comparison to other risks, it has increased significantly since the advent of Web 2.0 or the social web, which encourages visibility and potentially strong dissemination of the words of any stakeholder. Thus, if the problems of bad reputation are old, the use of social media channels as axes of reputation dissemination has developed the risks of a digital reputation for some organizations.


How to Classify Reputation Risk?

This is, in fact, a complex question. Obviously anthropogenic in nature, this risk is considered by some specialists and practitioners to be the starting point for many other risks, particularly economic ones.

Some risk managers consider reputation risk as a transversal axis, making it possible to correct everything else (i.e. the impact of other risks), rather than as a risk in itself.

Reputational risk is indeed transversal because its origin and potential impacts are multiple. The origin can be linked to health risks, managerial shortcomings, organizational problems, customer risks, and governance. The impacts can be on finances (sales, borrowing capacity), the brand image, people (resignation), human resources, or customer base. Loss of revenue and loss of customers are seen as the main problems that organizations face as a result of reputational damage because it directly affects the survival of the company.

Impacts of a reputation crisis

The impact of reputation damage as seen by risk, marketing, and communication professionals

That said, reputation risk can be defined as follows: reputation risk describes the risks related to the image of an organization or a company. They have consequences in terms of financial risks (i.e. loss of turnover, customer base, decrease in sales, loss of markets, loss of stock market valuation, etc.). They are generally the consequence of poor management of other risks or issues, such as:

  • health risks
  • social risks
  • environmental risks
  • ethical risks
  • product risks 


Reputation Risk within Other Risks

In order to visualize reputation risk within other risks and their possible interconnections, let us look at this mapping. The risks that constitute reputational risk can be the consequence of poor management of operational, health, or regulatory risks. For example, food companies in the dairy or frozen food sector have suffered months or even years of negative reputations after the health crisis linked to the infection of their production chain. Let's also remember that governance risks can have a strong impact on the reputation of the organization, as was the case for Uber or, more recently, for Twitter Inc.

typology of major risks - related to brand reputation

Typology of major risks. Source: Digimind



3. Risk Detection and Management: Matrices and Tools

Let's imagine that you are now experiencing a major reputational crisis: information is circulating on social networks falsely questioning the hygiene of your food production chain. Hundreds of pages of fake news criticizing your company and its managers, inventing negative facts, are produced and published on blogs and then relayed by a core of activists on social media, particularly virulent and organized.

As in any crisis, ideally, one should have prepared beforehand for the possibility of such a crisis. To do so, beforehand and in parallel to the tools for monitoring conversations and messages on social media (monitoring and social media listening), a certain number of tools and methods can be useful.

The proposed tools and analysis keys aim at preparing risk management and detection with diffusion and propagation on the different dimensions of the social web: social networks, social media, blogs, news, and online press, consumer opinions, activist sites and petitions, NGOs, etc...


Risk Matrix

risk hierarchy matrix

The risk hierarchy matrix


Using, for example, the mapping of major risks presented earlier, list all the risks that could potentially affect your organization.

It is therefore advisable, as a group, to multiply the points of view and expertise by listing your main operational, economic, market, regulatory, customer, health, financial, and technological risks.

For each risk, the risk hierarchy matrix should assign a degree of probability (from very likely to unlikely) and severity (from very serious to low).

For instance: Operational risks > Lack of truck drivers with C1 license > Probable x Severe.


risk types

Risk types


Your risk assessment team, whether or not it is led by a risk manager, must include members of every department concerned: Co-Director, HR, Finance, Production, Supply Chain, Marketing, Sales, R&D, Legal and Regulatory, Quality, Safety, etc. They must be consulted for these preliminary assessments, even if the day-to-day risk management is ultimately handled by another function.


operationnal risk matrix

Operational risks matrix


📌 This risk matrix is one of the elements to build your monitoring and social media listening dedicated to risks: each type of risk must be subject to informational monitoring and categorization of the information and data collected, in order to be alerted to new risk factors, their evolutions, and trends. Examples: new regulations, a new type of bacteria, the tension on the production of raw materials, on a type of business, proven cases in organizations, etc.


Stakeholder Matrix and Origins

In order to detect and evaluate as accurately as possible the reputation risks propagated on the social web, it is necessary to analyze the types of origins and potential stakeholders.

📌 Just like the risk hierarchy matrix (I), these two upstream analysis tools allow you to prepare your monitoring and social listening for "risk detection".

What Are the Stakeholders in Your Reputation? 

Stakeholders include all individuals, media, and organizations that can potentially take part in the construction of your reputation via their messages and actions on social networks and the web, whether or not these are an extension of actions in reality. They will contribute to the reputation of your brands via positive or negative messages. The types of stakeholders can be very numerous depending on your size, your market (B2B, B2C), the nature of your products (high tech, pharma), and your global reputation.
In order to list all these stakeholders as exhaustively as possible, you must first ask yourself the question of the possible origins of the reputational risks. These stakeholders may be external, they know you by name, intermediaries, they know your products or services, or internal, they know you from the inside.

The Potential Origins of Reputation Risks

The origins of reputation risks can be of 4 main types:

1. Internal to your organization: Humans

  • Poor communication
  • Misconduct or behavior of an employee, manager, director, or shareholder
  • Services and products abused in public
  • Unethical, racist, sexist, or discriminatory conduct
  • Criticism of unions

2. Internal to your organization: Environment

  • Firing
  • Lawsuits, legal action, or complaints
  • Bad working conditions
  • Working conditions contrary to the law
  • Non-compliance with regulations (pollution, hygiene, production standards, safety, working hours, etc.)
  • Misuse or illegal use of personal data
  • Data theft or hacking
  • Poor quality of products and services
  • Poor customer relations, after-sales service, or delivery
  • Inappropriate or clumsy communication
  • Misleading marketing and advertising 


3. External to your organization: Customers and partners
  • Testimonials of negative experiences
  • Critical posts
  • Bad ratings or customer reviews
  • Complaints or petitions
  • Dissatisfaction from suppliers, subcontractors, or partners

4. External to your organization: All others
  • Criticism from the media, press, and journalists
  • Criticism from political, social, protest, and consumer organizations
  • Criticism from celebrities and opinion leaders
  • Reputation attacks: conspiracy theorists, disinformers, or lobbyists

Stakeholder Weighting

It is now time to make detailed lists of all known and potential stakeholders, both internal and external to your organization. You will need to fill in as many stakeholder categories as possible.
 stakeholder categories for risk detection
Stakeholder category
Once mapped, it is necessary to weigh the importance of these stakeholders according to certain criteria such as potential impact (strong, medium, weak / one-off, sustainable). To do this, it is ideally necessary to study the previous actions of these stakeholders (for the most important ones) or to imagine them in order to refine the weighting score and, in the long run, to write response or reaction scenarios.
stakeholder qualification
Stakeholder qualification

📌 These stakeholders represent, after the types of risks, the second component of your monitoring and social listening "risk detection."


The Typology of Reputational Risks

In order to better prepare the detection criteria upstream and then the type of response adapted, it is also advisable, ideally, to qualify the nature of the messages or disinformation processes. This typology will help you prioritize your reputation themes, select your sources, and also your keywords/expressions to monitor. 

This typology also allows you to monitor the types of risks and their evolution: phishing, ransomware, deep fake, etc.


typology of risk reputation

 Typology of e-reputation risks


Again, these elements should be weighted according to the probability of occurrence and the potential severity of the event.



4. The Pattern of Propagation of Damage to the e-Reputation

The information damaging the reputation of the organization will spread more or less quickly on social networks and on the web in general. If it is difficult to predict exactly the speed and volume of propagation of messages, certain principles (and not immutable rules) are generally observed in terms of factors favoring or not a significant propagation in volume and time.


How to Classify Reputation Risk?

The Subject's Nature

Some subjects are more likely to be a risk factor for reputation, especially because of their emotional nature.

  • Ethics: everything related to ethics and more globally to the values of governance and civic commitment of an organization (e.g.: the rigged engines of the Volkswagen DieselGate crisis)
  • Climate and environment: as violations of principles related to sustainable development, climate, pollution, production
  • Human
    • Human-related issues such as health (Levothyrox crisis) or human dignity
    • Questions related to sexism, themes related to racism, gender
    • Religion and discrimination related to religious practices
    • Real or perceived disrespect or injustice as inequalities in the treatment of clients, users, between people in power and ordinary citizens
  • Social and political dimensions: sensitive current events (social or political). For example, energy prices, purchasing power, layoffs, pensions, or inflation, among others.


The Time Period

This criterion is double-edged: in some cases, vacation periods act as propagation neutralizers, due to the fact that the public and media are less present. But beware, on the other hand, the rarer news during vacation periods can make certain subjects more visible that would have gone unnoticed in normal times. Weekends and Friday evenings can be sensitive periods since some professionals are on holiday, "letting" the buzz spread due to a lack of follow-up or availability of decision-makers, and due to the increased availability of consumers on weekend vacations.


The Company’s History and Reputation

If the brand regularly undergoes crises or bad buzz, it is probably put "under surveillance" by certain media and Internet users. The slightest deviation on its part will be scrutinized and potentially brought to light more quickly than other companies.


Media Propagation

Media assets like photos, infographics, comics, and videos accentuate virality because of their ease of viewing and their contribution to the understanding and popularization of an event, and to the emotional reaction.


The Brand or Organization’s Status

The missteps of a mainstream brand are more likely to be picked up by the media than those of a lesser-known brand. However, this must be qualified: for the last 4 years, B2B brands or small B2C brands, thanks to testimonies published on social networks, have witnessed bad buzz develop against them.


Media Treatment

Some bad buzz, after which becomes crises, only develop when the general public media pick up on them, subjecting the brand to unwanted popularization and visibility.


chart of the propagation of a crisis on social networks and media

  Chart of the propagation of a crisis on social networks and the media


The Sender or the Amplifier

If the initiator of the crisis (or buzz) benefits from a large audience (several tens of thousands of subscribers), or if a celebrity or macro-influencer shares or even popularizes the elements of the crisis (via visuals or a comic strip, for example), the propagation should be stronger and faster.


The Organization’s First Responses

Certain types of responses from organizations affected by a bad buzz can have an amplifying effect on a crisis that has already begun: the use of lawyers (attorneys, legal department) to attack the person complaining, the absence of an apology, aggressiveness, silence or the blaming of "victims" (as in the case of United Airlines). 


If you are in the business of being a first responder to a brand crisis, you should consider equipping yourself with a social listening tool to anticipate threats and build agility in the face of uncertainty.

brand reputation green cta


Written by Léa BOUTRON

Léa is a French native with a double technological and managerial background who, in addition to being passionate about new technologies, loves working in an international environment. That's why, after professional experiences in the Netherlands or Spain, she joined Digimind Singapore to work on the APAC market.