- Pricing and telematics lead the charge as insurtech patents jump 40pc
- FCA puts general insurance pricing practices under review
- Volvo and Baidu reach agreement to produce autonomous vehicles
- Cyber and D&O exposures increasingly intertwined, Airmic report finds
- Arch selects Touchstone for cat risk modelling
Eye of the beholder
Written by Trevor Morton
Trevor Morton examines the delicate nature of reputational capital in a new age of risk, where no two firms are the same, and one size does not fit all
Valuing an organisation or business was once the confine of accountants, financiers and swashbuckling entrepreneurs. Simply put, tangible assets such as bricks and mortar, stock, coupled with a punt on the size of the order book were adequate. But much has changed. Now assets including intellectual property (IP), patents, social network followings and brands garner more value that traditional ‘countable’ tangible assets.
Making the intangible tangible
The reputation of the latter, though intangible, has long been recognised by marketing professionals as critical to success. Brands confer considerable advantages including customer loyalty and premium pricing. Testimony to the growing relevance of brands is the 2010 publication of ISO standard 10668:2010, Brand valuation – Requirements for Monetary Brand Valuation. According to Christopher Scholz, chair of the ISO project committee that developed the standard, brands, like many other intangible assets, are highly valued properties. “They are used to create distinctive images and associations in the minds of stakeholders that help a company stand out in the marketplace, and to communicate and engage with their customers,” Sholz explains.
For a long time, companies have struggled to determine the actual impact and value of their brand. A brand’s value is driven by its reputation that is accumulated over time. Reputation is in the eye of the stakeholder, determined by their perspective – be they a typical purchaser, an employee, an investor or a government body. Stakeholders across a broad spectrum look to the reputational capital of a brand when buying in. When a brand’s reputation is sullied, they may equally divest of it, or pass it by when purchasing. According to Edelman, the global public relations firm, the likelihood of a firm hitting the reputational buffers has risen by more than 400 per cent in just the last decade. When a crisis hits, bad news travels fast. Supercharged social networks and an Internet-powered news hungry media can and do wipe out reputational as well as market capital often built up over decades. Billions have been be wiped off the market value of firms.
A cohesive reputation strategy is no longer skewed to the building of brand value at the front end. It depends equally on effective crisis management strategies to preserve reputational capital when adversity strikes.
According to research commissioned by Aon into the dynamics of corporate reputation and financial performance, it is the effects of extreme events that highlight the key risks to reputational value. Global brands are a prime source of countless examples. One such damaging crisis, and possibly pertinent to many readers, will be the three-day worldwide outage of BlackBerry’s email service, a critical part for BlackBerry smartphone users, in 2011. The company was ill prepared for the event that as the outage spread across continents, cut off email and Internet for three quarters of its 70 million users. The silence was broken after two days when Micheal Lazaridis, founder of Research in Motion (RIM), BlackBerry’s original name, posted a lamentable video apology. The sentiment among Twitter users was that it appeared as nothing short of a half-hearted attempt to save the brand’s image. No cause was given nor any semblance of a timetable for restoration of the service other than “We’re seeing steady improvements” as Lazaridis promised they were “working on the issue”. The mishandling of the crisis was epic and critics seized upon the PR meltdown of a company whose reputation had been on the slide for several years. The once ubiquitous BlackBerry – the defacto “corporate smartphone”, atrophied overnight and left the way open for Apple’s iPhone to enter the lucrative corporate space. Eclipsed by Apple and now Samsung, its share price has plummeted by almost 96 per cent in the past two years and market share has diminished to 4.2 per cent. Many now predict its imminent demise.
Earlier in 2010, whilst frantic efforts were being made to cap a leak deep on the seabed of the Gulf of Mexico, Tony Hayward, then chief executive officer (CEO) of BP, appointed himself spokesman for the unfolding disaster. Hayward, an oil man and engineer by trade, progressively dug himself, and along with BP, deeper and deeper in to a hole in which reputations would sink. For four months, the crisis was played out to the American public fed by the inept sound bites of Hayward´s live TV appearances. Well intentioned he might have been, but his mistimed and misplaced comments such as “What the hell did we do to deserve this?” and, “I want my life back” did little to build bridges or install confidence with the American people. The final rub came when he declared, “I don’t feel my job is on the line” and then flew back to the UK for the weekend to part in the Round the Island yacht race.
Barack Obama broke cover and joined in the rhetoric lambasting Hayward, by then the face of BP. The fine alone for the estimated 4.5 million barrels of oil spilled is thought to be of the order of US$19bn. According to Apeksha Srivastava of consultancy RiskLogic, “BP’s reputation has been severely damaged by the oil spill in the Gulf of Mexico. BP devoted significant time and resources over the past few decades promoting the company to be an environmentally responsible organisation; however this crisis has put their ‘clean’ image at risk. The reputation cost to the brand remains to be seen. Now in damage control, BP has a long way ahead to restore a positive image. While the events at BP and BlackBerry were exceptions, they revealed – or gave the impression of – the lack of a coherent strategy. The resultant loss of reputational capital will far exceed the cost of being prepared and able to respond appropriately.
The drivers of reputational risk
With its roots in financial services, risk management has evolved as an audit-related discipline. This has resulted in a focus on known events, risks and means of mitigation. But reputational risk is driven by exceptional and, on occasions, catastrophic events. For Blackberry, BP and a host of others, unexpected events have resulted in significant and enduring impact, made worse by a lack of strategy behind any attempt at crisis management. In the case of BP’s Deepwater Horizon drilling rig explosion there were 11 fatalities. Nonetheless, these events were in context of the industries concerned and could be classed as operational risk. Whilst nobody expects an exceptional event to occur on their watch, the point is, these are operational risks that trigger events but in varying degrees of likelihood. In both cases there was a tacit lack of preparedness that exacerbated the event and ultimately the reputation impact. Justifying preparedness for a single worst-case scenario, however unlikely, cannot be negated on the basis of cost versus likelihood. Commercial airlines are prepared for the PR fall-out from routine disruption to services just as they are prepared for their worst-case scenarios. Preparation for any and all events costs less than the remedial actions of getting it wrong.
For many, continuity has become a bi-word for incident management. When left unchecked, events can escalate and start to impact operations. Recent events of March 2013 at NatWest saw customers unable to use ATMs or access online banking. Whilst the bank was quick to respond via its Twitter account, hundreds of its customers responded angrily at yet another system failure at RBS Group within a year. According to the head of security and fraud at one bank that wished to remain anonymous, “my role is to put in place best practice for business continuity and incident management for operations, and to ensure that the company is protected against any security threats or fraud. The extensive remit of my role and the way I need to communicate with people means that we needed to automate our processes to help improve efficiency”. With over 60 million customers worldwide, the bank is implementing a single cloud-based solution to manage disaster recovery. “By the end of the year we will be using it to run all of our crisis management exercises.” This systematised approach to managing potentially damaging events has been extended to high risk and highly regulated industries including airlines, sub-sea engineering, construction and offshore energy.
Andrew Carvell, business development manager at AIControlPoint says: “We work with companies that operate in high risk environments where the need for a robust and flexible incident management solution is critical. However, there is a growing prevalence of companies using our operational issue management solution with a view to achieving operational excellence and trying to both, identify events before they are escalated to an incident and to find the root cause to try and prevent it from occurring again. This proactive approach to issue management not only has significant impact on risk mitigation, but ultimately on improving operational efficiency.”
Beware – digital risk ahead
Speaking to Chris McBrayne, director of Business Continuity and Resilience Services (BCRS) at IBM UK, McBrayne highlighted the increasing shift in the lens of how organisations are approaching IT resiliency in light of its potential impact on reputation. “This year’s Global Economic Forum in Davos saw the focus and sentiment of political and economic leaders was around resilience. In some sectors, notably government and large corporations, the risks and implications of IT resilience are understood and for the most part, being addressed. Elsewhere, particularly in the SME space, there appears to be more emphasis on the security of the factory gate. There remains a lack of understanding of the risks and implications of data security, resilient systems or cyber-attack on the company’s website or firm’s information systems”.
The rapid ascent of IT as a key driver of reputational risk is, in the view of McBrayne, the result of a number of factors. “Only a few years ago, cost reduction was the driving force across the entire landscape of IT. It also became the motivation for outsourcing. Then, if systems went down, firms could throw resources at the problem and, with luck, it would go unnoticed. Now, if IT is down, with it go many aspects of customer services – supply chain, payment systems, websites and much more. When sites and services go down, things go public very quickly and reputations soon follow.”
Given the pivotal role of IT, now core to the functioning of almost every organisation, who is ultimately is responsible for IT continuity and its implications on reputational risk? McBrayne says, “according to respondents to our (IBM’s) Reputational Risk and IT study, the view is that responsibility lies with the CEO. In reality, this is not practical. The CEO must, however, make sure the chief information officer, chief risk officer and chief marketing officer are joined-up and taking a holistic approach to risk. But the bandwidth, skills and resources required to manage all of the elements of risk in the digital era go beyond the existing C-level officers.” With reputational risk becoming so relevant in the last few years in part due to the onset of social media, some organisations have created a new role of chief digital officer (CDO). “Whilst security is front of mind given the world we live in today, any threat that has the potential to bring down a system can have the same effect on the reputation of the business. Crises will occur. “Taking a holistic view of your company, its business processes and the industry you are in, issues can be addressed before they escalate,” McBrayne adds.
Moving IT into the cloud is becoming increasingly attractive strategy to obviate technology-driven risks. Fire, flooding or acts of terrorism make it an ideal strategy to pursue. As server images and data are continuously replicated, recovery times can be reduced to less than an hour. Emerging trends in technology coupled with better governance of IT should go some way to reduce potentially costly and damaging incidents that impact reputation.
As events show, a basket of risks ranging from a simple human error, a single point of failure of a complex system, to catastrophic man-made and natural disasters, can and do wipe away reputational capital overnight. No two firms have identical risks profiles. Formulating coherent and scalable strategies must become mandatory to protect reputational capital. The larger, more complex organisation has a greater need for a joined-up approach from the boardroom down.
Download this article as a PDF
Contact the editor