This site uses cookies to provide you with a more responsive and personalized service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.

Bookmark Email Print page

Who’s trending what?

What ‘reputational risk’ means to companies today and how they are managing it


What the Arab Spring elucidated perhaps more than a disgruntled population, was that this population is signed in and logged on. Throughout the Middle East North Africa (MENA) region and specifically in Saudi Arabia, the United Arab Emirates (UAE) and Egypt, over 86% of active web users use social media to get news, information and advice on various issues, according to The Arab Social Media Report, issued by The Dubai School of Governance in November 2011. According to the report, 70 percent of respondents use social media to voice their opinions on a multitude of topics. As such, the region is fueled with highly active web users, engaged on the various social media platforms.

And they are not only engaged in politics. With online news and social media, a small mistake can become an international #trending topic within seconds. Brands are now more vulnerable than ever.

A scandal tied to a reputable company, propagated by a disgruntled ex-employee could be the next hash tag phenomenon. Companies and, in turn, brands, are constantly vulnerable to reputational risks that can arise from virtually anywhere, be it factors as diverse as product quality, social media, environmental impact, employee malpractice and outsourcing.

As a result, the realm of reputational risk is now regarded as a ‘meta risk’ for companies, standing at the forefront of any key strategic and operational concern for global and Middle Eastern senior executives. Reputational risk has now become a potential threat on a par with new competition, technology failures, talent issues and changing regulations.

How can companies control these risks?

According to Jonathan Copulsky, Principal at Deloitte Consulting, LLP and author of Brand Resilience: Managing Risk and Recovery in a High-Speed World, companies need to intelligently manage the risks by playing active and consistent defense. “By any measure that we have looked at,” says Copulsky, “brands are much more valuable than they have ever been before but at the same time, they are much more fragile.”

Warren Buffett famously said that “it takes 20 years to build a reputation and five minutes to ruin it.” But why should companies worry so much about their reputation?

How well a company’s reputation is regarded by stakeholders can have an immediate and long-term impact on the organization’s overall success. Consumer sales can increase or be negatively impacted by reputation. Potential talent too, can either be attracted to a firm, or repelled by it. Investments can also fluctuate, along with the corporation’s ties with governmental officials in the respective county of operation.

A ‘Trust Barometer’ survey carried out by public relations firm Edelman’s measured attitudes about the state of trust and found that “when a company is trusted, 51% of stakeholders will believe positive information about it after hearing it once or twice, compared to only 25% who will believe negative information after hearing it once or twice.” On the other hand, for companies with a negative reputation, which are generally distrusted, the survey finds only 15% of stakeholders will believe positive information, versus 57% of stakeholders believing negative information after hearing it once or twice.

However, the traditional understanding of how to manage reputational risk no longer applies in today’s world. Before the advent of social media, the focus remained on risk avoidance or minimizing asset losses. Today, with over half of the world’s population connected to the Internet, companies need to relate enterprise reputation matters to strategic outcomes.

At present, the concept has shifted from ‘controlling’ risk’ to the notion of ‘Risk Intelligence’ as put by Copulsky. A corporation must ask itself which reputational risks it can potentially accept, which will pose the greatest potential impact and if it is prepared to address these reputational risks if and when they arise. A Risk Intelligent approach is a highly inclusive and multi-faceted way of operating in today’s dynamic world.

Previously, risk was solely assessed in terms of impact and likelihood. Today, a third dimension of ‘velocity’ has been added, reflects Copulsky, whereby reputational damage can travel at lightning speeds, creating a ripple effect. With two to three Twitter accounts activated every second, 50 million tweets per day (252,000 tweets per day in the MENA region alone), 350 million Facebook users active daily (over 28 million users in MENA region) and over 80% of all companies using either channel, potential ‘saboteurs’, as Copulsky refers to them, are virtually everywhere.

So how do companies become ‘Risk Intelligent’? First, they take a journey of self-discovery, then they analyze stakeholder and marketplace threats and opportunities and lastly, they proactively manage actions designed to protect and enhance reputation and derive value.

Steps to becoming ‘Risk inteligent’

Step One: Self-discovery

Self-discovery is when an organization examines its strategies, initiatives, potential risks and operations, to ultimately locate risks to reputation. This can be carried out by the Chief Risk Officer (CRO). In the absence of such a practitioner, a specialized communications team, with a risk management function, can do the job.

To begin the journey of self-discovery, senior executives need to be approached to identify potential risks to reputation and to assess how these risks may impact their departments. They include the Chief Executive Officer (CEO), whose strategies and business deals may pose a potential threat. Next in line is the Chief Operating Officer (COO), whose role would be to assess the potential reputational impact of supply interruptions, customer dissatisfaction, media reactions and other effects of operational risks. The Chief Financial Officer (CFO) is also important, as impact on reputation can lead to adverse financial implications. 

Other entities to be included in the journey of internal discovery include the head of Marketing, as it is their role to enhance reputation and the head of Human Resources, whereby risks to reputation can impact talent attraction to the firm.

Step two: External identification

External Identification is the process of gathering information from stakeholders to assess potential reputational risks from an outsider’s viewpoint. Gaps between the corporation’s desired reputation and where it currently stands should be identified. This can be conducted through surveys or external consultants to derive unbiased useful information. With this information, potential room for improvement can be acknowledged and built upon.

Key stakeholders of reputational risk

Illustrates the key stakeholders of reputational risk that boards and C-suite executives should consider in their 360-degree approach to risk management and their potential areas of impact on the organization. These will vary according to each organization, but serve here as base for reflection.

Once the first two steps are thoroughly conducted (and they must be repeated frequently, as new updates always surface), a plan of action for each possible reputational risk must be put in place. What is the firm’s official stance on topic X? What should the PR manager respond with when asked about topic Y? Clear instructions must be readily accessible and available to all. If this is mismanaged, the firm will end up with a crisis management situation – which can be potentially destructive.

Step three: Continuous and consistent monitoring

Once the groundwork has been laid, with potential reputational risks identified, continuous monitoring of the overall surrounding environment is vital. Informal surveys conducted amongst stakeholders, along with diligent media monitoring, will aid a corporation in identifying potential risks to reputation.

For example, a negative Tweet on the firm should be flagged and staff should be alerted to stay on the lookout. Firms cannot afford to let their guard down. Yet many firms do not have the internal capacity to carry out these projects. As such, external media monitoring firms are widespread, offering online and offline scanning of news, including social media sites. They provide invaluable minute by minute updates on what is being said about a firm, or its competitors.


Reputational risk has gained its ‘red flag’ ranking in most boardrooms across the globe. Senior executives now comprehend the meta risk involved in reputational damage. As such, risk departments and CROs have been appointed within the firm to intelligently manage potential risks. In addition, it is crucial that each employee is aware of his or her role within the institution, as a powerful brand ambassador.

Once internal and external measures are taken, a firm should assess its preparedness for reputational risk, reflecting on several elements, such as: how would a firm react if a confidential e-mail made its way to the hands of an unsparing journalist? Or if an unfavorable video was made by a few employees in the company premises and uploaded onto YouTube, what would be the best way to respond?

When citizens become journalists and ‘trend’ the noun becomes ‘to trend’ the verb, companies need to stand up and take notice of who is trending what and where.


by Ceem Haidar, Middle East Public Relations leader at Deloitte


Material on this website is © 2014 Deloitte Global Services Limited, or a member firm of Deloitte Touche Tohmatsu Limited, or one of their affiliates. See Legal for copyright and other legal information.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see “About Deloitte” for a more detailed description of DTTL and its member firms.

Get connected
Share your comments


More on Deloitte
Learn about our site