Misfortune 500

Each year, America’s Fortune 500 companies and their shareholders congregate to review last year’s performance and make decisions that position the business for future prosperity and growth.

These gatherings, Q1 often referred to as annual general meetings (AGMs), are hosted by some of our country’s wealthiest and most senior executives. In the United States, AGMs are required by law and often involve a public announcement in advance of the event to encourage an open forum. The opportunity for shareholders to engage those high-profile professionals so directly is a rare one. This exposure can also place companies in the crosshairs for physical, cyber, or reputation threats. 

In 2013, for example, at least 32 of the Fortune 500 companies identified by Forbes experienced a protest at the location of their meeting. In one case, a Pennsylvania financial firm’s CEO made the decision to shut down his meeting after only 15 minutes due to constant disruption in the crowd. Another bank moved its shareholder meeting to a more remote location after experiencing a disruption the previous year, yet several attendees still made the trip, this time calling for a “citizen’s arrest” of the CEO during the 2013 meeting. In addition to the public safety concerns associated with a demonstration, an incident of this kind can cause significant reputational damage and, subsequently, a lasting economic impact on an organization.

Other companies have been the subject of online campaigns that encourage people to boycott their products or services, deface their websites, or flood company phone lines with complaints during their AGMs.

So how can corporate security departments reduce their risk of becoming victims of these kinds of incidents in the future, or mitigate their impact if they are unavoidable?

Predictive analytics Q2 tools can be expensive, and typically require a large set of data to become statistically accurate. Focused social media monitoring, however, may prove to be an effective means of triggering advanced warning, and enable executives and their security teams to get ahead of these issues. Amongst the Fortune 500 companies that experienced a protest, there was an observable social media component in every single case (100%). In other words, people were discussing these companies and in some cases, their plans to target them, online 12 days in advance on average, and in one company’s experience, up to 29 days in advance.

Facebook is a particularly rich forum for anti-corporate dialogue. In our 2013 sample of publicly-available messages from Facebook, Twitter, and Tumblr discussing the 32 Fortune 500 companies with protests, Facebook accounted for almost 79% of the activity. This could be due to the fact that Facebook is already a familiar platform and is well-suited for longer posts, discussion threads that lend themselves to developing a content environment that like-minded members can revisit.

With respect to AGM demonstrations, Q3 Twitter tends to be more commonly used to link back to Facebook group pages, blogs, and paste sites with more information leading up to the event, or on the day of the event to provide live updates and pictures. For example one of protestors in Pennsylvania tweeted “Whoa, we actually did it”, after a financial firm ultimately shut down its annual meeting, which was then retweeted repeatedly throughout the day. Twitter’s hashtags are also a useful tool for so-called ‘armchair activists’ who follow on-site activity of demonstrators, cheer them on, and relay campaign slogans from the comforts of their home. 

While monitoring popular social media platforms like Facebook and Twitter for certain keywords is an important component to maintaining security at an annual general meeting, a more holistic corporate security analysis program will incorporate a broader set of sources, and employ in-house or contracted analysts capable of interpreting collected data on a routine basis. This allows companies to understand what normal social media activity looks like, and more easily identify escalation of discourse that could indicate more trouble ahead. Physical, cyber, and reputation threats are not isolated to annual meetings. They can surface for a number of reasons, such as (but certainly not limited to):

• Imprudent leadership or employee behavior
• Product deficiencies
• Potentially discriminatory policies
• Controversial environmental or labor policies
• Products that are marketed to, sold, or used in conflict areas
• Hosting or sponsorship of high-profile or political events and candidates
• Job layoffs
• Loss of local business due to facility closure
• Individually-based human resources issues

An intelligence-led security program involves regular evaluation of corporate assets, the evolving threat environment, and employee training on preventative security measures in order to shift the security advantage back towards the business in order to ensure safety, prosperity, and growth.


This white paper is an excerpt from BAE Systems 2014 study on Corporate Risk Reduction through Social Media Analytics. Our Corporate Security Analysis methodology frames the social media environment around physical or cyber threats, and risks to reputation. BAE Systems provides analysts capable of navigating multiple layers of the web including social media, but also deep web forums, discussion boards, and file sharing spaces to identify activity of interest and potential impact to business operations.

Our team also specializes in capturing social media convergence with terrorism threats, public safety and infrastructure concerns during special events, whether they are as global as the winter games, or as local as an annual board meeting. This service is ideal for those directly involved with hosting or managing logistics of an event, as well as organizations concerned about the safety of personnel attending, or sponsors concerned about brand attacks. BAE Systems can enhance situational awareness throughout an event with finished reporting that is easily digestible.

Our staff uses publicly-accessible data sources to passively monitor for, or investigate security threats. Analysts apply several layers of anonymity when conducting sensitive projects to protect the company and its clients interests.

Intelligence & Security Team