Reputational risk is an interesting term. Risk management professionals often define risk as an event that can cause some kind of damage. However, reputational damage is usually the result of an event, rather than the event itself. The consequences of reputational damage can vary significantly. In some cases, very little happens – for example, customers continue to buy the company’s products and no one protests or reacts in any way. In other cases, the reaction to reputation news can be huge. A good example of this is the data breach at Vastaamo, which became public in 2020, where 33,000 patients’ data had fallen into the wrong hands and leaked onto the Tor network.
The new dimension has also brought with it trolls, who are politically motivated, and often organised. Sometimes commenting on these accounts in publications or elsewhere in the media may require their own kind of action.
Today, in social media, reputational damage can happen faster than ever and the effects can be disastrous.
Today, in social media, reputational damage can happen faster than ever and the effects can be disastrous. Online debate is often brutal, and consumers do not hesitate to criticise businesses. Investors may increasingly fear facing the wrath of the public, and their own employees may also face harsh words about their employer wherever they turn.
Risk events consist of violations of laws or regulations for which the company is responsible, or actions that are the result of something legal but considered unethical. There are numerous other risks that are not related to compliance and ethical risks that also have the same potential. Since a company’s reputation will not be damaged without some other event occurring first, managing this risk is more complex than other risks.
When designing a strategy, risk management and reputation management must be part of it. Too often, strategy and other planning efforts focus only on the most immediate desired outcomes – including increasing sales, expanding operations, expanding geographically, and improving production. Equally important are discussions about the reputational implications of plans. So what can you do to protect your reputation?
Six steps to secure reputation management
- Assess your current reputation. Reputation should not be a vague concept, it should be something that can also be measured and compared with other organisations through surveys and other mechanisms. Reputation should always be treated as an asset. Marketers certainly understand that the value of their brand is significant in itself. Most people, on the other hand, have the idea that they will pay more for brands that are more highly valued and expect discounts for brands that are less valued. So it is also about branding.
- Understand the main risk factors. Reputation changes do not just happen, they are a direct consequence of one or more other events. Once strategies and plans are in place, identify where things could potentially go wrong in the future, or what could undermine reputation. Mechanisms are then put in place to monitor these indicators.
- Identify stakeholders. Reputation only improves or deteriorates if someone cares about it. Even then, it only matters if stakeholders care enough. This step starts by identifying the drivers of reputational risk and the specific stakeholders – stakeholders who might care enough to take action. Investors, customers, employees, industry suppliers, the general public and other stakeholders. All stakeholders react in their own way to different events. Consider the impact of reputational damage.
This leads us to the next step – determining how the actions of each stakeholder would affect your organisation. Would it be loss of customers and loss of revenue? Or could it disrupt supply or production? What about lowering employee morale or making it harder to recruit new employees? Stakeholder expectations also change over time. Whether it’s cyber security and data protection risks, or climate risks, defending democracy or fighting poverty. Stakeholder concerns change and it is important to understand this in order to stay on the cutting edge of risk management.
- Strengthen the internal organisational culture. A strong internal company culture that encourages internal discussions on all issues and thus makes employees feel that their concerns are taken seriously is of utmost importance. Reputational issues tend to arise or get worse when they are spread through employee social media and, unfortunately, it has become much more common.
- Communicate strongly and respect your audience. Successful reputation risk management requires proactive communication from the top of the organisation. Developments or actions that could potentially be misinterpreted or have a negative impact on reputation need to be addressed before they have time to cause damage. Anticipate by listening and explaining the circumstances; why the organisation does what it does. Always be honest and as open as possible in your communications.
- Always have a crisis plan in place. Make a clear action plan, including internal and external communication plans, and corrective measures. I’m sure we’ve all seen the damaging effect that slow reactions can have.
Reputational risk management involves underlying reputational risks that can cause reputational damage. It all starts at the strategy definition and planning stage and sometimes requires an understanding of the most complex risks.