Home > IT Blogs > Sister CISA CISSP > Rethinking Reputation Risk
>>VIEW ALL POSTS  

Sister CISA CISSP

«
»
Aug 17 2010   7:55PM GMT

Rethinking Reputation Risk



Posted by: Arian Eigen Heald
Data Breaches, privacy on the web, search engines

In a discussion with a client recently, we were talking about reputation as a “risk” to his business. He didn’t seem to think it was a long term issue, because so many other issues capture public consciousness so quickly. This got me thinking about “reputation risk” as a concept. I realized that the idea needs some updating.

So here’s the formal definition: Reputational risk can be defined as the risk arising from negative perception on the part of customers, counterparts, shareholders, investors or regulators that can adversely affect an organization’s ability to maintain existing, or establish new, business relationships and continued access to sources of funding.

As far as I’m concerned the first and the last are the most serious – customers and regulators.

Although no one likes to think about being on the front page of their newspaper with the company name attached to “data breach,” a newspaper does come out the next day with other things to announce. News reporting tends to be intense at first, then fade away. This lends itself to my client’s point of view.

There’s newspapers, and then there’s Google.

Consider the plight of Hannaford. A Google search of the name leads me to the bottom of the page, where other search categories are listed – one of which is “hannaford breach.” A search on that term leads to some 303,000 results.

How long will it take for that search term to disappear? (I just added to it, unfortunately). Much longer than a newspaper, and more accessible to anyone with a computer, or access to one. Some search engines save and cache search results, as well. What about the Wayback Machine, where you search 55 billion web pages that go back to 1996?

The length of time a negative perception can remain in the public consciousness seems to me to be much longer with the advent of search engines. In the same way that you can “google” someone, you can also “google” companies. Customers complain online and that gets cached, too.

A poor reputation leads to a “negative perception.” If customers and regulators have a “negative perception,” you will see fewer of the former and more of the latter. Not a good long-term business plan!

  Bookmark and Share     Comment     RSS Feed     Email a friend

Comment on this Post

Leave a comment:

Rogermark  |   Aug 20, 2010  12:18 PM (GMT)

Arian quite rightly talks about the implications of negative perception among customers and regulators. We can add one more dimension to reputation risk, arising from cyber threat. Organizations today operate in the cyber space. However, cyber space is vulnerable to sophisticated attacks arising from different vectors. A breach of customer information can have a long-term impact on business reputation. Cyber security is essential to protect against customer mobility, loss of business and regulatory hurdles. Security professionals known as [A href="http://www.eccouncil.org">certified ethical hackers"] apply hacking techniques on behalf of the management to safeguard business networks. Hiring [A href="http://www.eccouncil.org">certified ethical hackers "] will serve as one more layer to guard against reputation risks.