Have you ever thought about how managing risk and security can affect your reputation? Reputational risk is a different element in the risk spectrum, and it is anchored in the fact that a company’s reputation — much like a brand — has tangible value and needs to be protected. Risks related to reputation affect how trustworthy people think an organization is. Damage to reputation can lead to lost revenue and even damage to shareholder value.
IBM recently surveyed more than 400 senior managers and C-suite executives to determine how strongly companies are making the reputational risk and IT connection, where their integrated plans are robust and where the gaps lie. Analysis of the survey results has recently been release in a new IBM Research Report: “Reputational risk and IT: How security and business continuity can shape the reputation and value of your company.” At a glance, the study revealed three key observations concerning IT’s impact on reputational risk:
- IT risks have a major impact on a company’s reputation
- Companies have rising IT risk concerns related to emerging technology trends e.g cloud, social media
- Companies are integrating IT risk and reputational risk management, with strongest focus on threats to data and systems
When looking closer at the analysis of the study data, there seems to be a mismatch between how well companies rate their reputation and how well they are protecting it. While a healthy 80% of respondents rate their company’s reputation as excellent or very good, only 17% of the same respondents rate their company’s overall ability to manage IT risk as very strong. Meaning that there is room for improvement in almost every organization.
When looking at some of the details behind the 80% – 17% gap. The top three IT risk factors that can cause the most reputational harm are, in order: data breach, system failure and data loss. These responses are not surprising, as these three items also seem to get the most news coverage when they occur.
Of course a reputational and IT risk management plan is only as strong as its weakest link. For many companies, that weak link is outside suppliers — vendors, partners and supply chain. Only 28% of study respondents indicated that their companies were very strenuously requiring their outside suppliers to meet the same standards of risk control as the company applies internally. This raises some important questions: Who would you put on that list of critical suppliers? Have you thoroughly communicated your IT risk standards? And almost more importantly, how are you monitoring compliance with those standards?
The study also identifies the key characteristics of a company with a good reputation. Notably, an overwhelming majority, 83 percent, of executives who characterized their firms as having excellent reputations say their company has integrated IT into reputational risk management.
So, what can you do to better protect your reputation from IT risks? A good way to get started is to open a reputational risk dialogue across your enterprise:
- Have the reputational risk conversation — the sooner, the better.
- Elevate your discussions about IT budget — lead with the reputational risk and IT connection to justify continuing and new IT investments.
- Team up with risk colleagues throughout your enterprise to get a better picture of the reputational risk issues they have identified as critical to your enterprise. You can then determine how IT risk management can be a force for better control of these risk issues.
- Confirm your vendors’, partners’ and supply chain’s compliance with your standards. This should include developing a checklist and performing audits.
- Finally, extend your IT risk reporting and escalation process to include reputational risk impact. This will help issues get the priority attention they deserve.
To learn more about reputational risk and IT, view the new infographic for highlights of the 2012 Global Reputational Risk and IT Study.
You can also get your copy of the study report here to see the full set of results from the 2012 Global Reputational Risk and IT Study: http://www-935.ibm.com/services/us/gbs/bus/html/risk_study.html
To learn more about solutions that can help you manage risk, visit these sites:
Editor’s Note: This blog is part of a series on IT security we are running in December 2012 to help readers understand key aspects of security, including reputational risk, cloud security, and the role of hardware, software and services in security solutions.
We encourage you to read the other posts in our series, listed below:
- Security-Ready IT: A Fundamental Imperative for Smarter Computing by Shelley Westman
- How IBM Saves Money by Eating Our Own Dinner by Jonathan Barney
- Enterprise Systems and Security by Amy Bennett
To effectively compete in today’s changing world, it is essential that companies leverage innovative technology to differentiate from competitors. Learn how you can do that and more in the Smarter Computing Analyst Paper from Hurwitz and Associates.