“Horrible service”. “They didn’t care about my data”. “Only interested in making profit”.
These are only a few familiar comments that one can find online or hear on the streets about companies that, for one reason or another, suffered a reputation breakdown.
As CIOs sign into business transformation journeys and take upon themselves new responsibilities, brand awareness and reputation management are becoming important aspects of their role.
Just a couple of years ago, the recall of flammable Samsung Galaxy Note 7 smartphones wiped 98% off the profits of the multinational’s mobile division.
Since smartphones are Samsung’s core business, the collapse dragged total company profits down by 30% to their lowest level in two years. Ouch.
However, Samsung initiated a massive PR campaign and started working against the clock to rebuild the trust in the brand.
"Getting it right in this instance was to stop sales and then initiate a recall," thinks Lars Voedisch, founder and managing director of PRecious Communications in Singapore. "This is a big move and the only one that makes sense in such a situation."
Experts agree that transparency and what it was perceived as a genuine apology to its customers was what saved Samsung from the Note 7 setback.
As of Q2 2018, Samsung still retains its position as number one for the smartphones market share and is well ahead of its Chinese competitors, making its reputation recovery worth a chapter in the brand management manuals.
But the consequences of reputational damage go far beyond the impact on profit. Like we have seen in the Samsung case, it also affects stakeholders and customers’ trust in your company and the public image of your brand.
Not only that, it can lead to other important risks such as an increase in competition, directors and officers liability or unethical behaviour becoming ingrained in your organisation.
This summer, Amazon workers refused to build tech tools for US immigration departments, warning Jeff Bezos, the company’s CEO, of IBM’s Nazi legacy.
"As ethically concerned Amazonians, we demand a choice in what we build, and a say in how it is used," said Amazon workers in a letter to Bezos. "We learn from history, and we understand how IBM's systems were employed in the 1940s to help Hitler. IBM did not take responsibility then, and by the time their role was understood, it was too late. We will not let that happen again.”
The workers' dissent went viral and even if it did not have a critical impact on sales, it has definitely shaken the company’s reputation. It's not difficult to understand why no organisation would ever like to be compared or associated to the Nazis.
“Although risk management awareness and tools have evolved, reputation risk continues to weigh on corporate executives as one of their leading concerns”, says Randy Nornes, enterprise client leader at Aon. “For the past 10 years, reputation risk has occupied one of the top spots on Aon’s bi-annual Global Risk Management Survey”.
American business magnate Warren Buffett said that “it takes 20 years to build a reputation, and five minutes to ruin it”.
Since CIOs today have a strategic business role and work closely with their C-suite colleagues, it's vital that they include reputation management in their strategy.
Below we present you with some tips that you should consider if you want to manage reputation risks in an age where your company’s name can be in shambles as a result of a tweet.
Establish, share and promote values
Probably the best way of avoiding any reputation smears is having a culture of respect that promotes the right values.
In Reputational Impact of IT Risk by Forbes Insights, it was uncovered that 46% of organisations suffered damage to their reputation and brand value as a result of a privacy breach.
Businesses that explicitly make clear that protecting the privacy of their consumers is a primary goal, care about their consumers’ privacy, and support meeting that goal with transparent and consistently followed privacy practices that demonstrate this care, will build emotional connections to their brand, which will improve brand value.
Surrounding yourself with a team that truly believes and implements those values instead of paying lip service will be a good guarantee that your company is doing the right thing.
Introduction of controls
To make sure that policies and procedures are being followed it is essential that you introduce periodic controls to monitor them. Implementing a successful security plan is essential too.
In the case of cybersecurity, this can be done by employing an external Penetration Testing company to evaluate your security approach.
Data protection will require frequent audits, risk registers and data mappings.
Regular staff training, whereas through presentations, emails or courses, should be a must for every business, particularly when four of the five top causes of data breaches are caused by human or process error.
According to a Risk:Value report from NTT Security released this month (3 September), only one third of senior executives in UK organisations admit that their company insurance currently covers them for a security breach and for the financial impact of data loss, despite the fact that 81% agree that it is ‘vital’ that their enterprises are insured against information security breaches.
This issue links to the promotion of values tip: if you don’t want your employees to lose confidential paperwork or email information to the wrong recipients, you have to explain why data protection is not just a legal requirement but an important matter for your organisation.
Of course you don’t want to get fined but above all you should want your clients, employees and stakeholders to be able to trust in you.
Include reputational risks and contingency plans in your strategy
In 2018, the risks resulting from cybercrime are unmistakable.
Recently we published how CIOs should respond to a data breach - incorporating this kind of risk in your reputational risk register is essential and should be part of your overall strategy.
The risk implications involving connected, smart devices through the Internet of Things (IoT) are becoming more obvious.
As cyber encompasses many facets — including being an unexpected crisis in and of itself — it is increasingly important that any reputation risk management strategy understands cyber risk and works across departments to properly gauge organizational exposure.
The latest report by Pentland Analytics and Aon Reputation Risk in the Cyber Age: The Impact On Shareholder Value identified three key drivers of a successful recovery for a reputation event: crisis communications must be instant and global; perceptions of honesty and transparency are essential; active, social responsibility is critical.
The same study identified five key attributes in all the organisations from the case studies that survived, and even thrived, after the reputation crisis: they were prepared, genuine, transparent, global and they were coherent.
If your organisation takes reputational risks seriously and makes sure that there’s a solid contingency plan in place, with appointed staff who will know what to do and when to do it, even in the worst of storms your boat should be able to keep afloat.
“But you told me you would fix it today”. Next day you have a lengthy complaint and demand for compensation in your inbox.
Although in reality the client is not always right, false promises and misleading information can lead to unhappy customers and an impact on your trustworthiness and reputation.
A well-known business mantra nowadays is “under-promise and over-deliver”.
It’s quite a sensible one and it will prevent any disappointment from part of your clients.
Above all, being honest about your services and what you can do will give the right idea to the people you are working with,
“Always look on the bright side of life”. Monty Phyton’s great wisdom can be very useful when it comes to dealing with reputational risks.
Focusing on the positives of your work and creating intelligent social media campaigns will help promote your business.
If you have good reviews or feedback from clients - share it! If you have a negative one, address it and fix it - turn negatives into positives.
Learning from your mistakes is equally important.
In the aftermath of the Volkswagen emissions scandal in the UK, the vehicle company launched a campaign featuring the headline “We have broken the most important part in our vehicles: your trust”.
Whereas some PRs might perceive the move as risky (after all it put the brand again in the spotlight, making the mistake known to people who might have missed it), it also showed an honest approach where the company accepted responsibility and showed that the priority was their customers.