I meet with senior risk managers of the largest companies regularly in my North American business development role for Willis. Risks associated with a company’s corporate reputation are evolving as a major topic of conversation and concern among risk managers. Based on my discussions this year, I cannot help but conclude that, in many respects, 2012 was a major turning point in managing reputational risk.
Nat-Cats Disrupt Supply Chains—and Reputations
The natural catastrophes experienced in Asia and the resulting impact on global supply chains was a wake-up call for a lot of corporations in evaluating reputational risks in new ways. This article from CBS Money Watch points out how the event and concurrent disruption have impacted Toyota’s growth trajectory since. These events were followed by the massive impact of Superstorm Sandy slamming into New York and New Jersey, destroying towns, interrupting utilities, flooding lower Manhattan and shutting down commerce and normal operations for many major organizations. With estimates between $50 and $70 billion, the damage caused has been far reaching.
These events, and others, stress-tested many firms’ crisis management protocols and disaster recovery planning. The success of a company’s response to unanticipated disasters can impact a company’s long-term reputation. In each of these cases, risk managers were catapulted to the forefront of internal conversations with senior leadership regarding the preparation for and outcome of natural disasters. The discussions that occurred have gone way beyond those historically contemplated by a typical property insurance placement and really require a thorough review of the most cutting-edge nat-cat modeling and analytics, table-top exercises of the disaster plans etc.
Reliance on Cyber Heightens the Exposure
At the same time, cyber and internet-related risk topics are maturing — no longer considered the “new thing to watch” but a major and serious normal business exposure related to how business today is done. Executives are demanding that their risk teams have a thorough understanding of all aspects of the company’s cyber exposures. In short, risks related to the delivery of information, products and services via the Web and social media are highly integrated into core functions. The related risks are now “the cost of doing business.”
As a result, the most sophisticated risk managers are now engaged in discussions with their advertising, marketing and IT teams about the corporate brand and IT strategies to protect their company’s reputation. We have all seen the headlines related to some of the major losses associated with this risk area and how the headlines have hurt a number of financial services firms, retailers, credit card companies etc. Executive leadership is paying attention like never before.
Reputational Risk Comes to the Fore
The combination of newly mature cyber risks, increasing exposure to natural catastrophes, global supply chain disruption and increasing demands for sophisticated crisis management seem to be coalescing as various elements of a major new topic: reputational risk.
If one steps back and looks at the ultimate outcome of these individual events and what they mean for an organization, the macro impact really does become obvious. They are inter-related, operationally critical and can damage a firm in the broadest sense by compromising its reputation and the value inherent in the brand. This topic, more than any other, has been topic #1 throughout Q1.