In September of last year, I blogged about the IBM 2012 Global Reputational Risk and IT Study, which I explained was an "investigation of how organizations around the world are managing their reputations in today's digital era, where IT is an integral part of their operations and where IT failures can result in reputational damage."
I also wrote "corporate reputations are especially difficult to manage in an era when anyone with a smartphone and Internet connection can file their complaint with a single touch."
That continues to be the case, but what's new is that IBM has recently issued another report on further implications of this study and its findings and, more importantly, what organizations can do to get on offense when it comes to better managing their corporate reputations.
The connection between reputational risk and IT
When the corporate world first began paying attention to the concept of reputational risk in 2005, organizations' focus tended to be on business issues like compliance and financial misdoings.
Today, the focus has shifted to include the reputational impact of IT risks. Virtually every company is now reliant on technology for its critical business processes and interactions. While it may take 10 minutes or 10 hours to recover from an IT failure, the reputational impact can be felt for months or even years.
Reputational damage caused by IT failures such as data breaches, systems failures, and data loss now has a price tag. According to analyses performed by the Ponemon Institute, the economic value of a company's reputation declines an average of 21 percent as a result of an IT breach of customer data -- or the equivalent of an average of US $332 million.
The question now is not whether IT risks affect your corporate reputation, but what you can do to effectively prevent and mitigate these risks.
Six keys to effective reputational and IT risk management
An analysis of responses to the IBM study revealed distinct correlations between the initiatives that organizations are undertaking to protect their reputations from the ramifications of IT failures and the overall effectiveness of their reputational and IT risk management efforts.
Based on this analysis, and the pattern it revealed among organizations that are most confident in their ability to prevent and mitigate IT-related reputational risk, there are six key initiatives that IBM recommends as part of every company's efforts:
- Put someone in charge. Ultimate responsibility for reputational risk, including IT-related items, should rest with one person.
- Make the compliance and reputation connection. Measuring reputational and IT risk management strategies against compliance requirements is essential.
- Reevaluate the impact of social media. In addition to recognizing its potential for negative reputational impact, social media should be leveraged for its positive attributes.
- Keep an eye on your supply chain. Organizations must require and verify adherence of third-party suppliers to corporate standards.
- Avoid complacency. Organizations should continually evaluate reputational and IT risk management against strategy to find and eliminate potential gaps.
- Fund remediation; invest in prevention. For optimal reputational risk mitigation, companies need to fund critical IT systems as part of their core business.
How IBM can help
When planned and implemented effectively, your organization's reputational and IT risk strategy can become a vital competitive advantage. When you protect against and mitigate reputational risks successfully, you can enhance brand value in the eyes of customers, partners, and analysts. Further, your organization can better attract new customers, retain existing customers, and generate greater revenue.
IBM can help you protect your reputation with a robust portfolio of IT security, business continuity and resiliency, and technical support solutions. You can start with an IT security risk assessment, or penetration testing performed by IBM experts.
For business continuity and resiliency, you can begin with a Continuous Operations Risk Evaluation (CORE) Workshop and move on to cloud-based resiliency services. Our technical support solutions range from basic software support to custom technical support.
What makes IBM solutions work is global reach with a local touch. This includes:
- Over 160 business resiliency centers in 70 countries; more than 50 years of experience
- More than 9,000 disaster recovery clients, with IBM providing 100 percent recovery for clients who have declared a disaster
- A global network of 33 security operations, research and solution development centers; 133 monitored countries
- 15,000 researchers, developers, and subject matter experts working security initiatives worldwide
To learn more about the IBM Global Reputational Risk and IT Study go here.