Before you can manage and mitigate risks to your brand and reputation, you first need to be able to measure it

It’s a popular quote from Sage of Omaha Warren Buffett that it takes 20 years to build a reputation, and just five minutes to destroy it. But it has never been truer. In today’s uncertain and hyper-connected world, a data breach, poor corporate conduct, toxic work culture, accountancy scandal or poorly-worded tweet can cause share prices to plummet and provoke the wrath of shareholders.

As lockdown restrictions lift in many countries (despite fears of second waves) companies are facing with the challenge of keeping staff safe in the workplace and sensitively managing an inevitable wave of redundancies. Companies in the public eye are on a knife’s edge and one wrong step can see their intangible assets - goodwill or reputation - diminish overnight. As Airmic notes in its 2020 risks and megatrends report, consumers have continued to find many corporate transgressions unacceptable throughout the COVID-crisis.

At a time when intangibles account for as much as 85% of a company’s value, according to Lloyd’s and KPMG, risk managers are under ever-more pressure to measure, manage and mitigate the risks to their company brand and reputation. This year’s Airmic survey ranks reputation and brand as the second most concerning risk for its members (after cyber business interruption), down from its position at the top of the ranking a year ago.

“We’re very good at measuring and managing physical assets and we’re very good at measuring and managing money and (over the last 20 or 30 years) we’ve got better at managing people,” says John Ludlow, chief executive of Airmic. “What we haven’t yet got on heads around is how we measure and manage reputation, IP and other intangible assets. We haven’t really even got particularly good at measuring and managing the cyber vulnerability of our companies. That’s all a black boxes to some extent still.”

“Before you can manage the risk, you’ve got to be able to manage that the asset in the first place,” he continues. “And then you can start to think about the impact and likelihood of different events occurring.”

Making the intangible tangible

Just as organisations are under pressure to report on their approach to ESG, in the future corporate reputation reporting will become standard, thinks Kasper Ulf Nielsen, chief strategy officer and co-founder or RepTrak (formerly the Reputation Institute). When it does, risk managers will have to find a way of making the “intangible tangible”.

“Over the next five years you’re going to see the investor community demanding reputation risk reporting from companies, because they know this is the thing that could really hurt a company overnight,” he adds. “Risk managers are coming under more pressure and this is because the C-suite and board is coming under more pressure from investors and other stakeholders.”

He thinks it is no surprise that reputation is typically a top three concern for the risk community. “There is pressure from the CEO and the board and that’s because they are under pressure from the financial community. But the frustration has been from the risk community to think well, ‘we don’t know how to do this because we can’t quantify reputation’.”

But this is changing. RepTrak, in partnership with risk management associations and ERM, has come up with a model that assesses and organisation’s reputation as a net promoter score and integrates it into the wider ERM framework. Using the model, risk managers can then measure the potential impact of different scenarios on the business and its brand and reputation.

Reptrak describes reputation as an “emotional bond” that ensures stakeholders’ support and characterises it as a “consequential risk”, in other words a consequence of an incident or error. The extent to which an organisation’s reputation is harmed is then based on various other factors, including how strong or “sticky” its brand and image was in the first place, and how well and how quickly it responds to the crisis.

Corporate communications plays an important role, but in order to properly integrate reputation into an organisation’s ERM framework, silos must be broken down. “One of the problems with his reputation in particular is there are many facets to it,” explains Ludlow. “A brand is strengthened or weakened depending on the strength of leadership, financial returns, products and services, innovation, workplace culture, corporate citizenship. Each of those has a different owner in the corporation.”

“So instead of ownership being under one person or one function, like HR managing people or facilities management taking care of buildings, everybody has got a stake in the reputation management,” he continues. “You’ve got to have a team approach at the highest level. HR will champion making you an attractive workplace, CR will champion citizenship, company secretaries champion governance while sales and marketing champion products and services and the CFO champions the financials.”

“You’ve got to get this team working together, agree a common framework and metrics and work together to measure and manage the asset. And then a risk manager’s got a fighting chance of saying how do I protect this asset?”

Ultimately, a successful approach to managing and mitigating reputation risk is about ownership and collaboration, agrees Ulf Nielsen. “I’ve seen inside some companies which have a brand and reputation strategy which is run by marketing, corporate communications and/or public affairs, and the risk people have never heard about it.”

By speaking the same language and using the same metrics, risk managers and crisis communication experts will have a more informed response when the worst happens, he explains, using an example of an environmental incident. “Crisis communications will normally try to focus on products and services, but our data might tell you that you should focus more on global citizenship. It will also tell you how exposed you are to any one event compared to your competitors.”

The same metrics can also hopefully assist in risk transfer. While the insurance industry has products for cyber insurance and product recall, both of which include elements of crisis management, the industry has yet to really get its head around insuring loss of reputation. Specialist non-damage business interruption (NDBI) style products have struggled with a suitable trigger, opting for negative media coverage, but this can be too narrow thinks Ulf Nielsen.

The beauty of being able to measure reputation as an asset on the other hand, means that parametric-style triggers can be used. Companies may decide, for instance, to retain losses of 10%-20% of their reputation, but to take out products that would transfer the risk of more severe impacts. In a the last of Airmic’s fortnightly podcast series based around its 2020 report, experts from KPMG and AIG said insurers could play a leading role on reputation going forward.

“It is definitely an area where insurance should be more involved,” said Paul Merrey, strategy partner at KPMG. “The first bit is the awareness of organisations that insurance can play a role here and for insurers to put in a bit more focus on this area, because insurance is about protecting an organisation’s most vital assets.”

“In developing insurance offerings it is better understanding of the asset values, what the triggers are, respective preferabilities, calculating the actual loss. In all of these elements, progress is being made.”