Freshfields, among the United Kingdom's five top Magic Circle law firms, recently released a highly informative, if not frightening, survey on "Containing a Crisis in the Digital Age." Among the many alarming findings, these stand out:
• 28 percent of crises spread internationally within one hour and 69 percent within 24 hours.
• On average, it takes 21 hours before companies issue meaningful external communications defending themselves, and it requires more than 48 hours in 18 percent of incidents.
• One year after a crisis, 53 percent of companies' stock prices haven't regained pre-crisis levels.
The Freshfield's study and others that document the premium directors and executive leadership place on reputational risk management suggest one likely corporate imperative: that they would prepare robust and effective programs to prepare for a crisis. Yet, despite a staggering rise in reputational crises globally over the last decade, corporate risk-management capabilities remain essentially unchanged (which, in itself, contributes to the escalated risk).
Why are companies so stymied by reputational risk management? Like all complexity, no single cause exists. But three drivers make this an elusive challenge for most companies:
Soft-Risk: Ours is a corporate world driven by quants and hard data. The corporate mindset does not easily or naturally embrace nonmarket risks, or soft risks, including reputation, trust and adaptive behavior that don't lend themselves to static measurement. Thus, many sign on to the false, but convenient, notion that if it can't be measured, it can't be managed. Indeed, soft risk can be managed but it relies on dynamic tools and principles-based notions of compliance.
Ownership: Nearly every study on the topic demonstrates that reputational assets and reputational risks are strategic in nature and "owned" by executive leadership and the board. But most companies are structured for efficiency and optimization. As a consequence, a yawning gap emerges between leadership function and capability. Companies typically look at crises operationally and reflexively fixate on the operational fix. Most crises don't have an immediate, if any, operational fix. Global supply chains offer a vivid example of this structural challenge. In the average supply chain, more than a dozen owners of various risks run the gamut from sourcing and compliance to quality and logistics.
Despite the vast reputational risks that permeate global supply chains, typically, possessing many owners means no one owns supply-chain risk in its entirety. Fear: Crises create an unnatural operating reality that literally changes brain function. Depending on the magnitude of a crisis, our brains go into survival mode. And it doesn't work in a public arena in which accountability, transparency, trust and engagement serve as the metrics of success. Much like combat readiness, effective crisis readiness requires a level of effort and training that transforms nonproductive and even fatal instinct into a bias for action and multidirectional leadership.
We hear and read a lot about the tone at the top. But if we are to see dramatic improvement in crisis readiness and reputational risk management, it must begin with the diet and exercise habits and attention to corporate health and well-being of the board and the CEO.