Access to information about companies is more available to consumers than ever. Organizations must implement mechanisms to monitor and manage how information is perceived to avoid potentially disastrous consequences to their brand reputation.
A negative event could impact your organization's reputation at any given time. Make sure you understand where such events may come from and have a plan to manage the inevitable consequences.
- Identifying and managing a vendor’s potential impact on your organization’s reputation requires efforts from multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how social media can affect your brand.
- Organizational leadership is often caught unaware during crises, and their response plans lack the flexibility to adjust to significant market upheavals.
Impact and Result
- Vendor management practices educate organizations on the different potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
- Prioritize and classify your vendors with quantifiable, standardized rankings.
- Prioritize focus on your high-risk vendors.
- Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your reputation and brand with our Reputational Risk Impact Tool.
Identify and Manage Reputational Risk Impacts on Your Organization
Brand reputation is the most valuable asset an organization can protect.
Organizations must diligently assess and protect their reputations, both in the market and internally.
Social media, unprecedented access to good and bad information, and consumer reliance on others’ online opinions force organizations to dedicate more resources to protecting their brand reputation than ever before. Perceptions matter, and you should monitor and protect the perception of your organization with as much rigor as possible to ensure your brand remains recognizable and trusted.
Access to information about companies is more available to consumers than ever. A negative event could impact your organizational reputation at any time. As a result, organizations must implement mechanisms to monitor and manage how information is perceived to avoid potentially disastrous consequences to their brand reputation.
Make sure you understand where negative events may come from and have a plan to manage the inevitable consequences.
Identifying and managing a vendor’s potential impact on your organization’s reputation requires efforts from multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how social media can affect your brand.
Organizational leadership is often caught unaware during crises, and their response plans lack the flexibility to adjust to significant market upheavals.
Vendor management practices educate organizations on the different potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
Prioritize and classify your vendors with quantifiable, standardized rankings.
Prioritize focus on your high-risk vendors.
Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your reputation and brand with our Reputational Risk Impact Tool.
Organizations must evolve their risk assessments to be more adaptive to respond to rapid changes in online media. Ongoing monitoring of social media and the vendors tied to their company is imperative to achieving success and avoiding reputational disasters.
Info-Tech’s multi-blueprint series on vendor risk assessment
There are many individual components of vendor risk beyond cybersecurity.
This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.
Out of scope:
This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.
Reputational risk impacts
Potential losses to the organization due to risks to its reputation and brand
In this blueprint, we’ll explore reputational risks (risks to the brand reputation of the organization) and their impacts.
Identify potentially negative events to assess the overall impact on your organization and implement adaptive measures to respond and correct.
Protect your most valuable asset: your brand
25%of a company’s market value is due to reputation (Transmission Private, 2021)
94%of consumers say that a bad review has convinced them to avoid a business (ReviewTrackers, 2022)
14 hoursis the average time it takes for a false claim to be corrected on social media (Risk Analysis, 2018)
What is brand recognition?
|And the cost of rebranding
“Brand recognition is the ability of consumers to recognize an identifying characteristic of one company versus a competitor.” (Investopedia)
“Most trademark valuation is based directly on its projected future earning power, based on income history. For a new brand with no history, evaluators must apply experience and common sense to predict the brand's earning potential. They can also use feedback from industry experts, market surveys, and other studies.” (UpCounsel)
The cost of rebranding for small to medium businesses is about 10 to 20% of the recommended overall marketing budget and can take six to eight months (Ignyte).
"All we are at our core is our reputation and our brand, and they are intertwined." (Phil Bode, Principal Research Director, Info-Tech Research Group)
What your vendor associations say about you
Bad Customer Reviews
Breach of Data
Poor Security Posture
Negative News Articles
How a major vendor protects its brand
|An ideal state
Never underestimate the power of local media on your profits
Keep in mind that too much exposure to media can be a negative in that it heightens the awareness of your organization to outside actors. If you do go through a period of increased exposure, make sure to advance your monitoring practices and vigilance.
Story: Restaurant data breach
Losing customer faith
A popular local restaurant’s point of service (POS) machines were breached and the credit card data of their customers over a two-week period was stolen. The restaurant did the right thing: they privately notified the affected people, helped them set up credit monitoring services, and replaced their compromised POS system.
Unfortunately, the local newspaper got wind of the breach. It published the story, leaving out that the restaurant had already notified affected customers and had replaced their POS machines.
In response, the restaurant launched a campaign in the local paper and on social media to repair their reputation in the community and reassure people that they could safely transact at their business.
For at least a month, the restaurant experienced a drastic decrease in revenue as customers either refused to come in to eat or paid only in cash. During this same period the restaurant was spending outside their budget on the advertising.
Story: Monitor your subcontractors
|Trust but verify
A successful general contractor with a reputation for fairness in their dealings needed a specialist to perform some expert carpentry work for a few of their clients.
The contractor gave the specialist the clients’ contact information and trusted them to arrange the work.
Weeks later, the contractor checked in with the clients and received a ton of negative feedback:
As a result, the contractor took extreme measures to regain the clients’ confidence and trust and lost other opportunities in the process.
You work hard for your reputation. Don’t let others ruin it.
Don’t forget to look within as well as without
Story: Internal reputation is vital
Trust works both ways
An organization’s relatively new IT and InfoSec department leadership have been upgrading the organization's systems and policies as fast as resources allow when the organization encounters a major breach of security.
Trust in the developing IT and InfoSec departments' leadership wanes throughout the organization as people search for the root cause and blame the systems. This degradation of trust limits the effectiveness of the newly implemented process, procedures, and tools of the departments.
The new leaders' abilities are called into question, and they must now rigorously defend and justify their decisions and positions to the executives and board.
It will be some time before the two departments gain their prior trust and respect, and the new leaders face some tough times ahead regaining the organization's confidence.
How could the new leaders approach the situation to mend their reputations in the wake of this (perhaps unfair) reputational hit?
It is not enough to identify the potential risks; there must also be adequate controls in place to monitor and manage them
Identify, manage, and monitor reputational risks
Which way is your reputation heading?
- Do you understand and track items that might affect your reputation?
- Do you understand the impact they may have on your business?
Identifying and understanding potential risks is essential to adapting to the ever-changing online landscape
Few organizations are good at identifying risks. As a result, almost none realistically plan to monitor, manage, and adapt their plans to mitigate those risks.
Not protecting your brand can have disastrous consequences to your organization
What to look for in vendors
|Identify potential reputational risk impacts
Assessing Reputational Risk Impacts
|Review Organizational Strategy
Understand the organizational strategy to prepare for the “what if” game exercise.
|Identify & Understand Potential Risks
Play the “what if” game with the right people at the table.
|Create a Risk Profile Packet for Leadership
Pull all the information together in a presentation document.
|Validate the Risks
Work with leadership to ensure that the proposed risks are in line with their thoughts.
|Plan to Manage the Risks
Lower the overall risk potential by putting mitigations in place.
|Communicate the Plan
It is important not only to have a plan but also to socialize it in the organization for awareness.
|Enact the Plan
Once the plan is finalized and socialized put it in place with continued monitoring for success.
|(Adapted from Harvard Law School Forum on Corporate Governance)|
Reputational risk impacts are often unanticipated, causing catastrophic downstream effects. Continuously monitoring your vendors’ actions in the market can help organizations head off brand disasters before they occur.
Understanding how to monitor social media activity and online content will give you an edge in the current environment.
Do you have dedicated individuals or teams to monitor your organization's online presence? Most organizations review and approve the online content, but many forget the need to have analysts reviewing what others are saying about them.
Organizations need to learn how to assess the likelihood of potential risks in the rapidly changing online environments and recognize how their partnerships and subcontractors’ actions can affect their brand.
For example, do you understand how a simple news article raises your profile for short-term and long-term adverse events?
Socialize the risk management process throughout the organization to heighten awareness and enable employees to help protect the company’s reputation.
Do you include a social media and brand protection policy in your annual education?
Identify reputational risk
|Who should be included in the discussion?
||Keep in mind: (R=L*I)
Risk = Likelihood x Impact
Impact tends to remain the same, while likelihood is a very flexible variable.
Manage and monitor reputational risk impacts
|What can we realistically do about the risks?
Social media is driving the need for perpetual diligence.
Organizations need to monitor their brand reputation considering the pace of incidents in the modern age.
The “what if” game1-3 hours
Input: List of identified potential risk scenarios scored by likelihood and financial impact, List of potential management of the scenarios to reduce the risk
Output: Comprehensive reputational risk profile on the specific vendor solution
Materials: Whiteboard/flip charts, Reputational Risk Impact Tool to help drive discussion
Participants: Vendor Management Coordinator, Organizational Leadership, Operations Experts (SMEs), Legal/Compliance/Risk Manager, Marketing
Vendor management professionals are in an excellent position to help senior leadership identify and pull together resources across the organization to determine potential risks. By playing the "what if" game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.
- Break into smaller groups (or if too small, continue as a single group).
- Use the Reputational Risk Impact Tool to prompt discussion on potential risks. Keep this discussion flowing organically to explore all potential risk but manage the overall process to keep the discussion on track.
- Collect the outputs and ask the subject matter experts for management options for each one in order to present a comprehensive risk strategy. You will use this to educate senior leadership so that they can make an informed decision to accept or reject the solution.
Download the Reputational Risk Impact Tool
Example: Low reputational risk
We can see clearly in this example that the contractor suffered minimal impact from the specialist's behavior. Though they did take a hit to their overall reputation with a few customers, they should be able to course-correct with a minimal outlay of effort and almost no loss of revenue.
Example: High reputational risk
Note in the example how the tool can represent different weights for each of the criteria depending on your needs.
|Be vigilant and adaptable to change
Organizations must evolve their risk assessments to be more adaptive to respond to global factors in the market.
Ongoing monitoring of online media and the vendors tied to company visibility is imperative to avoiding disaster.
"The CEO Reputation Premium: Gaining Advantage in the Engagement Era." Weber Shandwick, March 2015. Accessed June 2022.
Glidden, Donna. "Don't Underestimate the Need to Protect Your Brand in Publicity Clauses." Info-Tech Research Group, June 2022.
Greenaway, Jordan. "Managing Reputation Risk: A start-to-finish guide." Transmission Private, July 2020. Accessed June 2022.
Jagiello, Robert D., and Thomas T. Hills. “Bad News Has Wings: Dread Risk Mediates Social Amplification in Risk Communication.” Risk Analysis, vol. 38, no. 10, 2018, pp. 2193-2207.
Kenton, Will. "Brand Recognition.” Investopedia, Aug. 2021. Accessed June 2022.
Lischer, Brian. "How Much Does it Cost to Rebrand Your Company?" Ignyte, October 2017. Accessed June 2022.
"Powerful Examples of How to Respond to Negative Reviews." ReviewTrackers, 16 Feb. 2022. Accessed June 2022.
Tonello, Matteo. “Strategic Risk Management: A Primer for Directors.” Harvard Law School Forum on Corporate Governance, 23 Aug. 2012. Web.
"Valuation of Trademarks: Everything You Need to Know." UpCounsel, 2022. Accessed June 2022.
Related Info-Tech Research
|Identify and Manage Financial Risk Impacts on Your Organization
|Identify and Manage Strategic Risk Impacts on Your Organization
|Jump Start Your Vendor Management Initiative
Research Contributors and Experts
Principal Research Director
Principal Research Director