Safeguarding the corporate brand and reputation: prep, plan, repeat
May 2019 | SPECIAL REPORT: BUSINESS STRATEGY & OPERATIONS
Financier Worldwide Magazine
May 2019 Issue
In a digital world where corporates are subject to global scrutiny, reputation matters more than ever. In 2012, the World Economic Forum (WEF) found that on average over 25 percent of a company’s market value comes from its reputation. This presents a serious risk for corporates at a time when information can go viral in just a few seconds. As the infamous Fyre Festival shows, you can build and destroy an entire brand with just a few clicks on social media. The key to safeguarding a corporate brand and reputation is to treat reputation and risk management as part of your day-to-day business. This article explores how active risk management and crisis planning can help safeguard corporates from lasting damage to their brand and reputation.
The first step in active risk and reputation management is to identify the ongoing risks facing a business. It is much easier to safeguard against and manage risks that you have anticipated. Identifying risk requires a thorough due diligence exercise in key risk areas, from physical, cyber and data security to political developments and public perception of your business. Part of the challenge is recognising that risks change with time. Industry engagement can help a company to keep in touch with important developments as well as providing an opportunity to learn from peers.
Reputation risks are no longer limited to coverage in the mainstream press. With the expansion of online media, the number of potential threat actors has expanded exponentially. The speed with which technological developments are taking place means that even tech giants like Facebook are struggling to manage the risks posed by technology, from the Cambridge Analytica data breaches to the use of Facebook Live to livestream the recent atrocities that took place in New Zealand. If the attack in New Zealand caused Facebook to take responsibility to urgently remove images, critics still say it has been far too slow to act, having received complaints about the use of its live streaming service to broadcast criminal acts for years.
Instagram received similar criticism after it was found that a British teenager who committed suicide had been looking at distressing images of self-harm on her social media account. In response to public outcry, Instagram announced it would launch ‘sensitivity screens’ to hide graphic images. For many, however, this intervention was far too little too late, with Instagram being notoriously slow to remove or take action to prevent the use of its services to publish distressing material.
If Facebook and Instagram are (for now) big enough to survive these crises, not all brands will be so lucky. What other businesses can learn from these examples is to identify the risks posed by operating in a digital age and to actively manage against them, rather than waiting for disaster or tragedy to strike. A key element is, of course, secure storage and transmission of personal and confidential information. Since the introduction of the General Data Protection Regulation (GDPR), the likelihood of receiving a hefty fine for any data breach has greatly increased, while public tolerance for the misuse of personal data is understandably low given the sensitivity of information stored online.
It is also important to remember that how your business responds to risk will reflect on public perception of your brand – it is possible to have a good crisis. Where there is any suggestion that a risk could have been identified and managed prior to a problem arising, it is going to be much harder to maintain credibility.
Digital issues are not the only risk; changes in public consciousness and political developments can also have a huge impact on corporate reputation. The anti-plastic movement received a massive boost from the second series of Blue Planet broadcast on the BBC in December last year, and many companies were quick to respond in anticipation of a backlash. The #MeToo movement that began with Harvey Weinstein is another example of the extent to which public perception of a company’s values has a major impact on a brand’s sustainability.
Again, where there is a suggestion that an organisation had been warned about a problematic individual or worse, a problematic culture in advance of the issue becoming public, it is going to be significantly harder to recover from the reputational damage. A business that pays attention to risks posed by internal and external developments is always going to be in a better position to prevent and mitigate damage to its reputation.
Active risk management
Once key risk areas have been identified, active risk management requires staying on top of potential issues on an ongoing basis. Key risk areas should not be the subject of an annual briefing but a regular item on the agenda, from the boardroom to team meetings. Senior management may ultimately be accountable for any fallout, but a business that maintains a culture of engagement and responsibility at all levels is less likely to end up in the unenviable position of tackling a crisis.
From ensuring the secure storage of personal data to meaningful engagement with corporate and social responsibility, successful safeguarding of the corporate brand is a team effort and there are opportunities for contribution at every level. There are also threats at every level, with the public nature of social media and the portability of work material meaning that everyone becomes their company’s ambassador, as well as increasing the likelihood of confidential information being leaked (accidentally or otherwise). A clear company policy on social media, internet use and company devices as well as regular monitoring and training are essential.
If safeguarding against internal risk is largely down to proactive management, high-quality standards and a cohesive company culture, the risks posed by third-party relationships and external developments may require a more creative approach. Businesses are increasingly held accountable for the actions of partners, suppliers and vendors, so it is important that these key relationships form an active part of risk evaluation and management.
This is where technology is on your side, allowing companies to carry out heightened due diligence and to ensure the highest standards in terms of security and best practice when engaging with third parties. If most companies are wary of new businesses relationships, the risk of complacency is greatest with long-term partners. Active risk management requires re-evaluating these relationships and arrangements on a regular basis. It is important to ensure that your company’s values are reflected in your choice of business partners.
There will always be crises you could not have predicted, but this does not prevent a company from planning for a crisis is advance. When a critical situation occurs, businesses need to be prepared, and this requires having a crisis plan in place. Putting together a crisis plan should follow the identification of risk and requires working with key advisers to ensure that when the worst happens, a plan can swiftly be put into action that addresses risk areas.
This should not wait until disaster has struck. Every crisis plan should identify the crisis team (including internal and external advisers), identify keys risks and the role of each team member (with room for flexibility), include a communication plan and highlight stakeholders who need to be advised at the outset such as customers, staff or insurers. When confronted with a crisis, failure to address the issue will compound the problem. It is therefore important that key individuals have conducted scenario planning in advance.
Like risk management, crisis planning cannot be an event that takes place once every two years. For a crisis plan to be effective, it needs to be regularly updated and responsive to the changing risks a business faces at any given time.
Having got through a crisis, the final stage of reputation and risk management is to learn from mistakes. Once you have dealt with an issue, it is vital to evaluate your response as well as gaining an understanding of what caused the problem in the first place. Lessons learned should be fed into the planning processes so that mistakes are not repeated. This is not only important from a commercial perspective, but will also be expected from stakeholders and in some cases, the public and the press. A failure to demonstrate accountability could have serious implications for brand credibility. Catastrophic events can happen to any organisation, but how a business plans and prepares for risks and reputation management is likely to determine its future success.
Julian Pike is a partner at Farrer & Co. He can be contacted on +44 (0)20 3375 7217 or by email: email@example.com.
© Financier Worldwide
Farrer & Co.