Reputational Damage: 11 Steps for Protecting Your Brand & Company
When it comes to the potential risks that can impact a business, the risk of reputational damage ranks at or near the very top of the list.
In a recent study by Deloitte and Forbes Insights, 300 executives (C-suite and board directors) were surveyed. One revelation? They consider brand reputation as the highest strategic risk area for a company. This finding even ranks above other high visibility factors like business model, competition, and the impact of economic trends.
What is reputational damage?
The world has changed dramatically over the last 20 years. Gone are the days when your only news sources were the daily newspaper and the six o’clock evening news. Through the power of social media, any kind of news (good or bad) can go viral and reach global proportions in minutes.
A company’s reputation can receive a damaging blow instantly, thanks to an unhappy consumer getting media coverage, or a news report of unethical behavior. Or because of an employee saying something inappropriate on social media, or the announcement of a company breach that’s exposed users’ personal data the company had promised to protect.
What are the most common types of risks associated with reputational damage?
The use (or misuse) of social media, either by an unwary employee, an agency or the company itself can be a double-edged sword can be the cause of reputational damage. Or how followers and the public use it in response to company actions or events can be a catalyst for that negative impact.
From the employee making a racially charged comment on social media to the CEO being charged with sexual misconduct, everyone in a company should be considered a potential risk. There’s a strong case to be made that employee actions represent the biggest risk to a company’s reputation.
Data breaches are one of the biggest ways to lose the trust of your customers and damage your brand reputation. It doesn’t help that it publicly can put a company on the hot seat in front of legislators and regulators, too.
Services & Pricing
Regardless of its business model or sector, if a company underperforms, or overcharges, or practices shady sales techniques, they’ll suffer reputational damage once any of these things come to light.
Why is there so much attention given to reputational damage? The negative effects can literally decimate a company. Reputation Management describes its impact this way:
“(Reputational damage) harms client and investor trust, erodes your customer base and hinders sales. A poor reputation also correlates with increased costs for hiring and retention which degrades operating margins and prevents higher returns. Furthermore, reputation damage increases liquidity risk which impacts stock price and ultimately slashes market capitalization.”
10 key steps to mitigating reputational damage risk
Now that we’ve been painfully reminded of the risks and ramifications of reputational damage, let’s take a look at some ways to help mitigate those risks.
Corporate Compliance Insights offered their view of the top 10 key strategies a GRC team should follow to proactively head off reputational risk and brand damage:
- Strong and effective board oversight – When it comes to the management of reputational risk, it needs to start at the Board of Directors level. Active and diligent Board oversight as it relates to the development of the strategy, the execution of that strategy, and the development and enforcement of the policies associated with it are mandatory.
- Integrating risk into business planning and setting strategy – Risk needs to be at the forefront of thought when it comes to business planning and setting the strategy. When risk is factored into strategy and business planning as an integral component, it fosters a more strategic view of undertaking risk.
- Effective communications, image and brand building – Telling your company story and building your unique brand is a critical component to succeeding in the market.
- A culture of ethics & compliance – There needs to be a culture of ethics & compliance that starts at the top and permeates throughout the entire organization. Included in this culture must be policies, procedures, escalation processes, and periodic pulse checks that gauge the tone especially in the middle and the bottom.
- Leaders should lead by example – The Board needs to be active and involved in making sure that there are proper and effective controls implemented for compliance matters. All eyes will be on executive management to see if they are leading by example or if they’re just paying lip service.
- Ensure a passionate focus on improving stakeholder experiences – This means that any exchanges or interactions with employees, suppliers, customers, shareholders, and other stakeholders need to prioritize delivering positive experiences.
- Solid public reporting – Investors keep a close eye on issues having to do with public reporting of financial statements. Things like restatements, factual discrepancies, and bad accounting practices are all things that give investors doubt and cast a negative shadow on a company.
- Strong control environment – To achieve a true culture of ethics & compliance, the control environment plays a pivotal role in helping an organization achieve its objectives around reporting, operations, and compliance.
- Performance vs. competitors – Bottom line, you have to have a competitive business model if you want to be recognized as successful in the marketplace. If you’re not competitive, your company and management team will be questioned, and your reputation will take a hit.
- Decisive response to high-profile crises – This is a natural extension of risk assessment and management. How your company plans for and responds to a crisis will have a definite impact on reputation.
An 11th step? Mount a tech defense against reputational damage
It may seem like a tall order to implement all these measures. The Corporate Compliance Insights list lacks one strategy, though, that can help empower many of them: Adopting GRC technology solutions to make it feasible to extend a culture of compliance across the entire organization.
As we saw at last year’s SCCE CEI event, there’s an “Ethics Rising” movement afoot within more organizations, who see the value of setting a foundation for a culture of ethics. Doing so efficiently and cost-effectively across even a mid-sized organization, however, means turning to purpose-built technology. Trying to accomplish it using traditional processes and tools is a recipe for failure, and leaves an organization exposed to risk. The complexities, number of risk factors, and pace of change in the business environment are just too much for yesterday’s approaches.
As for the costs of new technologies and other initiatives to build compliance? They’re almost a moot point when we consider that the true costs of non-compliance were revealed years ago in a landmark study by Ponemon Institute. Among the companies analyzed, non-compliance costs were 2.65 times higher than the costs of compliance efforts.
Technology is an unparalleled enabler for organizations trying to reach new plateaus of maturity and visibility into the performance of their compliance programs. For them and regulators alike, that maturity and transparency is crucial. Reputational damage can arise on any number of fronts, and the tactics to combat it and its impact – employee education, timely policy and procedure dissemination and attestation, data governance, confirmed audit trails, and high levels of embedded security – can only be realized by making GRC tech adoption an essential eleventh key strategy for safeguarding your enterprise.
Everyone has to be on board
It’s easy to understand why reputational damage is a top concern for leaders in any organization, given how quickly any situation can spin out of control and go viral. Why does that happen? Because brand reputation is inherently about trust. Trust that a company is protecting the best interests of its employees and customers and is operating ethically, honorably, and competently. When people feel that trust has been betrayed, they take the “betrayer” – in their eyes, the company – to task, even if it’s an unfair rush to judgment.
The difficulty for any company looking to protect themselves from reputational damage is understanding that there is no single defense against it. Protection requires a multi-layered and multi-pronged approach that starts at the executive board and leadership level. From there, it has to migrate downwards, to eventually become a culture and mindset that’s adopted and practiced by everyone in the company, from the CEO to the last employee on the company roster.
In risk management, a “3 lines of defense” strategy involves lines of defense at various levels of a business. To defend against reputational damage. those three lines consist of corporate leadership, managers, and front-line staff.
Leadership will define what constitutes a “culture of ethical behavior” for the organization. They’ll also provide the processes and procedures directing managers and employees in how to best handle risk scenarios and prevent unintentional incidents. Or stop them from spiraling into bigger issues through poor incident response.
But as Hui Chen, the former Compliance Counsel Expert at the U.S. Department of Justice (DOJ) explains, it’s vital to have everyone participate in developing that culture:
…if a top-down approach does not reflect the values of your employees and stakeholders, it can only go so far. A truly effective top-down approach is a reflection of the values of all the stakeholders involved. In order to know what those values are, you have to start with a bottom-up approach.
Protecting your company’s reputation and good name has to be planned for and strategized at the highest levels. That plan and strategy have to be communicated to, and bought into by, the various management and employee ranks throughout an entire organization, to the point where there’s a measurable and definable change in mindset and behavior.
Only when everyone is aware and protective of your company’s reputation can you really begin to breathe a bit easier.Protecting your company's reputation and good name has to be planned for at the highest levels. Click To Tweet