Jump to content

Wikimedia Foundation Annual Plan/2017-2018/Final/Appendix

From Meta, a Wikimedia project coordination wiki

The Wikimedia Foundation Risks

As part of our annual plan, we identify some of the potential risks that could threaten the Wikimedia Foundation’s mission to empower people to share and contribute to the sum of free knowledge. These potential risks cover a broad spectrum, including technological, fundraising, community, legal, personnel, public relations, and other challenges. The risks below are organized by the cause of the risk – please note that the impacts of and solutions to the risks may involve different parts of the organization. The risks are summarized below for consideration to facilitate effective decision-making within reasonable and thoughtful parameters.

Some mitigation strategies are set out below as well, but such strategies can never eliminate all risks. Among other things, this is due to the nature of the Wikimedia culture, movement, and mission as well as resource constraints. That said, we must ensure reasonable assessment of risks to reduce risk where possible and support effective, comprehensive, and strategic planning.


As an organization based around online communities, many of the Foundation’s basic risks relate to the quality, operation, and resilience of the products and technology that it supports.

Risk: A bad actor attacks Foundation systems or attempts to access private data.

There is risk that a bad actor – whether acting alone, in concert with others, or on behalf of a government – may attack the Wikimedia sites or users’ privacy.

Mitigation strategies:

  • Review and act on security best practices.
  • Minimize the retention of personal data.

Risk: Failure of technology infrastructure disrupts Foundation operations.

In the past, the Foundation has suffered short website outages, although this risk has been reduced in recent years.

Mitigation strategies:

  • Continue analysis of technology infrastructure to determine bandwidth usage and prevent overloads.

Legal & Political

As an organization structured around a community-centric model, the Foundation operates in areas of law that are new and constantly evolving. Moreover, as an international organization that tries to cater to the needs of readers and editors in every nation in the world, we are at the forefront of developing international law, and these areas can create risks for us.

Risk: Changes to safe harbor immunity laws expose the Foundation to new, extensive liability, costs, and technology burdens.

Immunity laws – known as safe harbor statutes – now protect the Foundation from being sued for content uploaded by users. Changes in those statutes could open us up to lawsuits or require costly technical measures to monitor and remove content.

Mitigation strategies:

  • As part of our ongoing public policy strategy in partnership with the Wikimedia communities, engage in education to inform the public and lawmakers about the importance of safe harbor laws while opposing any threatening proposals.
  • Ally with like-minded organizations to persuade lawmakers to pass strong safe harbor protections for hosting companies like the Foundation.
  • Engage in strategic advocacy litigation to improve the laws affecting the Foundation.


The Foundation operates only as well as the people who work for it. The diversity of expertise, perspectives, and experiences across the organization are what allow us all to serve the free knowledge movement effectively.

Risk: The transitions and interim nature of senior staff leads to slowdown or disruption of operations.

Mitigation strategies:

  • Ensure that multiple team members are knowledgeable about necessary workflows.
  • Encourage C-levels and the Executive Director to engage in succession planning.
  • Prepare effective transition materials so that any personnel changes will not interrupt ongoing workflows.
  • Continue developing cross-departmental workflows to better enable shared institutional experience and functioning projects through any staff transitions.

Risk: The Foundation fails to accomplish a critical task because only one unavailable or departing staff member has the necessary expertise.

Mitigation strategies:

  • With the guidance of Talent & Culture, C-levels identify critical roles and encourage development of redundancy, documentation of work and processes, succession planning, and talent management to ensure that substitutes are available.
  • Continue developing cross-departmental workflows to better enable shared institutional experience and functioning projects through any staff transitions.

Risk: A natural disaster, such as an earthquake, harms staff and disrupts Foundation operations.

Mitigation strategies:

  • Provide safety training to new and current staff.
  • Continue support and development of emergency remote working tools and processes for all staff.


The communities who work on the projects form the core of the Wikimedia movement, and our work is ultimately designed to support and enable them to collect knowledge from all over the world.

Risk: User harassment and other negative interpersonal user interactions lead to the loss of high quality contributors and increased difficulty recruiting new users to the projects, especially from populations that are underrepresented on the projects.

Mitigation strategies:

  • Implement cross-organization healthy community engagement strategy.
  • Work with the Support and Safety team to improve safe space and code of conduct policies and other techniques to make the Wikimedia projects safe places for a diverse user community.
  • Collaborate with other companies, such as Jigsaw, to help improve anti-harassment efforts.
  • Improve tools to detect harassing user behavior and flag it to administrators.
  • Implement technical spaces code of conduct policy.

Risk: The Wikimedia global movement does not improve in cultural, geographic, or demographic diversity, leading to less relevant and lower-quality content for a global audience.

Mitigation strategies:

  • Engage in movement strategy process to determine best approach going forward.
  • Invest in and implement diverse technologies, research, communications, and delivery strategies that (a) raise awareness of the Wikimedia projects, (b) help us in identifying and building new audiences, and (c) improve the ability of users worldwide to access the projects.
  • Promote diversity in internal processes, such as product strategy and user interface design.
  • Pursue hiring practices to ensure that new tools and policies are developed accounting for a broad range of experiences and perspectives.
  • Promote community initiatives related to diversity and emerging regions through monetary, communications, programmatic, and evaluation resources.
  • Support programs to increase participation from diverse volunteers, such as recognition and mentorship, and protection from harassment.
  • Provide public support and strong stances on contentious issues like the gender gap.

Risk: Part of our communities take a position that is problematic or out-of-step with public sentiment, resulting in damage to brand and reputation.

Mitigation strategies:

  • Increase proactive awareness to better anticipate major community policy or bureaucratic decisions.
  • Increase transparency and communications between the Foundation, the communities, and the public.
  • Develop strategic messaging with unified narrative, reframing as needed, and with an emphasis on facts and the way forward.

Risk: Community leadership does not develop effectively, damaging community participation, governance, and responsiveness.

Mitigation strategies:

  • With a greater focus through our Community Engagement department, create spaces and support for innovation, training, and mentorship for existing and new community leadership.
  • Support diversification in candidates for the Board of Directors and community governance bodies.
  • Improve tools for community administration and management on the projects.
  • Increase capacity development for the communities to help develop new leaders within the movement.


Significant changes to the markets we operate in or to the competition we face may substantially impact our ability to fulfill our mission of empowering and engaging people around the world to collect and disseminate free knowledge.

Risk: A competitor provides a better reader experience for Wikimedia content, diminishing our ability to attract readers, editors, and donors.

Mitigation strategies:

  • Understand impact of internet traffic patterns on readership, edits, and revenue.
  • Streamline reader engagement features and upgrade editing experiences to meet user needs.
  • Improve presentation and searchability of content.
  • Develop a strong partnership program to seek cooperative, working relationships.
  • Maintain strong relationships with past donors.

Public Relations

When the public doesn’t understand what we’re doing, or misunderstands it, it can lead to loss of support and harm to the Foundation’s reputation.

Risk: The Foundation Board or C-level management does not communicate effectively, leading to reputational and brand loss, as well as staff and public relations concerns.

Because the Foundation and the Wikimedia movement are committed to transparency and broad participation in decision-making, missteps from the Foundation Board or management can lead to new or continued anger or loss of trust and disrupt operations with serious staff and public relations consequences.

Mitigation strategies:

  • Improve board recruiting and onboarding policies to increase knowledge and understanding of board member duties.
  • Establish regular, well-known lines of communication for those interested in participating in Foundation decision-making, like feedback on the annual plan process.
  • Involve stakeholders early to provide input and help craft key policies or products affecting staff or communities.
  • Provide additional staff support for major Foundation releases.
  • Establish ties between the Board and Community Engagement to facilitate transparency with communities, such as through providing individual training to board members.