FEATURE
cybersecurityeurope
I
REPUTAT WARREN BUFFET ONCE SAID “IT TAKES 20 YEARS TO BUILD A REPUTATION AND FIVE MINUTES TO RUIN IT... IF YOU THINK about that, you will do things differently”. It’s not known if the business magnate spoke from bitter experience, but he would certainly be apprised of the importance of a sound reputation as a business enabler. Reputational damage is a concomitant of reputational risk. As Deloitte has pointed out, reputational risk is interconnected with other business risks more closely than any other type of liability. For example, an industry regulator’s censorious advice can turn into a reputational risk if it becomes subject to media misinterpretation. The same goes for other risk types, such as the corporate culture, financial results, and of course, cyber security resilience. Arguably, no other phenomenon now has
BRIEF
a greater impact on brand reputation than being victimised by a successful hack attack. Indeed, this phenomenon has over the last decade served to teach executive leadership across a range of vertical sectors, just how critical their organisations’ reputations are – and just how vulnerable they are to impairment that can result from even comparatively minor cyber incidents. ‘Organisations’ exposures to reputational threats have never been greater and continue to grow with the proliferation of digital media,’ Deloitte reports. ‘Threats to reputation can emanate from other risks, yet reputation itself stands among [an] organisation’s most valuable assets, and must be managed proactively... This is one of the few risk domains that chief officers and board members can directly control’. Such eventualities have resulted in a fundamental thought change around reputational risk. Traditionally, senior executives have seen reputational jeopardy as a consequence of other things that happen, Deloitte has noted, rather than a defined risk type in itself:
The overall ‘cost’ of reputational damage is now increasingly being factored into the financial impacts of cyber data breaches.
‘REPUTATIONAL RISK CAN ERUPT OUT OF NOWHERE AND WITHOUT WARNING...’ Reputational risk is generally deemed a threat or danger to the good name or standing of an organisation, business or other entity. Reputational damage can occur in three primary ways. First, directly, as the result of the actions
48
of the organisation itself. Second, indirectly, there due to the actions of an employee or employees, say. And third, tangentially, through other
