Reputational risk and crisis management



Similar documents
Business Continuity Management

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

Care Providers Protecting your organisation, supporting its success. Risk Management Insurance Employee Benefits Investment Management

A winning strategy for workers compensation management

ALERT PRESERVING YOUR REPUTATION FINANCIAL SERVICES. Glass, china, and reputation are easily cracked, and never well mended.

Power plant safety: a wise business move

Managing Your REPUTATION. Before Someone Else Does it for You

The 8 Hour MBA. There are four recommended threads in The 8 Hour MBA: Adding Value Business Strategy Leadership Strategy 1 Leadership Strategy 2

Managing Social Media During a Consumer Product Recall

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

risk management & crisis response Building a Proactive Risk Management Program

THE CCO. Fortune Global 500 CCO

Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for?

Why Crisis Response and Business Continuity Plans Fail

Data Breach Cost. Risks, costs and mitigation strategies for data breaches

8 Ways To Build Your Brand Using Social Media

Things To Do After You ve Been Hacked

Managing social media risks to reputation risk A hot topic on the board agenda

Internet Reputation Management Guide. Building a Roadmap for Continued Success

Crisis Nestlé

SMALL BUSINESS REPUTATION & THE CYBER RISK

The promise and pitfalls of cyber insurance January 2016

Crisis Management Guide

Mitigating and managing cyber risk: ten issues to consider

Negligent hiring: How to reduce your chances of hiring a claim

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

the company behind the brand: in reputation we trust

THE CYBER SECURITY PLAYBOOK WHAT EVERY BOARD OF DIRECTORS SHOULD KNOW BEFORE, DURING, AND AFTER AN ATTACK SECURITY REIMAGINED

FINANCIAL FRAUD: THE IMPACT ON CORPORATE SPEND IT SECURITY RISKS SPECIAL REPORT SERIES

Kea Influencer Relations and Marketing for High-Tech & Technology Providers

Cyber security Building confidence in your digital future

VENDOR MANAGEMENT. General Overview

HIGH ON THE RISK RADAR REPUTATION RISK

Charities & Not for Profit Protecting your organisation, supporting its success. Risk Management Insurance Employee Benefits Investment Management

Business Resilience Communications. Planning and executing communication flows that support business continuity and operational effectiveness

Risk Management How to manage your brand & build business resilience to improve your bottom line

Branding and Managing Reputational Risk

WRITTEN TESTIMONY BY DAVID SNELL FEDERAL BENEFITS SERVICE DIRECTOR NATIONAL ACTIVE AND RETIRED FEDERAL EMPLOYEES ASSOCIATION

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Risk management + Strategic planning IT TAKES AN ENTIRE ORGANIZATION

Integrity Continuity: Avoiding and Surviving (Un)Ethical Disasters. Robert C. Chandler, Ph.D., Pepperdine University Malibu, California USA

Insurance protection for employees abroad

How To Manage Social Media Risk

Enterprise Risk Management

Blending Corporate Governance with. Information Security

Assessing the strength of your security operating model

Assessment of natural hazards, man made hazards, technical and societal related risks and associated impact.

Internet Reputation Management Guidelines Building a Roadmap for Continued Success

Discover How a 360-Degree View of the Customer Boosts Productivity and Profits. eguide

Application Security in the Software Development Lifecycle

GUIDE Wealth Management. 9 Social Media Guidelines for Wealth Management Firms

A NEW APPROACH TO CYBER SECURITY

THE SECURITY EXECUTIVE S GUIDE TO A SECURE INBOX. How to create a thriving business through trust

Cyber-Security Risk Management Framework (CSRM)

Cyber security: Are Australian CEOs sleepwalking or a step ahead? kpmg.com.au

Managing business risk

Preparing for and coping with a crisis online. White Paper 2 Crisis management in a digital world

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS

CYBER SECURITY TRAINING SAFE AND SECURE

Exercising Your Enterprise Cyber Response Crisis Management Capabilities

The Do s and Don ts of Outsourcing Your Call Center William D. Puso, Vice President & Managing Partner, The INSIGHT Group

How To Understand The Risks And Opportunities Of Insurance In Canada

INTO SMART CRISIS PREVENTION

Risks and uncertainties

Rogers Insurance Client Presentation

Risk Management Policy and Framework

Burson-Marsteller Website Benchmarking

Who s next after TalkTalk?

The Value of DLP

FOOD DEFENSE STRATEGIES: Four Ways to Proactively Protect Your Brand

BUSINESS CONTINUITY PLAN

Zurich s Workers Compensation Claims Kit

Transcription:

Reputational risk and crisis management

Reputational risk and crisis management The nightmare scenario for a CEO might be a tainted product, a deadly accident or a humiliating scandal. Within days, or perhaps even within a few short hours, a carefully cultivated brand is threatened and a sparkling corporate reputation is at risk of being ruined. Bad things happen to even very good organizations, but it isn t necessarily the bad things themselves that destroy reputations. Bad things happen to even very good organizations, but it isn t necessarily the bad things themselves that destroy reputations. Often the deciding factor is how a company responds when something goes wrong. If the crisis is managed badly, the company may never recover. If handled well, the company may even enhance its reputation. Companies with superior reputations have been shown to have sustainable competitive advantages and enjoy materially higher average annual stock price increases. In some industries, reputation can be a company s single most valuable asset. But reputations also can be fragile. Thanks to the Internet and the 24/7 news cycle, bad news, including rumors, misinformation and libelous attacks, can spread across the globe in an instant. Adversaries such as activists, disgruntled customers and angry former employees can launch potentially damaging attacks through blogs, message boards and dedicated websites. Companies with strong reputations may simply deflect many reputational challenges. Additionally, threats often can be nipped in the bud through proactive reputation management. But some extreme events can overwhelm a company s defenses and deeply damage or even irreparably destroy its reputation. In a full-blown crisis, a range of high-intensity crisis management procedures must immediately be implemented. Companies that are best prepared to deal with a potentially ruinous situation are those that have developed and rehearsed a comprehensive crisis management plan. Reputational risk and reputational risk management Reputation is not an attribute of an organization; reputation exists solely in the minds of others. A company may possess a good reputation, but what it actually owns is the benefit of a positive consensus about its conduct. Many companies seek to actively manage their reputations by instilling and reinforcing positive associations in the minds of those who are important to the success of the company, especially customers and investors. Managing a reputation also requires monitoring external perceptions and responding quickly and effectively to threats. The possibility that events may undermine trust in a company is called reputational risk. Reputational risk arises from a wide array of actions, including failure to comply with regulatory or legal obligations, failure to deliver expected standards of service and product, unethical practices, failure to hit financial performance targets, labor unrest and environmental breaches. Reputational risk also arises from external factors such as the actions of a competitor that cast a cloud over an entire sector. Activities that can help prevent reputational damage, or help mitigate the consequences of a damaging event, collectively are called reputational risk 1

management. At the heart of reputational risk management is overall good corporate governance companies that are managed well might typically avoid activities that undermine trust, and they have a reservoir of good will to help cushion occasional bad news. Many senior executives, however, are not content to rely exclusively on good corporate governance as a defense against a damaged reputation, and insist on proactive steps to manage reputational risk. Specific activities can include: collecting and analyzing customer feedback; monitoring the media, including Internet blogs and message boards; managing the company s relationship with the media; investor relationship management; diligence in regulatory compliance and managing relationships with regulators; tracking business, economic, social and regulatory trends that may spawn new risks; and managing relationships with potentially adversarial special interest groups. These highly unlikely, but extremely powerful, events present enormous potential reputational damage and can often redefine the career of the leader in charge at the time. Reputational risk management activities typically are distributed among a number of departments and individuals, making it challenging to develop and execute a cohesive strategy. While the optimal means of coordinating reputational risk management may vary by industry, company size, structure and corporate culture, companies should consider embedding reputational risk management within an enterprise risk management (ERM) program that addresses all aspects of an organization s risk profile. In addition to providing a platform for managing reputational risk across the organization, ERM helps companies avoid strategic surprises that can threaten reputations, and aids in identifying emerging risks, according to Calvin E. Beyer, head of the Manufacturing segment of the Middle Market Commercial Group of Zurich North America. ERM also helps pinpoint interdependencies and contingent risks situations that can produce the chain reactions that are the precursors of catastrophic losses. Crisis management Companies face frequent challenges to their reputations, and well-regarded organizations that engage in reputational risk management activities usually fend them off without lasting damage. But occasionally exceptional events overwhelm companies usual reputational risk defenses. These highly unlikely, but extremely powerful, events present enormous potential reputational damage and can often redefine the career of the leader in charge at the time, according to Mr. Beyer. The types of disasters that can destroy a company s reputation vary by industry. A financial services firm may be the victim of a data breach that compromises sensitive customer information. An airline may be grounded for safety violations. A chemical company may expose a community to toxic substances. A manufacturing company may need to recall a dangerously defective product. Some types of disasters transcend industry groups. Any company could be the victim of financial fraud. 2

When disaster strikes, the companies that fare best are those prepared to quickly execute a thorough and well-rehearsed crisis response plan. Crisis response plan Most organizations are not well-prepared to respond quickly in a crisis. A 2005 survey of senior risk managers by the Economist Intelligence Unit found that less than half of respondents said their firms are good at crisis management while 11 percent rated their firms as poor. Large firms are more likely than smaller ones to have a well developed crisis management plan. For many companies, crisis management is a reactive process scrambling to seize control of the situation after a crisis occurs rather than a proactive discipline. Making crisis management a proactive discipline means developing and rehearsing a crisis response plan. Such a plan necessarily involves many levels of an organization, from the CEO down, and may include outside experts. It should take in consideration all important stakeholders, including customers, investors, employees and regulators. Important elements of a plan include: The core crisis management team has been identified and each member knows his or her role; The most threatening vulnerabilities have been identified and timeline scenarios addressing each have been developed; Key stakeholders/audiences have been identified, along with their likely concerns related to the most threatening vulnerabilities; The most effective communication channels for each category of stakeholder have been identified and plans are in place to quickly access each channel; A company spokesperson has been appointed and trained; The plan has been rehearsed; The plan is periodically reviewed and updated. Large companies often use outside consultants to help develop crisis management plans and to assist in the event of a crisis. Smaller companies are far less likely to call on consultants, though companies of every size can benefit from expert advice. Some types of insurance policies, such as cyber liability policies, make crisis management services available for certain types of events, enabling a broader spectrum of companies to benefit from crisis management expertise. What should happen when a crisis occurs? Two things must happen right away when a crisis erupts: the problem must be fixed, and communication with stakeholders must be quickly established. Fixing the problem. According to nearly three-quarters of global business leaders surveyed by public relations firm Weber Shandwick and KRC Research, a key step in the reputation recovery process is announcing specific actions the company is taking to fix the problem. 3

Only rarely can a serious problem be fixed immediately. A dangerously defective product can be recalled, but injuries may continue to mount. A financial fraud may be identified and the perpetrators arrested, but it may take years for the company to return to pre-fraud financial health. But even if there is no quick fix, management must be seen as moving decisively to remedy the problem. Actions seen as superficial or ineffectual are likely to be more damaging than helpful. Communicating with stakeholders. Rarely does it pay to try to cover up or minimize a serious event. Companies fare best when they acknowledge the seriousness of the situation, display regret and concern for consequences of the event, assert commitment to make things right, and demonstrate that senior management is in control of the situation. Quickly and effectively communicating with the full range of stakeholders is vitally important to help mitigating damage. Companies must stay on top of communications about the event, otherwise the media and other organizations will take control of the story. Quick and forceful communication helps companies define the agenda and reinforces the impression that management is in control of the situation. It also can help generate good will with stakeholders. Companies must stay on top of communications about the event, otherwise the media and other organizations will take control of the story. If not the very first, one of the first categories of stakeholder to be notified after an event is the company s employees. Communicating quickly and openly with employees reassures them that the situation is under control, enables management to sympathize with their concerns, imparts important information to help bring the rumor mill to a halt, and permits management to lay down rules as to what can and cannot be communicated to outsiders, and who is authorized to speak for the company. Depending on the nature of the event and the size of the company, communications outside the company can take the form of press releases, press briefings, face-toface meetings with regulators or other key stakeholders, updates posted on the company s website, television or newspaper advertising, or e-mails. Some companies have leveraged the enormous popularity of social networking websites such as Facebook and Twitter to get their messages out. A vitally important communication network is the company s sales force, which should be recruited to deliver scripted messages individually to important customers and prospects. While a company should designate a spokesperson to handle most routine communications with the media, the CEO almost always should be highly visible throughout the process. The CEO is the public face of an organization, and is expected by all stakeholders to demonstrate leadership at a time of crisis. Subsequent actions. Repairing a reputation can take years, and companies may be judged on their activities relative to a crisis long after the event triggering the crisis has passed. Depending on the nature of the crisis and the type of company involved, ongoing activities may be required for months or even years after the initial crisis has passed. For example, an environmental mishap may require regular testing of contaminated property or health check-ups for people exposed to toxic chemicals. Similarly a data breach may necessitate credit monitoring for victims for a period of time. 4

Transforming a crisis into a reputation win. Most often, companies consider themselves fortunate to survive a crisis with their reputations intact or only slightly battered. Companies that are highly prepared to respond effectively to a crisis, however, occasionally emerge with newfound respect from stakeholders. Companies that turn a disaster into a net gain in reputation almost always are those that respond quickly and decisively, taking full responsibility for mistakes and executing an action plan that remedies the problem and makes whole or at least as whole as possible those damaged in the incident. Conclusions Nearly two-thirds of executives participating in a reputational risk survey by Weber Shandwick and KRC Research said they believe it is harder to recover from reputation failure than it is to build and maintain a reputation. These same executives estimated it takes, on average, between three and four years for a company to recover from serious reputational damage. Some companies never recover. Senior executives widely acknowledge the importance of reputational risk management, but comparatively few effectively plan for a crisis. As a result, when a crisis occurs, companies typically scramble to take control of the situation, and often make serious missteps. A well-conceived crisis management plan, and an organization rehearsed in executing the plan, can not only help avoid a crisis becoming a reputational disaster, it may be the foundation to turn a very bad situation into a net gain in respect from customers and investors. 5

Zurich 1400 American Lane, Schaumburg, Illinois 60196-1056 800 382 2150 www.zurichna.com A1-19330-A (09/10) 10-2916 The information in this publication was compiled from sources believed to be reliable for informational purposes only. All sample policies and procedures herein should serve as a guideline, which you can use to create your own policies and procedures. We trust that you will customize these samples to reflect your own operations and believe that these samples may serve as a helpful platform for this endeavor. Any and all information contained herein is not intended to constitute legal advice and accordingly, you should consult with your own attorneys when developing programs and policies. We do not guarantee the accuracy of this information or any results and further assume no liability in connection with this publication and sample policies and procedures, including any information, methods or safety suggestions contained herein. Moreover, Zurich reminds you that this cannot be assumed to contain every acceptable safety and compliance procedure or that additional procedures might not be appropriate under the circumstances. The subject matter of this publication is not tied to any specific insurance product nor will adopting these policies and procedures ensure coverage under any insurance policy. 2010 Zurich American Insurance Company

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information