An introduction to reputation risk
What is reputation risk, how do you recognise it, avoid it, manage it, and mitigate it? A guide to handling threats to your organisation’s reputation, and the consequences of not doing so
What is reputation risk?
Although fundamental to the success of an organisation, reputation risk falls outside the scope of traditional enterprise risk management – largely because it is hard to neatly package and measure. It is not an operational risk – it could better be described as a strategic risk.
The elements comprising reputation risk differ depending on the scope of the organisation, make-up of its stakeholders, nature of its business and media presence, among hundreds of other factors.
Companies have multiple reputations, so your organisation may be perceived very positively by investors, but much more negatively by customers or employees. This means that while you may be perceived positively in aggregate, there is still the potential for reputational risk to be lurking with one or more of your stakeholders. See our reputation case study on Amazon as a textbook case in point.
An organisation’s reputation is grounded in the perceptions of its stakeholders, rather than its own operations. While poor corporate behaviour almost invariably causes reputational risk, so too can adverse events outside the organisation’s control. An accounting error could slash share price, rogue employee misbehaviour may damage perceptions of corporate culture or a company may find itself out of step with prevailing societal attitudes on sensitive subjects.
Simply put, reputation risk is the potential for any event, controllable or otherwise, to damage your organisation’s reputation. It is the risk to the institution from stakeholder perceptions of your profitability, brand value, authenticity, or ability to perform your corporate function.
Why is reputation risk important?
Understanding and measuring your reputation risk is crucial in a world where intangible assets command increasing value. Corporations are being judged on their net contribution to society, with the expectation that they should do more than make a profit. Meanwhile, reputation can change from one news cycle to the next. An image built over decades can be undermined by a single action. Organisations are at the mercy of anyone who has something to say about them and a forum in which to say it.
Consequently, it’s vital to understand and measure your exposure to and the impact of reputation risk as part of your risk management strategy. The loss of future revenue due to an adverse event can be a high multiple of the immediate loss from a particular issue. A car manufacturer, for example, might be able to absorb the cost of a global recall for faulty parts, but the long-term impact on sales because consumers don’t want cars with brakes that fail, will be far harder to overcome.
Types of reputational risk
Reputation risk is as broad as the theatre of your organisation’s activities. It may have little to do with business strategy, and everything to do with perception. And depending on your activities, sector and competition, risks could be either very specific or indefinably vague.
In short, reputational risk is defined as any gap between what you say and what you are perceived to do as an organisation.
While there is an almost endless list of examples of reputation risks there are several groups that have become the scourge of multiple organisations, including:
Regulation breaches: Failing to keep up with changes in laws and regulations can lead to an unintentional breach, at worst breaking the law. Any breach will remain a matter of public record and these tend to have a snowball effect in terms of media reporting, as Johnson & Johnson has seen over the past 18 months.
Cyber attacks: Data breaches leading to the loss of sensitive client information, or systems shut downs caused by hackers, will elicit a name for poor security and unreliability. In the UK, TalkTalk has spent many years trying to rebuild its reputation beyond the three cyber breaches that came to define it.
C-suite actions: The CEO and board directors are your figureheads, and any wrongdoing will leave a lasting taint. Research by Weber Shandwick found the reputation of a company’s leader is the fourth most important factor in determining that of the company as a whole.
Employee misbehaviour: If employees are involved in misconduct, present a poor impression to clients, fail in their function or are seen to criticise workplace practices, it will impact.
Bad reviews: Poor reviews from users, employees or industry experts will impact income. According to research by Apex Global Learning, there is an 18% difference in revenue between three-star reviewed businesses and those rated five-star
Social posts: A casual tag on social media can tie your organisation into a thread you’d rather not be associated with. Worst still, mistaken identity with a similar sounding miscreant can easily happen, and be hard to expunge.
How reputation risk can affect your company
Reputation is grounded in the point of view held by stakeholders. This has a far greater impact than what your organisation actually does. For example:
If employees feel undervalued, overworked, or are unhappy with their environment, you will be viewed as a poor employer. The result: an inability to hire or retain the talent you need, and higher HR outlay. Research by the Harvard Business Review found that a company with 10,000 employees and a bad reputation could be spending $7.6m in additional wages to counter it.
A reputation for unreliability, opaque financial statements or inconsistent results can all affect the perceptions of investors when deciding whether your organisation will provide a return on any investment. The difference between book value and market value is often ascribed to reputation, which can account for anywhere between 10-70% of a company’s market capitalisation.
However great your products and services, reputation affects both client loyalty and the chance to win new customers. Consumers align themselves with organisations that appeal to their personal ethos on a range of issues that have little to do with the products themselves, such as social responsibility. After videos on social media posts showed United Airlines staff dragging a passenger off a plane, the company’s earnings dropped 69%.
How do you measure reputation risk?
The failure of many businesses to adequately define their reputational risk makes it equally difficult for them to quantify it. But reputation risk can, and should, be quantified, as we set out in this piece on how to measure reputation risk. A precise ability to identify risks and how they are evolving, as well as calculating the negative impact posed by certain issues confers the ability to balance risk versus reward.
Methods of measuring reputation risk include creating a reputational risk assessment, which can help draw a baseline for where a company sits within the perception of its stakeholders, and in comparison to direct competitors, comparable organisations and the sector as whole. Once this baseline is established, variations from the norm can be tracked.
By gathering data from social media, print news, online and broadcast channels, companies can listen and analyse the thoughts and feelings of their different stakeholders. Using machine learning and connected intelligence tools, you will be able to mine this rich data stream to identify sentiments and topics that pose potential risk.
This in turn allows you to define specific reputation risk categories that relate to your business. When weighted sentiment measures are applied to these, you can build a picture of the biggest risks you face as an organisation, prioritised by current impact and severity. You can then model the impact each type of risk could have following a negative event.
Furthermore, using the same analysis techniques, you can also analyse the reputational risks and profiles of competitors and peers to understand where your risks sit in relation theirs. One of the key triggers of reputational risk is being negatively differentiated from your sector peers – detailed data analysis allows you to surface this before it becomes an issue.
This process will allow the creation of a risk management programme, which will improve risk identification, inform strategic decision making, improve crisis management and assist mitigation of specific risks.
For specific examples of the techniques used to quantify reputational risk, see our case study on Boeing, which unpacks in more detail the methodological approaches deployed.
How to manage and mitigate reputation risk
Once you have an accurate measurement of your reputation liability, you are in a position to guard against risk. One option is reputation risk insurance, an embryonic industry designed to cover the costs of past and future damage to organisations’ reputations.
Prevention is better than a cure, however, and with careful management, enterprise risks can be identified, avoided, and the potential effects mitigated.
Don’t underestimate the risks
Take a serious approach to managing reputational risk: disgruntled employees, poor decision making by the CEO, data breaches, negative social media posts and bad press can all lead to cracks in a company’s reputation.
Think multiple reputations
Just because your share price is ticking up or your NPS scores are strong doesn’t mean that you are protected from reputational risk. Consider your multiple stakeholders and where you stand with each of them to not be caught unawares.
Have an engagement plan
To manage reputation risk at speed, you need to be prepared, so have a rational contingency plan in place. To do this, you need to know your stakeholders, what’s important to them, and the issues most likely to make them view your company negatively.
Employ an active reputation monitoring service
Effective business intelligence analysis provides insight-driven foresight, enabling you to spot any warning flags. This makes the difference between crisis management and controlled risk management. Don’t forget to incorporate other data sets that may be siloed in different parts of the business.
Understand your exposure
Companies are usually targeted if they are seen as being out of step with their sector on a topic or an issue – by measuring competitor profiles on potential risks topics, business can ensure that they are never negatively decoupled from their peers.
Move quickly and communicate clearly
When bad things happen, adept handling of the aftermath can go a long way to mitigating the effects, Crisis communication must be instant, and reach all stakeholders. Not communicating effectively, or allowing external parties to uncover the issue, results in more frequent and more damaging reporting of an issue prolonging the impact of the attack. So make yourself heard.
Demonstrating that the organisation has identified and recognised the root causes of the crisis is the first step to restoring trust. This should be followed by making the necessary changes across the organisation to address these causes and rebuild credibility.
Practice what you preach
Walking your talk defines your reputation, so have your core values rooted in your business model at board and enterprise level. Understand any gap between what you say and what you could be perceived to be doing and ensure you’re focused on closing this wherever possible.
Be part of the
Stakeholder Intelligence community