This site uses cookies to provide you with a more responsive and personalized service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.

Bookmark Email Print page

Risk Angles

Five Questions About Reputational Risk


An interview with Jonathan Copulsky, Principal, Deloitte Consulting LLP

Ask senior executives which risks concern them most and many are likely to place “reputational risk” near the top of the list. That’s because reputational risk is a meta-risk, reflecting the combined impacts of many other types of risks, ranging from supply chain to cybersecurity and beyond. While some organizations address reputational risk primarily by focusing on managing its component parts, we see increasing examples of organizations tackling this risk more holistically.

In this Risk Angle, we take a few minutes with Jonathan Copulsky, author of the recent book, Brand Resilience: Managing Risk and Recovery in a High-Speed World, to get his take on managing reputational risk.

Quick links:
A closer look: Brand Resilience book

Question Jonathan Copulsky's take
Is reputational risk really a bigger deal today than it was five or ten years ago? Absolutely. We used to view risk through two primary lenses: impact and likelihood. Now we’ve added a new dimension – velocity. In today’s highly connected environment, reputational damage can spread at lightning speed. In a matter of minutes, companies could have to deal with 5,000 new complaints, for instance, from highly connected consumers. That’s a major change from only a few years ago – and one that holds serious new implications for managing risk.
Isn’t reputational risk really just a by-product of other processes and risks?

Reputational risk is certainly a by-product of other activities. But it’s also its own thing – a risk that can have a ripple effect that extends into other areas. For example, consider the financial risks a company can encounter in the immediate wake of a massive social media flare-up or the added regulatory scrutiny such an experience can invite.

This is not an either/or scenario. The solution is to manage both reputational risk on an aggregate basis, along with the individual processes and risks that contribute to reputational risk.

How much control do we really have over reputational risk?

“Control” is the wrong word to use in regard to managing reputational risk – or any risk, for that matter. We find it more useful to strive for “Risk Intelligence”, rather than control. Which reputational risks are you prepared to accept? Which have the greatest potential impact? How well prepared are you to address reputational risks when they arise? Know where reputational risks can strike and plan for their impacts. Don’t pretend that you have a lot of control over whether they strike in the first place.


Who typically “owns” reputational risk? It depends on how you define ownership. Increasingly, the Chief Risk Officer owns the measurement and tracking component of reputational risk. The bigger question is who’s on the hook to address reputational risk challenges once they arise. That’s where things get tricky. Because reputational risk is an enterprise issue, there is no single person who can be accountable for it. That means the CEO, board, and CRO are all ultimately accountable. It’s a top-line imperative for most organizations today.
What’s the most common blind spot when it comes to addressing reputational risk today? We find that many organizations drastically underestimate the importance of their employees in managing reputational risk. In reality, every organization needs to help its employees understand the behaviors that support a strong brand reputation. In fact, many organizations are going a step further, viewing their employees as potential sensors for reputational risk issues – a collective source of front-line intelligence that can be used to inform their efforts.

A Closer Look: Brand Resilience book

Jonathan Copulsky, principal, Deloitte Consulting LLP

Among the executives I talk to, reputational risk has zoomed to the top of their lists of risk concerns. You can guess why. It’s not that reputational risk is new, but that these days it seems to move faster than the speed of light. And once an organization is exposed, digital capabilities, mobile devices, and social networks make it harder to rein in than ever before. Plus, today’s organizations are increasingly drawn into escalating brand warfare – whether they recognize it or not. Many are actively under attack every day, and those that aren’t likely will be at some point.

In this environment, you probably can’t avoid reputational risk; there is a good chance your brand will take a hit sooner or later. The key is to cultivate what I call “brand resilience” – the ability to respond effectively to reputational risks in order to bounce back quickly. To develop brand resilience, organizations need to get better at sensing, understanding, and acting on reputational risks when they inevitably appear. One way to do that is to take an “outside-in” approach – one that acknowledges that what others say about your brand may be even more important than what you say about it.

Has your organization already developed brand resilience? Find out by asking questions like these: How would you respond if you learned of a new social media campaign against your organization, product or service? What will you do if a sensitive internal email is accidentally sent to a journalist focused on your industry? How will you respond to an offensive video made by one of your employees and posted to the web? If you don’t have a ready response to each of these scenarios, it may be time to reassess your brand defenses and start building the capabilities to improve your brand resilience.

Download the Risk Angle below.


Material on this website is © 2014 Deloitte Global Services Limited, or a member firm of Deloitte Touche Tohmatsu Limited, or one of their affiliates. See Legal for copyright and other legal information.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see “About Deloitte” for a more detailed description of DTTL and its member firms.

Get connected
Share your comments


More on Deloitte
Learn about our site