28 September 2015 by Henry Ker
Don’t know 5%
As Kasper Nielson says in this month's feature, Protecting reputation, ‘reputation is all about the perception that stakeholders have of you’. Whether it is customers choosing to shop elsewhere or big investors deciding they do not want to be associated with your brand, reputational damage will have repercussions for your company.
In light of some recent high-profile cases of business suffering reputational damage, we asked the Governance and Compliance/Core community whether they consider reputational risk to be a major concern and if it is regularly discussed at board level.
There was a clear majority in the responses to this question, with 90% agreeing that it is a major concern and regularly discussed by their board, 5% disagreeing and the last 5% saying they are unsure.
When we asked respondents what they consider to be the biggest reputational threat, there was a wide range of answers. Surprisingly, given recent incidents of hacking at Sony and Ashley Madison, cyber crime did not dominate the responses. Of those who do consider this the biggest reputational risk, answers were fairly short – with comments such as ‘cyber security breach’ and ‘data breach/theft’.
Those who singled out social media were similarly succinct. This may suggest a lack of complete understanding of the scale and extent of these risks – this is backed up by the latest FT–ICSA Boardroom Bellwether which showed nearly half of FTSE 350 companies have not discussed social media strategy at board level.
Some respondents did give more detail, with one highlighting ‘loss of client information’ as the major concern and another addressing personal social media mistakes: ‘the association of “idiot” type photos and “idiot” comments and/or very personal opinions on Facebook or other social media with the corporate culture of the organisation in which I work’.
The recent interaction on LinkedIn between barrister Charlotte Proudman and solicitor Alexander Carter-Silk is one example of where this can go wrong.
As social media and cyber risk are such broad subjects, there are a number of different risks which boards need to be aware of in order to mitigate.
Of the other reputational risks mentioned, ‘customer complaints’ was a frequent answer, with several mentioning ‘poor customer service’ and ‘disgruntled employees and customers’. This is something which is closely linked to the concerns about social media, as the most common public forum for discontented stakeholders to voice their issues is on websites such as Twitter or Facebook.
More general governance-related risks are also a major concern for the respondents. One individual cited: ‘Poor decision-making and governance at executive and non-executive level, particularly financial governance’. Others gave similar answers, including ‘non-compliance with good CSR and governance practices’, ‘regulatory sanction’ and ‘[un]ethical behaviour’. This is a more traditional area of reputation risk and although social media and cyber risk tend to dominate newspaper headlines, the damage arising from poor governance and non-compliance remains a serious consideration. As Kasper says, ‘a systematic approach to address reputational risk cannot be overstated.’