Reputational risk is not “one risk”, but rather a category of risks which may impact your reputation, so how should you define and manage it? Hans Læssøe, principal consultant at AKTUS and former risk manager at Lego Group has this advice

The term “reputation risk” is heard more and more frequently, in-house as well as in management magazines and the general press. Furthermore, the ever-increasing use of social media exacerbates the importance for any organisation to have a deliberate stand on reputation and ensure this is being managed.

The term is gaining attention – but currently remains somewhat blurred and undefined. The below constitutes a description of the concept of reputation risk as well as some thoughts related to possible actions and safeguards that can be prudently taken.

Defining reputation risk

First and foremost, reputational risk (RR) is not “one risk”, but rather a category of risks, which may impact your reputation. You do not wake up one morning and have a bad reputation – something happened prior to that to generate the bad reputation. The real risk emerges from “what happens”.

This is not to belittle RR in any way as the damages caused easily can be more severe to the prosperity and survival of the company than most other risks. If you are impacted by a financial risk that cost you a huge amount of money, that is it (unless it makes you go bankrupt) – you can continue doing business. If you are impacted by a reputational risk that invokes consumers not to want to trade with you, you may be in dire straits, and the way out can be cumbersome.

Furthermore, it is important to note, that the incidents invoking to reputational demise may not be of your own doing or influence, which is amongst the reasons the term gets the attention it gets at present.

Finally, as for most other risks, the flip side of the coin is opportunities. There are opportunities to pursue and drive and manage which improves your reputation as well.

Sources of reputation risk


As shown, reputational risks may be of your own doing and hence within your own control.

However, it may also be an outcome of actions made by others, and hence outside your immediate control. Such 3rd party actions may be made to intentionally harm your brand and company – or they may be made without any consideration as to any impact it may have on your brand and company. Be aware, the fact that you cannot control 3rd party actions do not mean the related risks cannot be mitigated.

Naturally, the company/organization itself is the prime driver of sources to reputational risk. Any diversion from the safe and prudent, well managed and honest leadership may invoke reputational risk. Much of the above is in this category. A few further examples.

Logically, behaving badly drives a poor reputation. The most impactful of these is being in breach of laws and defined regulations, especially if/when it is at the expense of the “little guy”, e.g. the shop floor worker. Health and safety violations create a bad reputation fast.

One prominent example is the Bhopal accident in India which was brought upon the employees and the environment due to negligence. This incident gave massive reputational damage to Union Carbide, the company behind the accident.

Unethical behaviour, e.g. exploitive child labour in Asia is also seen as bad behaviour and will have a negative impact on your reputation – even if/when this is being done with the best care and respect for the children whose alternative is not play and school. Consumers in Europe/USA will project their perceptions of life on to the workers at these factories.

If/when what you deliver is not safe in use or foreseeable misuse; your reputation will be at risk. Product safety requirements must be adhered too, to safeguard your reputation. Note here, that e.g. Smith & Wesson making guns, or Benson & Hedges making tobacco do not have a bad reputation based on their products as consumers know the risks caused by the products – whereas a toy leading to the death of child is devastating, as was the case with the Magnetix toy from MEGA Brands, which was swallowed by a small child, leading to his death – and delivered a severe set-back to the company behind it.

Especially in the industries related to children, safety is important, and even “minor” breaches such as lead content in a blue die will lead to massive product recalls and reputational damage.

Many products can be used for other purposes than intended, and when this happens – the reputation of the manufacturer becomes at risk. The Danish pharmaceutical company Lundbeck manufactures a sedative, which is being used a part of the “lethal injection” process in US prisons. This was not intended, nor “approved” by Lundbeck – but as it is happening, Lundbeck, who are “devoted to saving and improving lives” becomes the manufacturer that kills people.

Arrogance or insensitivity in communications and/or actions also depletes a reputational risk. In example, when BP experienced the Deepwater Horizon accident, they first accepted full responsibility and promised full recovery. The attitude towards BP was generally not that bad – given the severity of the situation. However, when it later became clear that they lied about actual issues, and that the accident was a consequence of a consistent cost cutting focus (despite any public announcements of safety first) – the “hammer” of bad reputation hit them hard. When the CEO added insult to injury by stating that “I want my life back” – the reputation of BP hit an all-time low.

In many countries, and most certainly in the US, there is a positive aura and perception of companies that “do well” and are highly profitable. In these countries, successful companies can “get away” with more than others – just because they are successful.

One prominent example is Apple’s Steve Jobs, who were not the ideal executive and people leader in many respects, but because it was under his reign that Apple became so enormously successful Steve Jobs was seen as a hero. If performance drops, yesterday’s hero becomes today’s “villain” – also seen in industry. Enron was highly commended in business and press and everywhere – until the day the bubble burst, and then …

However, in some countries, e.g. Scandinavia, there is a limit to accepted profitability. It is well appreciated that companies must have a profit – but if the profit or profit margin is perceived as being “unreasonable” – the public will take offense to some extent. Even in the US – large parts of the financial/banking industry experience this with the high levels of remuneration and investor earning demands after the financial crisis. Profit is good and well accepted – greed is largely considered unacceptable, and the fine line between them differs from country to country.

On the other hand, positive management tends to elevate the company to an ever-increasing esteem – yet, one severe slip-up that is not addressed well – and all is lost. Suddenly one sees that “the higher the mountain, the greater the fall”. This is often seen in politics, where politicians strongly campaigning on e.g. anti-crime, just be caught having some minor issue from the past – or talking “family values” and then disclosed for being unfaithful at some point in the past. Such politicians are now disclosed as hypocritical and will probably be unable to win the seat they campaign for. However, it is fortunately not so, that any slip-up from any leader within the company will lead to a severe loss of reputation – the impact becomes a matter of handling/crisis management, the risk management.

You know this from buying a car. If you buy an expensive car, and you experience some fault – you initially get angry/frustrated as this “should not happen” with an expensive quality car. However, if/when the dealer ensures your claim is handled professionally, expediently and supportive – you may very well end up thinking “I’m glad I bought this brand, because, see what service I got”. You may at the same time own a car from a less prominent brand with which you do not experience any faults – yet, that brand is still only accepted, but there is little reputational added value in the flawless car. Reputation can be built, even on mishaps.

Reputation risks may also be forced upon you and your organization from outside the company – not directly related to what you are doing.

A case example: Originally, the French wine industry had a huge share of European wine consumption. Then the French government decided to test nuclear weapons on atolls in the Pacific – despite public outrage. This lead consumers, especially outside France, to “boycott” French wine and buying products from the US, Chile, Australia, Italy, Spain etc. – just to find that these were actually great wines at a reasonable price. French wine has never, even remotely, regained its former market share.

Another case: Manufacturers of AIDS medication were targeted by NGO’s to lower prices on their products in Africa which was challenged with a fragile economy and a huge share of AIDS infection. At first, they stood up against the pressure, but eventually they gave in, and lowered prices significantly – actually just to experience that was not enough as the true mission of the NGO was to have the World Trade Organization reduce the timeframe within which a patented drug could not be copied.

In Denmark, a newspaper decided to run an article on self-censorship related to religions. To make a point they asked a series of cartoonists to make a drawing of Mohammed. Few did, and the drawings were published with the article. During the first several months, nothing happened, but then a team of people reignited the issue by contacting Muslim societies and dignitaries to create an outrage. This was quite effective, and lead to several Arab countries banning Danish branded products. These brands had nothing to do with the cartoonists drawings of Mohammed, and still experienced a severe drop in reputation and sales.

Sources may even be hostile attacks on your reputation – no more visibly seen than in a US presidential race where “negative commercials” are a significant share of the campaigns launched. In later years this has been exacerbated by use of “fake news” appearing to be third party and indirect communications, which impact the stand of the opponent.

Good and bad reputation risk

Be very aware that a reputation can be built as well as destroyed. As stated by both COSO and ISO 31000 – a risk may have a positive impact as well as a negative.

Hence, behaving well and being recognized as a “good citizen wherever you are” builds customer and public trust, leading to a better reputation. There are companies that deliberately and explicitly build on this and spot “how can we do good for our community AND prosper in the process”. I know of Swiss food manufacturer Nestlé and Danish pump manufacturer Grundfos as well as others, who do this – currently with a keen eye on the UN sustainable goals.

Treating your employees, business partners, vendors and customers well is also a strong builder of a good reputation. When treated well, these people will speak nicely about you, and there is no stronger commercial than 3rd party advocacy.

These days, where social media commentary is on par wit or even exceeds the value of TV commercials – the leveraging of 3rd party advocacy cannot be underestimated. Basically, today you will not be very prone to buy a BMW “just” because the company’s TV ad tells you how wonderful the car is. You will be more prone to buy ne if/when your friends and people you trust and who owns a BMW talks positively about the “wonder” of having that vehicle.

Hence – reputations can be built.

Impact speed

Reputation is all about who and how many feels what. If nobody knows you or your reputation, it cannot be severely damaged. Hence – escalating an incident to a reputational risk is all about communication, and the speed and proliferation of communication around the world increases exponentially.

In history, governments have survived based on limiting and controlling the information given to the people. Some few still apply this approach. Today the Internet, social media and SMS chains break down these barriers – first seen with the public upraise that eventually lead to the fall of the Berlin wall in 1989, later seen in the Arabian Spring.

Facebook fan groups are established and gain membership in millions over weeks or even days. Twitters scan the world in minutes – so if you are operating globally, an incident can lead to a global pressure between the time you recognize the issue and the time you have assembled your crisis team.

The benefit of this is “short memory”. New things happen every day, and you may be the target of something that impact your reputation and, if measured, would show devastating results one day – just to see a vast recovery in the short period following.

However, handling speed requires preparation, and one important mitigation is knowing who will address the/any issue – and make very sure these people can team up very fast, and any time 24/7/365 if need be. This calls for explicit and well prepared reputational risk management.

Impact of reputation damage

Business impact may emerge suddenly, and may vanish fast – but will most often be rather slowly. Dents in your reputation tend to be remembered, highly depending on your defined image/reputation and industry.

The above goes for public bodies as well. The police authorities wish to help and guard the public in most countries, in US called “serve and protect”. The police officer who experiences a high level of trust and acceptance in one part of the city can focus on helping the public, e.g. train children traffic safety and do other, positive tasks natural to a police officer. In the other part of town, where inhabitants mistrust the police officers, they need to take consistently care of their own safety, and focus their efforts on upholding the most vital parts of the law (essentially disregarding all the little things). Same police officer’s, mindset and values – yet very different reputation and results.

The loss of credibility will often have an immediate effect on your stock value as stock brokers race to embed new insights first, and hence act on everything and anything they learn – now (even if/when what they learn have no short-term consequences). Losing stock value hampers the company’s manoeuvrability and hence long term prosperity.

Your sales may be impacted based on customer and (more severely) consumer actions to “ban” your products. This will naturally lead to loss of profits as well. This was e.g. what was seen by the French wine makers.

Your collaboration with vendors and partners can (easily) be hampered, and you will be met with increasing demands of documentation and other issues of “red tape” based on reduced trust on behalf of your partners. You get the “trust tax” as Steven M. R. Covey mentions in his book “The speed of trust”.

You stand to lose employees, who will not work for a company that “does this or that” – and remember that it will be the best people who will resign the company first – leaving you with a “B” team.

Having a strong and positive reputation is a strength, but it also increases the impact of lost for some reason. Your reputation has to be safeguarded.

Mitigating reputation risk

As mentioned, when faced with an incident that negatively impacts your reputation, you must be able to act fast, effectively and “right”.

Having a pre-defined team, with pre-defined reference frames and full authority to act is pivotal to good handling of a reputational risk. In some instances, a response must be visible world-wide within hours. Some companies even excel at acting so fast and effectively, that hiring them is good for your reputation – and had a reputation of doing so. “Red Adair” became famous for putting out oil-fires in the Gulf War in 1991, where his professional reputation was well established working with oil fire handling since the late 1950’s.

It is highly recommended to form such a team, and to have this team conduct “fire drills” every now and then to ensure efficiency.

It is also recommended to imagine a set of risk scenarios – and discuss these prior to their potential emergence. Not too precisely as to ensure usefulness, but precisely enough to give the guidelines needed. Soldiers do this all the time, not necessarily on reputation, but on safety. All routine tasks are rehearsed and rehearsed to the almost ridiculous – to ensure than in the midst of a crisis – doing these routine tasks, does not take a lot of thinking, which can then be directed towards dodging incoming fire. This approach can be applied by companies for reputation risks as well.

Finally, there are naturally the pre-emptive probability reduction efforts of behaving well, do good for the community, being open and honest and drive a stable and profitable business (potentially not aiming at every short-term opportunity that presents itself – without having the time to think it through).

Measuring reputation risk

To many, the concept measuring a reputational risk seems blurred and opaque. However, as Douglas Hubbard explains in his book How to measure anything” there are “always” relevant data to look at.

Many companies are listed and hence has a stock value. This stock value will often differ from can be calculated as the “logical” stock value based on tangible assets and discounted cash flows. If the stock value is higher than this “logical” value – investors consider the company to be worth more than what is “should be”, if it less, investors think the value is lower. With an open stock markets and having thousands of investors attached – this is a rather good “wisdom of the crowd”.

So … if your reputation is good, you are trusted … and likely to be valued to be worth more than what direct facts justify. If your reputation drops (for some or another reason), this reputational stock value decreases … sometimes fast.

This provides you with a metric to gauge the impact of wrong-doing or well-doing or 3rd part advocacy.

What do we do?

We treat reputation risk similar to “earnings risk”, and address this in terms of what is the impact (eventually to the bottom line). We also identify root causes, and several of the strategic risks we have in the register are reputational first and commercial second. In the end, all risks are aligned on a commercial (earnings) scale to enable valid consolidation of a risk exposure.

However, before an organisation can validly do that – they need to have some yard-stick or metric, potentially in terms of narrative descriptions, as a scale of reputational risks.


Reputation is not a risk in itself, but is can be at risk for a number of reasons - and should be addressed prudently, possibly even vigorously – depending on the importance of your reputation in your business.

Having your reputation “at heart” and remember this when deciding on strategies and business initiatives is well worth the effort – and may even serve to safeguard your profitability more than a mere commercial/financial focus.

The first prerequisite for a good reputation is “decency” in whatever you do. Too many seem to have forgotten that, and manage their reputation based on an approach of “how can we get away with …” which is short-sighted and will cost you.