Reputational risk in the technology sector

During the height of the COVID-19 pandemic, technology companies enjoyed a rise in public trust and positive sentiment as citizens recognised the crucial role they played in helping societies navigate lockdowns and work from home orders. In fact, around half of all consumers agree that their perceptions of the sector have improved since the onset of the crisis¹.

The Marsh Global Technology Risks Study 2021 found that “trust” is discussed within 97% of tech businesses, while more than a third say it’s either a critical component of environmental, social, and governance (ESG) initiatives or a lens through which they view many core activities and decisions.

Reputation and trust, then, are prized and carefully managed assets in the technology sector², but reputational risk is ever-present – so understanding and preparing for those risks is of vital importance, for technology businesses of all shapes and sizes.

What is reputational risk?

In simple terms reputational risk is the potential for damage to a business when it fails to meet the expectations of stakeholders – from customers and partners to shareholders – and suffers negative perceptions as a result. It is a very real risk for technology businesses, regardless of size³.

The consequences of reputational damage can be severe, particularly in a world where social media can amplify and extend brand damage⁴.

For example, when Texas-based technology company, SolarWinds suffered a serious cyberattack – potentially affecting tens of thousands of customers – the reputational effects were stark. It suffered a precipitous drop in its share price, legal action from shareholders⁵, the threat of a downgraded credit rating, and even had to spin off business units as separate entities in order to protect them from the fallout. The scale of the damage, which is expected to last years⁶, dwarfs even the tens of millions of dollars the hack has already cost the company in remediation and other costs⁵.

What are the key reputational risks for technology companies?

Clearly, the reputational risk landscape is complex, with specific risks often defined by the nature of the technology business in question, but there are some risks that all technology companies must be aware of, and which can have very serious consequences.

They include:

• Data security and privacy: Company or customer data is compromised, stolen, or misused.
• Digital business interruption and IT resilience: Disruption arising out of a Cyber attack or technology failure.
• Contingent business interruption: Business operations are disrupted by a failure of a supplier or vendor.
• Directors and officers liability: The risk to directors and officers that decisions they make in managing a company are alleged to have arisen out of a wrongful act².
• Environmental, social and governance failures: Today, 84% of consumers say environmental responsibility is extremely or moderately important when choosing a brand⁷, and increasingly expect companies to not only behave responsibly but to also take public stances on social issues.

Managing reputational risk

Managing and defending reputation is at least in part an ongoing process, which can be defined according to four key priorities :

• Understanding vulnerability: As a key first step, companies need to assess their vulnerability to reputation-related damage. This means developing a baseline view of the company’s existing reputation and understanding its core risks through a reputational lens.
• Building resilience: This should take four main forms - strengthening corporate culture, making adjustments to operations or strategy, strengthening the brand, and building crisis preparedness.
• Resolving crises: If a crisis with the potential to impact reputation does occur, rapid action to address the issue along with transparent communication is vital.
• Regaining trust: Approaches in planning to restore reputations and recover performance –

1. Thorough reflection on the causes of an incident and the outcome
   
   
2. Acknowledgment of stakeholder expectations, and the implementation of hard-edged business decisions
   
   
3. Clear communication with stakeholders

You can read about these steps in more detail here.

The role of insurance

Insurance can, of course, play a role too. While insurance cannot eliminate reputational risk, nor prevent the incidents that can precipitate reputational damage, it can play a role in the response. For instance cyber insurance can help with the cost of dealing with a cyber incident like a data breach – helping with the cost of liability claims, crisis communications, rectification and more.

Directors’ and officers’ liability (D&O) insurance, meanwhile can help to cover company directors personally for defence costs incurred during a claim made against them personally - for example, the costs associated with defending trading standards, environmental or other regulatory claims.

Help is at hand

You can read more about the technology sector insurance protection available from Marsh Commercial, or contact an expert for advice and support.

^Sources:

<sup>1. https://www.brunswickgroup.com/has-covid-19-impacted-the-techlash-i16224/
2. https://www.ideagen.com/thought-leadership/blog/what-is-reputational-risk-here-is-everything-you-need-to-know
3. https://www.barrons.com/articles/company-at-center-of-cyberattack-could-face-credit-rating-downgrade-solarwinds-moodys-51608067670
4. https://uk.finance.yahoo.com/news/solarwinds-completes-spin-off-msp-113000499.html
5. https://www.reuters.com/technology/solarwinds-says-dealing-with-hack-fallout-cost-least-18-million-2021-04-13/
6. https://www.ibm.com/thought-leadership/institute-business-value/report/sustainability-consumer-research
7. https://www.mmc.com/content/dam/mmc-web/Files/Reputation-Risk-Final-web.pdf</sup>