Skip to content

Social Media Cyberbullying: What UK Businesses Must Know

Updated on:
Updated by: Ciaran Connolly
Reviewed byAsmaa Alhashimy

Cyberbullying is no longer just a concern for parents and schools. Businesses running active social media communities now face a related and growing set of risks: targeted harassment campaigns, abusive comment threads, and coordinated pile-ons that can damage staff wellbeing, erode brand trust, and, since the UK Online Safety Act 2023 came into force, create genuine legal exposure.

This article covers the scale of cyberbullying across social media platforms, the specific obligations the Online Safety Act places on businesses that operate online services, and the practical steps organisations can take to protect both their people and their reputation.

What Cyberbullying Actually Means in 2026

The term covers a range of behaviours that share a common thread: repeated, harmful conduct carried out through digital channels. For individuals, this means harassment, threats, doxing, and identity-based abuse. For businesses and their social media managers, the manifestations look different but cause real harm nonetheless.

Harassment is the most common form. On social media, it includes sustained abusive comments, coordinated tagging designed to flood notifications, and direct-message campaigns targeting employees by name. Social media managers in consumer-facing businesses are frequently on the receiving end.

Spreading false information about a brand, product, or individual employee is a digital equivalent of rumour-spreading, and on social media, false claims can circulate well beyond the original post before a correction gains any traction. This creates both reputational damage and, where the information is demonstrably false, potential defamation liability.

Doxing refers to the publication of someone’s private information without consent, including home addresses, personal phone numbers, or photographs. When a business employee becomes the target of a coordinated campaign, doxing can escalate quickly from online abuse to physical safety risk.

Cyberstalking involves monitoring someone’s online activity, tracking their location check-ins, or joining communities they participate in to sustain contact they have not consented to. For a business, this most often manifests as persistent, unwanted contact with staff via professional profiles.

Identity-based abuse targets individuals on the grounds of ethnicity, gender, sexual orientation, disability, or religion. For businesses running community platforms, allowing this content to persist without intervention is now a compliance issue under the Online Safety Act, not just an ethical one.

Cyberbullying Statistics by Platform

The scale of the problem across individual platforms gives context to why businesses need to treat this seriously in their social media strategy. The following figures are drawn from published research by the Cyberbullying Research Center, Ofcom, and platform-specific studies.

PlatformReported Bullying/Harassment RatePrimary Affected Group
Instagram42% of victims cite Instagram as primary platformYoung people aged 13–24
TikTok64% of users report experiencing bullying at least onceYoung adults
YouTube79% of young users report some form of online bullyingChildren and teenagers
Gaming platforms90% of online gamers report hate speech or racist abuseMixed age range
Text/DM channels11% of online harassment occurs via private messagingAll age groups

For businesses, these figures matter for two reasons. First, if your brand operates on these platforms, the communities you build or moderate are subject to the same dynamics. Second, if your staff manage these accounts professionally, they are regularly exposed to this content as part of their working day.

Research from the Cyberbullying Research Center consistently shows that girls are disproportionately affected, with female users significantly more likely to report experiencing harassment than male users. The same body of research indicates that witnesses to bullying rarely intervene when acting alone, but are more likely to act when they believe others will support them.

Why the Online Safety Act 2023 Changes the Equation for Businesses

The Online Safety Act 2023 is the most significant piece of UK legislation affecting online content in a generation. It came into force in stages from 2024 onwards and places explicit duties on organisations that run services where users can interact with each other or post content publicly.

If your business operates a comments section, a community forum, a branded Facebook Group, or any platform where users can communicate, you are likely within scope. Ofcom is the regulator responsible for enforcement and has published codes of practice detailing what compliance looks like in practice.

The Act’s core duty is a duty of care. Businesses operating in-scope services must assess the risk of illegal content (including harassment and threatening communications), implement proportionate measures to address it, and keep records of that risk assessment.

For smaller businesses, the obligations are scaled: the Act distinguishes between Category 1 services (the largest platforms, subject to the most extensive duties) and smaller services, for which a safety risk assessment and appropriate moderation practices are the primary requirements.

The practical implications for an SME running an active social media presence include:

  • Maintaining community guidelines that specifically reference harassment and abusive conduct
  • Having a clear process for reporting abusive content and a response protocol for actioning reports
  • Training staff who manage community channels on what constitutes reportable content
  • Documenting moderation decisions where content is removed or accounts are blocked

For organisations working with children or young people, including schools, sports clubs, charities, and youth services, the Act’s child safety duties are more extensive. These include mandatory age-appropriate design considerations and enhanced risk assessments for any content children are likely to encounter.

ProfileTree’s digital training programmes include sessions on social media compliance and community management for teams working in regulated or safeguarding-sensitive sectors. Businesses that have not yet reviewed their social media governance against the Act’s requirements would benefit from a structured audit of current practices.

The Workforce Cost: Social Media Managers and Vicarious Exposure

One of the underreported dimensions of cyberbullying risk for businesses is its impact on the staff who manage social media professionally.

A social media manager or community manager working on a consumer brand account may spend hours each day reviewing flagged content, responding to abuse, and making decisions about removal or escalation. Over time, sustained exposure to this content carries a genuine mental health cost.

Research into content moderation work consistently identifies elevated rates of anxiety, secondary traumatic stress, and burnout among those whose job involves regular exposure to abusive, violent, or distressing content. For businesses, this creates a direct HR risk: staff who leave roles because of sustained exposure to online abuse represent a significant recruitment and onboarding cost, and their departure often removes institutional knowledge that takes months to rebuild.

The UK Health and Safety at Work Act 1974 places a duty on employers to ensure, so far as is reasonably practicable, the health of their employees. Mental health is explicitly included within that duty following the Health and Safety Executive’s updated guidance on work-related stress. An employer who is aware that social media management roles carry exposure to abusive content and takes no steps to mitigate that risk is on weak ground if a staff member makes a complaint or claim.

Practical mitigations include shift rotation for teams managing high-volume community accounts, a clear escalation pathway that removes junior staff from the frontline when abuse is severe or sustained, access to an employee assistance programme, and regular one-to-ones that explicitly acknowledge the nature of the work.

“Businesses that treat community management as a low-priority admin task are taking a risk they often don’t see until someone hands in their notice,” says Ciaran Connolly, founder of ProfileTree. “The people managing your social media channels are representing your brand every day while absorbing significant volumes of difficult content. Getting the governance and support structures right is both an ethical responsibility and a commercial one.”

What a Business Response to Cyberbullying Actually Looks Like

There is no single correct response to abusive conduct on social media. The appropriate action depends on the nature and severity of the conduct, the platform, the business’s relationship with the affected party, and whether legal thresholds have been crossed.

The following framework gives a starting point for categorising incidents and calibrating responses.

Type of ConductAppropriate Response
Negative review or critical commentRespond professionally; do not remove unless it breaches platform terms
Abusive personal comment about a staff memberRemove; block if repeated; document for escalation
Coordinated pile-on or brigading campaignRestrict comments temporarily; report to platform; legal review if sustained
False factual claims about the businessRespond with accurate information; seek legal advice if defamatory
Doxing of staff or threats of physical harmReport to police immediately; contact platform trust and safety team; do not engage publicly
Identity-based hate speechRemove; report to platform; document; consider public statement if visible and sustained

Businesses should build this kind of response matrix into their community management documentation before an incident occurs. Deciding how to handle a coordinated harassment campaign in real time, without a prior escalation pathway, leads to inconsistent responses and increases the chance of either overreacting or failing to protect staff adequately.

Building a Social Media Policy That Covers These Risks

A social media policy is the foundational document for managing these risks. At minimum, it should cover:

  • The business’s standards for community conduct (publicly, in the form of community guidelines)
  • The internal process for reviewing and actioning reports of abusive content
  • The escalation pathway: who handles routine moderation, who makes decisions on removal, and who contacts legal or law enforcement when required
  • The support available to staff in community management roles
  • The business’s approach to staff use of personal social media in connection with their work role

For organisations working in sectors where the Online Safety Act’s child safety duties apply, the policy should also reference age-appropriate design principles and the specific risk assessment process for child-facing content.

ProfileTree’s social media marketing service includes governance and policy development as part of strategic social media management for SMEs across Northern Ireland, Ireland, and the UK. Building a community management framework from scratch alongside a channel strategy is significantly more efficient than retrofitting governance onto an established presence after an incident has occurred.

The Reputational Dimension: When Cyberbullying Targets Your Brand

Businesses are increasingly the targets of coordinated online abuse, not just bystanders managing it in their communities. A disgruntled former employee, a competitor acting in bad faith, or a viral post taken out of context can trigger a wave of abusive or false content directed at the brand.

The reputational impact of a sustained negative campaign is measurable. Search results for a brand name that return negative content prominently can suppress click-through rates on branded search queries, reduce trust signals for new customers conducting due diligence, and undermine conversion rates on service pages.

This is where SEO and content strategy intersect directly with reputation management. A brand with a strong, established content presence, authoritative pages across its core topics, and active review management is more resilient to a negative campaign than one whose digital footprint is thin or inconsistent. Filling your brand’s search results with credible, useful content is one of the most durable defences against reputational damage from external attack.

For a broader understanding of related risks, ProfileTree’s analysis of social media hate speech statistics covers the scale of identity-based abuse across platforms and its specific implications for brand communities.

Platform-Specific Considerations

Different platforms carry different risk profiles and different tools for managing abusive conduct.

Instagram accounts for the highest volume of reported cyberbullying among young people. For businesses running branded accounts, Instagram’s Hidden Words feature allows automatic filtering of comments containing specified terms before they appear publicly. Meta’s Supervision tools are relevant for businesses operating channels likely to reach under-18 audiences.

TikTok’s comment filtering and restricted mode settings allow businesses to moderate who can interact with content. The platform’s Community Guidelines are enforceable through report mechanisms, though response times vary.

YouTube provides community contribution settings and comment approval workflows. For businesses running a YouTube channel as part of their video marketing strategy, enabling comment moderation before publication is a practical baseline for high-traffic content.

LinkedIn carries lower rates of the most severe cyberbullying but is increasingly a vector for professional harassment and coordinated negative reviews of businesses. B2B brands should not assume LinkedIn is exempt from these risks.

For teams managing YouTube channels as part of a broader video marketing strategy, the platform’s moderation tools require active configuration. ProfileTree’s video production and YouTube marketing service includes guidance on community management settings as part of channel setup.

Awareness, Education, and What Individuals Can Do

Beyond business-level governance, individual awareness remains the most practical first line of defence. Key steps for anyone managing or active on social platforms:

Privacy settings on personal and professional accounts limit the surface area available to potential abusers. Keeping personal information off public profiles and restricting who can send direct messages reduces unsolicited contact.

Reporting mechanisms on all major platforms allow users to flag abusive content for review. Reporting is more likely to result in action when accompanied by documentation: screenshots with timestamps are more useful than verbal descriptions to both platforms and, where necessary, law enforcement.

Legal routes are more accessible than many businesses realise. The Malicious Communications Act 1988 and the Communications Act 2003 both apply to online harassment in the UK. The Online Safety Act strengthens the legal position further by placing obligations on platforms to remove illegal content promptly. Where harassment is sustained and identifiable, civil proceedings for defamation or harassment are a realistic option for businesses with documented evidence.

Supporting affected staff matters. If an employee reports being targeted because of their role at your business, the response should be immediate, practical, and empathetic. This means removing the person from frontline community management while the situation is active, documenting the incidents, and seeking legal advice if the conduct meets criminal thresholds.

For teams working with young people, online safety education is a key part of responsible digital practice. ProfileTree’s digital training programmes cover online safety awareness for organisations in education, sport, and community sectors.

If your business needs help building a social media governance framework, training your team on community management, or developing a content strategy that accounts for reputational risk, get in touch with ProfileTree. The team works with SMEs across Northern Ireland, Ireland, and the UK.

Frequently Asked Questions

What is cyberbullying on social media?

Cyberbullying on social media refers to repeated, harmful behaviour carried out through digital platforms, including harassment, false information campaigns, doxing, identity-based abuse, and coordinated pile-ons. It differs from a single negative comment in that it involves sustained conduct intended to cause distress. For businesses, cyberbullying can target both the brand itself and individual employees, particularly those in public-facing community management roles.

Does the UK Online Safety Act 2023 apply to my business?

The Online Safety Act applies to businesses that operate services where users can interact with each other or post content visible to others. This includes comment sections, online forums, branded community groups, and user-generated review features. Ofcom is the regulator and has published guidance for in-scope services. Most businesses that run active social media communities or own a platform with user interaction features will have some obligations under the Act. The extent of those obligations scales with the size and nature of the service.

Is cyberbullying a workplace health and safety issue?

Yes. Under the Health and Safety at Work Act 1974 and associated regulations, employers have a duty to protect the mental health of their workforce. The Health and Safety Executive explicitly includes work-related stress and psychological harm within this duty. For employees whose work involves regular exposure to abusive online content, such as social media managers and community moderators, the risks are well-documented. An employer who is aware of these risks and takes no action is exposed to both civil and regulatory liability.

Can a business take legal action against cyberbullying?

Yes, in a range of circumstances. Where abusive content is demonstrably false and damaging to reputation, defamation law applies. Where conduct involves sustained harassment, the Protection from Harassment Act 1997 provides a civil remedy. Criminal routes exist under the Malicious Communications Act 1988 and the Communications Act 2003. The Online Safety Act strengthens the obligation on platforms to remove illegal content promptly. Legal advice should be sought at an early stage where harassment is sustained or escalating, as documentation gathered in the early stages is critical.

How should a business respond to a coordinated negative campaign on social media?

The first priority is documenting everything: screenshots, timestamps, account identifiers. Do not delete the content before it is documented. Assess whether the conduct crosses criminal thresholds (threats of harm, doxing) or remains at the level of reputational damage (false claims, coordinated negative reviews). For criminal-threshold conduct, contact the platform’s trust and safety team and, where necessary, the police. For reputational campaigns, a considered public response is usually more effective than silence, but legal advice on what to say and what not to say is valuable before responding publicly.

What should a social media community policy include?

At minimum: publicly visible community guidelines that specify unacceptable conduct; an internal moderation protocol covering who reviews flagged content, what decisions can be made at each level, and when escalation is required; a documented escalation pathway to legal or law enforcement for serious incidents; and support provisions for staff in community management roles. For businesses in scope of the Online Safety Act, a risk assessment covering illegal and harmful content is also required.

Leave a comment

Your email address will not be published.Required fields are marked *

Join Our Mailing List

Grow your business with expert web design, AI strategies and digital marketing tips straight to your inbox. Subscribe to our newsletter.