A comprehensive Enterprise Risk Management (ERM) strategy can help protect your reputation by preventing events that damage it.
Reputation is an intangible asset. Much research and many seasoned observers agree that a good reputation enhances customer loyalty and purchase behavior, market value of the business, hiring and retention success, and brand image. Many of these factors are reflected in the asset we call “goodwill.”
Managing Reputational Risk in ERM
Reputational risk (or ‘reputation risk’) is one of the costs of events such as adverse actions for negligent hiring or publicized high-level fraud. Events like these are precisely the types of risky outcomes that your systematic ERM strategy aims to identify, evaluate, and mitigate. We do not have space to provide an exhaustive list of reputational risks, but we can illustrate the point that preventing selected negative outcomes can help protect your reputation, not to mention your bottom line.
In today’s digital era, news travels quickly across social media and offers high and immediate visibility to headlines that may affect a brand’s reputation. Product recalls, data breaches, systems failures, poor customer support, compliance failures—it’s all out in the open. As such, reputational risk has become a distinct category within the framework of enterprise risk management. Meanwhile, information technology has a vital role to play in organizations around the world as the driver of the digital era. IT touches all aspects of business operations, communication, customer engagement, and commerce.
IBM’s 2012 Global Reputational Risk and IT Study, conducted in June 2012 by the Economist Intelligence Unit, garnered responses from 427 senior executives from around the world. The results show a strong connection between IT risk and reputational risk, centering on three key IT responsibilities: Security, business continuity, and technical support. Security-related issues, such as data breaches that threaten personal information or credit card data, was also named as the number one IT risk posing threats to reputation.
Looking Beyond the Rearview Mirror
One of the most profound findings of the IBM study is that many companies still take a reactive approach to IT risk management. These organizations are dedicating resources to managing risks such as data breaches, system failures, and data backup failure only after they experience a significant issue. Emerging risks that have yet to cause serious reputational damage have simply not been addressed properly.
Many others – 64% of respondents – say their organizations will focus more on managing reputational risk than they did five years ago. Still, the study finds that executives tend to make sweeping assumptions about their organizations’ security and resiliency related to IT risks—generally considering themselves better protected than they actually are.
The following infographic from IBM summarizes the results of its 2012 reputational risk and IT study.
The team of IT risk managers at Lowers Risk Group can help you build strong and secure IT department that protects against the risks of technology, compliance, and reputation.