Holiday reputation of retailers needs protecting

Some new research just came out from Toluna Research for web.com about consumer perceptions of big and small retailers this holiday season. Because of the recent spate of big retailer security breaches, consumers are expressing great concern. 

  • 69% are concerned about security when shopping online this season
  • 25% are likely to change their online shopping behavior
  • twice as many consumers (27% vs. 12%, respectively) are concerned about online security at large retailers than small retailers

The big box retailers' reputations will clearly feel the heat this season if consumers are concerned about their security privacy. To keep their reputations intact, they will need to reassure consumers that their credit history and information is iron-clad. Communications will be key to getting shoppers back into the stores and online with confidence. Information about what they are doing to protect consumers, such as special chips in their cards, and beefed up security technology can help. Additionally, communicating from the CEO on down about consumer concerns and acknowledgement that they are aware of a confidence gap in shopping would be beneficial. Having the senior executive team visibly active during the holiday season at the stores or online using social media might send the right message that they are on alert. Perhaps having senior executives shop in the stores for their holiday gifts and video-ing the transactions could help send a "trust" message. Training all employees about how to answer shoppers' questions about cyber breaches is important. In addition, employees need to know that they should not give out their passwords under any circumstances and the same with vendors since this is such a high security risk and easy way to get into retailer systems. One of the things I learned when working on our Employees Rising study was that one of the reasons that companies train their employees in the use of social media is to educate them about not giving out passwords because it only enables cyber thiefs to do ill.

Reputation is everyone's job during the holiday season and making that loud and clear this year will help. Let's wish for a non-cyber-hacking holiday in 2014.

Emergency CEO successions

The death of the chief executive of Total in a recent plane crash led to an article in the Financial Times by Andrew Hill about the sudden impact of CEO death. Hill points out that research by The Conference Board advises boards to be prepared because approximately 7 to 15 US public companies lose a CEO due to sudden death annually. Although companies might not think the odds are high enough, it happens and pure chaos erupts. As cited by Hill, research by professors from Stanford, Insead and Columbia found that in the year following an emergency succession, companies suffer an 18% decline in operating profitability. One of the best parts of the article for someone like me who likes to gather information was the table below which lists emergency CEO successions, the number of days until a replacement was found, the causes behind the succession, and share price change. The chart was compiled by Stanford Graduate School of Business.

One of the comments to the article had an important insight -- 50% of the CEOs died from a heart attack and the need for better medical checkups of these individuals. I also noticed that 75% of the successors were internal candidates which seems to indicate that a successor was in place, perhaps not ready but identified. Only two were under 50 years old (from a plane crash and overdose). All men (no surprise). The greatest stock decline (- 12%) on the day of the loss was for Herbalife whose 44 year old CEO had been at the helm for 20 years. Clearly a catastrophe for the company on many fronts. 

Interestingly, Total has a memorial section on their home page which also provides a place for people to leave tributes. There are many. 


Cybersecurity reputational risk

Just recently heard that our first US homeland security chief Tom Ridge is helping to launch an insurance product that specializes in corporate cyber security policies. In the article, I read that the global economy has lost more than $400 billion annually due to these cyber breaches that seem to be coming at us like a tsunami. Moreover, only one in four companies, if that much, have some form of cyber attack coverage.

I also learned awhile back when we did our Employees Rising survey on how employees were using social media to champion and possibly sabotage their companies, that one of the reasons that companies have chosen to train their work forces about being responsible social citizens was to caution them about how cyber hacking often occurs. And that is from employees themselves who can be unintentionally loose with passwords, clicking on errant links or not understanding well enough the safeguards of protecting confidential documents. Again, another reason for formal social media training at work and recognizing the importance of internal employee communications. 

Cyber breaches are clearly hurting the reputations of companies that find their customer data let loose online from hacking. This has become a major reputational issue and one that companies have to get smart about or they will be joining the ever growing long list of the largest data breaches. Plus the background stories in the media often reveal that companies and their leaders had some forewarning or were lax about privacy controls which only makes matters worse. Need I even add that CEOs have lost their jobs over cyber breaches! This is becoming a reputational issue of epic proportions.

When qualitative reputation is just as good

There is an intriguing blog post on the HBR Blog Network titled "Don't Trust Your Company's Reputation to the Quants." Considering all the hoopla around Big Data, I was immediately curious about how they would frame an argument about also relying on non-quantitative data when the world seems so enamored of stats and scores. Of course, companies are right to care about making their numbers and the bottom line but there is another side to the story when it comes to reputation risk. "Reputation will always be too impressionistic, and too long-term in its impact, to be left to your Quants. Indeed, if you do leave it to the Quants, it will most likely be neglected, along with other risks that involve intangibles." Quants can often neglect the commonsense solution that protects reputation or overlook how the public might react to and protest a company action. Qualitative insights and experience often adds a dimension to corporate behavior that is not only sufficient but imperative to safeguard reputation. Their advice is for boards and senior executives to listen to the Qualts as much as the Quants. Qualts are defined as those in the organization who "have internalized the values and larger purpose of the organization, and grasp how powerful these are in maintaining healthy connections between the company, its customers, employees, and other stakeholders." This reminds me of an article I just read by BP's CEO Bob Dudley on the BP oil spill in the Gulf of Mexico. Quantitatively, you could say they should have negotiated settlements through the courts but instead they waived the $75 million statutory liability cap and agreed publicly to pay all legitimate claims. They listened to their qualitative side by not delaying acceptance of responsibility and creating long delays before people affected by the disaster received payment. The qualitative side of their character and their focus on reputation came before strenuously litigating from the start of the crisis.

The authors have a good close to their post: "But Qualts appreciate more than anyone else how succumbing to immediate financial temptations can mortgage a reputation, creating reputational debt. They maintain and evolve decision-making models that guide those decisions with clear reputational standards that remain inviolate up, down, and across the extended enterprise." This is where understanding what your company stands for, how it behaves and the value of reputation for the long-term comes into play.

No one is arguing that quantitative inspection is not important. It is just that reputation is not black and white but as someone once told me, plaid. It is very complex and the fabric of reputation is made up of many patterns, colors, threads and how well its owner takes care of it. 

Reputation lessons from space

For those of you interested in crisis, this article on the tragic Challenger and Columbia space shuttles is a reminder of how things can easily go wrong. Even for the best and most revered of organizations. NASA’s reputation never truly recovered from these failures.  We have come to learn, even from pre-Internet days, that the tiniest link or problem can cause the greatest of catastrophes. The article cited the theory of  “normalization of deviance “ from Diane Vaughan, a sociologist, who was on the commission investigating the 2003 Columbia disaster. When I was writing my book on reputation recovery, I read many of her articles about the 1986 Challenger disaster and how some risks became accepted as part of how business gets done. People just get used to or should I say immune to risk-taking.  Vaughan uses the example from the Challenger where the O rings’ erosion had been known on earlier launches of spacecraft and simply became routine, hence the normalization of deviance. As Vaughan says, “They applied all the usual rules in a situation where the usual rules didn’t apply.”

The challenge for companies is figuring out how to not become immune to the everyday risks that go with doing certain jobs such as in manufacturing, food and beverages, pharmaceuticals, automotive, mining, oil, just about everything if you start listing them out like I am doing. This brought to mind what it must be like working on oil rigs and how the risks to safety are there each and every day. How the most minor short cut turn on a dime to be the final blow. How do companies train their employees to not take minor glitches for granted – lives and reputations could be at stake if they ever so slightly deviate.  Another question to ask is how do companies make sure that they listen hard to grumblings from employees? Maybe there is a kernel of truth to be had. Perhaps companies need a Bad News Officer who is Mr or Ms Gloom and Doom. That person could be responsible for bringing all the bad news that no one wants to hear or tell and put it on display for leaders to cope with. The hard truth might be tough to hear but the least expensive way to run a company, maybe even save lives.

 

Technorati take a reputation detour

I've always said that every industry gets its turn at reputation downfalls. Every industry has to be prepared for clearing its name when crisis strikes. We've seen that in the oil industry, financial services industry, auto industry, pharma industry and so on. The one industry that seems to always fare well in the best industry rankings is technology. However, according to an article in The Economist on what to expect in 2014, we should be getting ready to witness a tech-lashing. The reputation of the Silicon Valley elite are soon meet their due if the tech-party extravaganzas and limosine crowd continue full throttle as they are. As Adrian Wooldridge of The Economist says, "Geeks have turned out to be some of the most ruthless capitalists around....The lords of cyberspace have done everything possible to reduce their earthly costs. They employ remarkably few people: with a market cap of $290 billion Google is about six times bigger than GM but employs only around a fifth as many workers. At the same time the tech tycoons have displayed a banker-like enthusiasm for hoovering up public subsidies and then avoiding taxes. The American government laid the foundations of the tech revolution by investing heavily in the creation of everything from the internet to digital personal assistants. But tech giants have structured their businesses so that they give as little back as possible." These are not kind remarks about an industry that has been revered for so long. Wooldridge might be onto to something as more information seeps into the public's consciousness and the inequality divide starts to gain notice. One example cited by Wooldridge was a recent party where a 600lb tiger posed for revilers in a cage and a monkey was made available for Instagram pictures.  [Where was PETA?] Another article on Gawker headlined this supposed joke: "If you ask people in Silicon Valley about the dismal job market, they'll laugh and say, 'What's 'job market'?' A new mobile social networking app?" And if you are still not convinced that something is underfoot, The New York Times ran an article this week about how all the Silicon Valley million-billionnaires are changing the tenor of neighborhoods in San Francisco, buying up all the real estate and generally crowding out the long-timers. One person is quoted as saying she is surprised by how coldblooded these technorati are. Not a pretty portrait.]

All of this criticism is tied up with ill feelings about technology companies having handed over data to the NSA whereupon Edward Snowden exposed this wrongdoing to the world. These serial reputation-damaging incidents are beginning to chip away at the technology elite's image-making and positivity they've done in making our lives more productive and interconnected.

2014 might just be the year when the technology sector loses its luster and customers and the general public begin to wonder what social good they are doing with all their riches and IPO shares. A reputation risk for the technology sector for sure.

Reputation Resilience

flying-away-umbrella

Reputation resilience is a topic I often think about because it should be on all leaders' minds. How can I build the most resilient culture so that we can withstand a crisis that risks our hard fought for reputation? A new report from Schillings in the U.K. examined UK FTSE 350 and leading private companies about reputation risk and resilience. Respondents were Communications, Legal and Risk executives. Here are some of the findings:

  • All executives surveyed are spending more time on reputation risk management than they did two years ago -- 80% say more time (among risk managers), 68% (among communications heads), and 53% (among legal executives). No one said less time.
  • Only 17% say that there is formal reporting to the board of directors on reputation risk. Clearly, not good enough.
  • The top five threats to their company's reputation are (in rank order): business underperformance, information risk, operational risk, health and safety incidents, and employee behavior. Social media comes in at 6th place.
  • When asked what was the biggest obstacle to making reputation risk management top of mind at the company they work for, 37% of respondents said "CEO/Board removed from reputation risk: lack of focus without a crisis and too much reporting." That is unfortunate.  Companies should not need a real crisis to get them to pay attention to risk management.
  • Fortunately, communciations and legal executives are onto it. They know that their jobs require them to take charge of their company's reputation and any associated risks. A full 72% of communications executives said they feel directly responsible and 63% of legal executives are responsible for their company's reputation.
  • How resilient are companies to facing challenges to their reputation? There is a surprising (to me) fair amount of confidence. 55% are "confident enough," 29% are "very or extremely confident" and 16% are "not at all confident or unsure." Although this bodes well for many companies, I would be wary -- essentially 84% of top executives are confident.  If you ask me, they are not worrying enough about all the possibilities that could befall their reputations. Risks to reputation seem to be coming from all directions today and being over-confident is the wrong stance.

Another interesting aspect of this newly issued report is that Schillings is a law firm. They have rebranded themselves to be all about managing reputation risk. Their tag line is "Law at the speed of reputation." Serious business. What would compell a law firm to switch to focusing on reputation? Here is what they say about their transformation: "To continue to lead at a time of such extensive change, we’ve fundamentally changed our own offering. By combining our unrivalled expertise in reputation law with new risk consulting and IT security expertise, we have been able to create an integrated offer that continues to safeguard the successful businesses and individuals we represent whilst living up to the promise that underpinned our business from day one." It would be hard to name many law firms that have done the same. Reputation is changing the face of organizations all across the globe and some firms see the opportunity ahead. Maybe Schillings sees the risks down the road for them as a law firm and are taking their risk by the horns. Interesting approach.

Risky business for CEOs

Risk-Management  

A new McKinsey survey among board members reports that members acknowledge knowing little about risk. Nearly three in ten (29%) say their boards have limited or no understanding of the risks their companies face. Even more compelling, members say their boards spend just 12% of their time on risk management, an even smaller share of time than two years ago. Not sure about you, but I'd say that the business environment has become more complex and risky, not less complex and risk-free.

This is not good news for executive teams. When it comes to risk management, reputation is high on the list of vulnerabilities that can damage a company's good name. This has me thinking that if board members are not focusing enough on risk, executive teams are going to be held even more responsible for any misdoings and misdeeds. They had better been attuned to crises and risks that are lurking around the corner. CEOs and their direct reports should make reputational issues an A-1 priority on their management agendas.

I received an email about two weeks ago asking if I had information on whose most to blame when crisis strikes. Years ago, I asked that question of executives and if I recall right, CEOs received most of the blame, regardless of whether they knew about the problem or not. The McKinsey research is hinting at the same blame chain. The CEO takes all the credit when things go right and all the blame when things go wrong. The board is looking in all the wrong places. CEOs, beware.