Corporate risk management has always been based on the careful calculation of threats and opportunities under conditions of uncertainty, but the events of the last 18 months represent something of a quantum leap in the evolution of risk profiles in companies. The unprecedented shock of Covid-19, combined with the considerable impact of the Black Lives Matter movement and others, have left an indelible mark on crisis and reputation management for all businesses.
The ‘issue load’ facing boards has multiplied as the digital economy, and the new risks it entails, has been met by a rise in stakeholder capitalism which is challenging businesses to consider business value beyond the traditional metrics of revenue, profit and loss. In this new, complex landscape, crisis management is more important than ever, as just one error of judgement could very quickly spiral out of control through social media, causing permanent damage to a brand.
The traditional risk management approach is being confronted by the need to be more informed, scenario-tested and capable of dealing with emerging risks which move faster in the digital age. Board capabilities and knowledge in risk management, stakeholder communications, commercial awareness and dealing with digital-led change are now essential. This requires a combination of technical and softer skill sets as well as a strong level of boardroom diversity to challenge traditional ways of working and thinking and drive forward new ideas and innovation.
“Boards and business leaders must think cautiously about how they manage their corporate narrative in a way that minimises reputational risk exposure,” says Ryan McSharry, head of crisis management at communications firm Infinite Global. “This is particularly true in sectors already battling longer-term difficulties and dipping demand before Covid-19. Media appetite remains high for any hint of commercial difficulty, leadership missteps or individual wrongdoing.
“Leadership teams must also engage in reflection and reorientation around the extent to which stakeholder expectations have shifted. The pandemic has changed the rules of the game and organisations need to adapt their thinking accordingly. It has intensified critical questions around the role of business in society and the nature of good corporate citizenship. Now more than ever, a moral compass should be regarded as an essential tool in corporate decision-making.”
While businesses have faced growing reputational risk due to the Covid-19 crisis, including tough decisions around stalling revenues and restructuring, the pandemic has also created a significant opportunity to build better business resilience by investigating and uncoverage reputational landmines. The more proactive companies have acted to get their house in order.
Almost overnight, business and governance leaders, like everybody else, had to adapt to new ways of work, including the use of video technology software, collaboration tools and agile working. As they emerge from the pandemic, many companies are planning to continue embracing flexible working within a new hybrid model which encourages a better work-life balance for employees. This does, however, present new areas of consideration and risk.
“The need for improved resilience has grown in response to new regulatory shifts – from a prudential approach to a customer harm/conduct approach,” says David Long, a former senior executive at Credit Suisse and now head of non-financial risk at Delta Capita. “As a result, boards have needed to effectively identify critical business services, define impact tolerances and thoroughly test themselves against crisis scenarios. Wellbeing has also become a key focus as companies look to minimise the pandemic’s impact on the mental health of their staff.”
Of all the issues facing boards today, however, none pose such an immediate colossal risk to organisations as cybercrime – and that risk has grown further during the pandemic as bad actors have sought to take advantage of the accelerated penetration of digital channels. Tellingly, crisis simulation training firm Polpeo runs more cybercrime crisis exercises than any other. Being victim to a major cyberattack comes with not only severe financial and operational consequences but long-term reputational risk if customers no longer trust them with their data.
Longer-term, organisations are having to consider the impact of climate change and environmental damage on their businesses, and how they can create more sustainable and digital business models and supply chains. The speed of technological change represents a huge opportunity to those keeping up with it, but a huge risk to those that aren’t. The structure and makeup of organisations will fundamentally change as technologies like AI evolve. The most successful businesses will be led by people who embrace this change and prepare for it.
“Board members need a clear understanding of the environmental, societal and technological risks to their business,” says Kate Hartley, co-founder of Polpeo and author of Communicate in a Crisis: Understand, Engage and Influence Consumer Behaviour to Maximize Brand Trust. “It’s not enough to just know your own industry. You now have to understand technology, climate change, societal drivers. Organisations are becoming more political. Consumers expect them to take a stand on issues such as human rights, climate change, equality, diversity and inclusion.”
She adds: “That’s leading to new ways of communicating – and having to deal with political division and backlash against their stance. Organisations are being held to account on their actions, not just their words. They need a clearly defined purpose, values and beliefs, and be prepared to stand up for them. Crisis management has to be open and transparent. Companies must address how their behaviour impacts not only customers and workers but wider society and the environment.”
That means having open and often difficult conversations, and then taking real action towards a more sustainable, digital future. Such conversations used to happen behind closed doors but businesses are increasingly being held accountable by the intensifying glare of regulators, not to mention the court of public opinion. Amidst fluid, evolving conditions, situational awareness and strong collaboration between the board and leadership, supported by technology, are essential.