Managing reputational risk is no easy job. You’ve likely seen plenty of corporate social-media snafus that went viral. And then there are the ads that were meant to be funny but missed the mark entirely, leaving the company scrambling to contain the damage.

While these blunders might turn up the heat only in the short term, there are some mistakes organizations make that have a lasting and highly negative impact on their brands and reputations. In some cases, the reputational damage can be so great, the business simply cannot recover.

Understanding Reputational Risk

Reputational risk includes anything that could put your organization’s brand or image at risk or negatively impact your customers, investors, vendors, and key stakeholders. Think: disappointing the public when your products and services don’t meet their expectations. Or supply-chain problems that mean your products aren’t delivered at all. If that happens, customers might go elsewhere – possibly never to return.

Those are some of the more obvious examples of reputational damage. In reality, though, virtually all of your organizational risks could also be reputational risks.

Say, for example, your team identifies critical compliance risks. You know about them, but are slow to take mitigating actions. If governed by a regulatory agency – the Office for Civil Rights in healthcare, for example – your blatant disregard of those risks could result in fines and penalties that could quickly reach into millions.

While that may be extreme, there are a range of other damaging impacts. What would happen if you lost your certification or accreditation? Could an event negatively impact the way your customers see you? Would it violate the trust of the general public? Or worse, could it put the safety of your employees or customers at risk?

These are very real scenarios for modern business. Even so, many organizations struggle to identify or manage all of their reputational risks, especially on a continuous basis.

Identifying and Managing Reputational Risk

Many organizations are behind the eight ball when it comes to anticipating and identifying reputational risk. Many, in fact, find themselves flying by the seat of their pants when faced with a real-world scenario. And that rarely turns out well.

Reputational risk can and should be managed just as you would manage other operational risks. Here are seven tips to protect your brand, your business, and your future:

Understand your current reputation.

Take stock of existing perceptions (via surveys, focus groups, etc.) internally with your employees and externally with your vendors, customers, key stakeholders, and the market. Don’t forget the media – social and more traditional forms – and never underestimate the power of public opinion. Are you satisfied with how all of your stakeholders currently view your organization? Are there areas that could use improvement?

Go beyond a mission statement.

Most companies have a vision and mission statement, but whether those values are ingrained in the culture is another thing. In simple terms, do you put your money where your mouth is? If you say a specific cause or attribute is the core of your organization, do you live up to your promises?
Not delivering on expectations can have a tremendously negative impact on your reputation. Making ESG – environmental, social, and governance – promises and failing to deliver, for instance, can be worse in the long run than not taking a stand at all. Disappointed stakeholders can lead to reduced sales, lower employee morale, and difficulties accessing capital.

Conduct ongoing reputational risk assessments.

Identify events or situations that could harm your relationships with your customers, employees, and other stakeholders. Are there changes in the market or political climate that could adversely affect customer trust? Would your ability to conduct business be impacted? Are there legal, compliance, regulatory, or financial impacts with any of these risks?

Assign a risk score.

Some reputational risks will have greater impact on your organization than others. After conducting your risk assessment, assign a risk score to each, and use those scores to prioritize your action plans. And of course, ensure your risk treatment aligns with your organization’s risk threshold.

Identify weaknesses.

After evaluating your current reputational standing and assessing your risks, identify any gaps between where you are now and where you want to be. Armed with that knowledge, you can formulate a plan to remediate your weaknesses. Be sure to routinely reevaluate your status to continue to strengthen your status and close any gaps that emerge.

Develop a crisis communication plan.

Reputational damage can happen very quickly and very publicly. The last thing you want to do is figure it out on the fly. Develop a communication plan well in advance and practice your response so that it becomes muscle memory. While you can’t anticipate every scenario, you’ll be much better poised to respond during a reputational crisis if you share the messages and actions with leadership, as well as human resources, legal, and other key departments.

Educate your employees.

Some of your biggest reputational risks can come from your own employees who either accidentally or maliciously do something that puts the organization in a bad light. Help ward off accidental missteps by training your employees on your ethics, compliance, social-media policies, and other behavioral expectations.

A tarnished reputation has taken down many an organization. The best way to protect your organization is to start planning now. Understand what’s at stake, regularly assess your reputational risks, and be proactive with your plan. Because once the damage is done, your reputation can be extremely difficult to restore.


Need help evaluating and remediating your reputational risks? Check out Riskonnect’s Business Continuity & Resilience software or schedule a demo with one of our experts.