As instant messaging becomes more prevalent in business, corporations and organizations must apply the same rigor to the use of IM as they have previously done for email. In particular, there are four categories of risk or liability that companies face as a result of their employees' day-to-day use of IM:

1. Risk of being out of compliance with governmental laws and regulations governing electronic communications. This category typically involves the need to create and manage an archive of instant messages in order to comply with such regulations as the Sarbanes-Oxley Act, the Gramm-Leach-Bliley Act, electronic discovery, or the Federal Rules of Civil Procedure in the United States, and similar legislation and policy in other countries.
2. Risk of infection by virus, spyware, or other malware installed surreptitiously over an IM network or in an IM-attached file.
3. Risk of employees using IM to communicate trade secrets (proprietary, confidential, or restricted information) to parties outside the organization. This category is often called "data leakage" or "information leakage".
4. Risk of employees using IM to harass or threaten other employees. For example, the persistent use of IM by one employee to send messages to another employee that are sexual and/or unwanted in nature may create a hostile environment sexual harassment liability for the employer.