It's a whole new ballgame when it comes to protecting a business' reputation, according to Steven Minsky, CEO of enterprise risk management software provider LogicManager.
While regulators may be struggling to keep up with the times, the public isn't feeling quite so constrained. As the recent Facebook debacle shows, consumers and investors can swiftly throttle a business' reputation when they suspect the company isn't playing by the rules. "Companies are operating in what I call the 'see-through economy'—a dizzyingly, fast-paced age of transparency where consumers and investors are empowered by new technologies to impact a company’s reputation," said Minsky, who recently authored the study, The State of Risk Management in 2018.
Minsky believes that consumers and investors in the see-through economy don't view scandals as one-off mistakes, but as examples of repeated patterns of risk management negligence. "The first thing to suffer in a corporate scandal is a company’s reputation," Minsky advised. "This reputational damage negatively affects consumer demand for their products and impacts a company’s market value with near-immediacy."
Not long ago, employee comments could be controlled internally and managed externally by corporate communications teams. "However, corporate scandals today cause stock price drops that endure for much longer periods as social media enables the truth to leak out week after week, drowning out the effectiveness of corporate PR," Minsky explained.
If a degraded reputation equals diminished market value, then enterprises today are more vulnerable than ever to risk events that can damage customer and investor sentiment. "This has resulted in a dramatic need for enterprise risk management to gather first-hand information from employees on the front lines, involve and coordinate across departments and connect information and aggregate (it) to its strategic impact," Minsky said.
A governance challenge
Integrating risk management across all departments and silos, from front-line employees to the board of directors, is today’s biggest risk management challenge, Minsky recommended. LogicManager's survey of hundreds of risk management professionals across industries revealed that 54% consider managing cross-functional information to be the most challenging aspect of integrating governance functions. The survey also found that 87% of risk management professionals aim to integrate one or more governance areas into their risk management programs within the next two years.
"Integrating governance functions is a challenge many organizations face, and the answer can’t solely come from senior leadership," Minsky observed. Scandals such as Facebook’s recent mishandling of user data, Chipotle’s food contamination crisis or Wells Fargo fraudulently opening millions of accounts in customers' names can all be prevented, he claimed. The key is an effective enterprise risk management program. "Without one, organizations are unable to connect information and protect their employees, customers, and investors," Minsky explained. "Our survey results indicate that the majority of participants have senior leadership that plans to connect risk management across business silos within two years. "
Cybersecurity is also a top concern for risk management professionals, with 72% of survey respondents acknowledging that it's the most vulnerable area for their company. Last year marked a whirlwind 12 months for cybersecurity breaches. Minksy noted that between Equifax, Uber, Wells Fargo, and others, 2017 played host to over 1,579 major data breaches that exposed the records of over 178 million people in the U.S. alone. Companies need to protect their business, their data, their employees, customers and shareholders and begin thinking proactively about cybersecurity as a risk management issue, Minsky advised. He added that organizations also have to anticipate what’s coming next, instead of simply managing crises as they arrive.
A general misunderstanding that better cybersecurity automatically drives the need for more advanced technology also needs to be rectified, Minsky said. Cybersecurity is really a people, processes, and governance issue, he observed. "The most advanced cybersecurity software can’t prevent a data breach or hack when a weak password is the culprit," Minsky said. "Most data breaches are the result of poor information security policies, or policies that aren’t being followed by employees."
As the world becomes increasingly transparent and uncertain, many organizations now feel like the cards are stacked against them. The solution, Minsky believes, is to take a risk-based approach to the challenge, identifying the root cause of incidents across departments before a major scandal emerges, and prioritizing threats based on their potential impact. "A risk-based approach to risk management is the only way companies can succeed today and in the future," Minsky stated.
Minsky believes that an integrated approach to risk management is critical for protecting an organization's reputation. "As we’ve seen with Facebook, when public trust is violated there is a direct impact on a company’s share price," he said. "Even in instances where no laws have been broken, in the see-through economy companies must consider the consequences of their actions with regards to their customers and shareholders."