August 20, 2014 | Written by: THINK Leaders
Categorized: Data | Finance | How To | Technology
Protecting brand value from internal and external IT failures
What it means
Safeguarding corporate reputations is becoming significantly more challenging as digital technologies open access and blur boundaries. With technology a part of nearly everything a business makes, sells or services – and the primary means by which so many companies interact and transact with their customers – brand value is increasingly connected to technology performance. Failures, be they breaches, breakdowns or brownouts, exact a significant toll, one amplified and sharpened by a 24/7 news cycle and the social media environment. To put into perspective just how closely IT is interwoven with reputational risk, consider that research shows a significant customer data breach causes the economic value of a company’s reputation to decline by an average of 21 percent.1
Why it’s important
IT exerts a particularly strong influence on brand, customer satisfaction, compliance and profitability, namely the factors that shape customer perception and corporate reputations. In a 2012 IBM Global Reputational Risk and IT Study, 40 percent of respondents said brand reputation was the part of the business most vulnerable to IT risk, a number higher than even the combination of those who named a company’s profitability or stock price as most vulnerable.
The negative effects of data breaches, data loss and systems failures are of particular concern to c-level executives. And for good reason because the average loss in brand value from a single breach can cost organizations between $184 million to more than $332 million.2 When failures occur, they create a two-for-one hit, exacting both an immediate loss and triggering downstream financial consequences from the brand and reputational damage. Such interconnections have made IT a core focus of those who oversee such risks, including CFOs, CMOs and CIOs.
What will change
More organizations have introduced reputational risk as a distinct category within their enterprise risk management frameworks. Nearly 60 percent of companies surveyed globally say they either already invest in or intend to make funding available to manage their reputational and IT risk. As the finance director of one U.S. bank said, “Underestimating the cost of reputational risk greatly exceeds the cost of protection. ‘Proaction’ is preferable to reaction.”
The people and departments responsible for managing reputational and IT risk within the organization are also changing. Whereas the CIO was once seen as the point person for all things technological, now about two-thirds of executives surveyed say accountability needs to be shared across the c-suite. In fact, when asked which executives were most responsible for the company’s reputation, 80 percent of respondents said the chief executive officer, followed by the chief financial officer (31 percent), the chief information officer (27 percent), the chief risk officer (23 percent), and the chief marketing officer (22 percent). Behind the push for a more collaborative approach is a recognition that, with IT enabling so many business practices and functions, reputational and IT risk management has become inherently multi-disciplinary. The CFO must understand the financial effects of a compliance or systems failure, the CMO needs to monitor the brand and respond, and the CIO and CRO need to ensure the right safeguards are in place to protect corporate data and assets across an ever-lengthening and broadening supply chain. Given the layers of coordination involved, some organizations are even going so far as to create a new chief digital officer role to serve as a central point person.
Despite and in many ways because of all the value it creates, IT is a major factor in reputational risk and must be managed within that context to protect and sustain business performance, as well as brand and shareholder value. Recognizing the importance of this interconnection and a proactive strategy to address it will be essential in successfully navigating the downside risk. CFOs have a major role to play in raising the issue of IT and reputational risk and in convening their c-suite peers toward a coordinated response.
Key questions to ask
- What IT failures did our organization or those of our industry peers suffer in the past year, and were the measures taken to address the failures adequate?
- Who is accountable for reputational and IT risk management in our organization?
- Is there sufficient communication between the business and IT on the interplay between reputational and IT risk?
- How does digital risk management fit into our organization’s growth strategy?
- Do we have the right metrics in place to govern IT risk management investment and performance?
1. “Reputation impact of a data breach: US Study of Executives & Managers, “Sponsored by Experian Data Breach Resolution Ponemon Institute, November 2011.
2. Ponemon Institute.
3. 2012 Global Reputational Risk and IT study, IBM.