Reputation risk, alongside cyber risk, is a top risk in organizations. However, reputation is not so much a risk as an outcome, and firms can manage and control their reputation by the way they conduct their business and how they interact with their stakeholders. This chapter describes how to build and nurture a reputation and what to do when a crisis hits. It explores incident management and resilience, to help preserve a reputation. Resilience and reputation are intertwined and dependent: a lack of resilience during a crisis will significantly damage a firm's reputation, just as significant reputation damage during a crisis will surely jeopardize the firm's resilience. Reputation is a “license to operate” – when reputation remains good (enough), the firm will remain in operation.
Reputation is “the beliefs or opinions that are generally held about someone or something” (Oxford Dictionary) or “the opinion that people in general have about someone or something, or how much respect or admiration someone or something receives, based on past behavior or character” (Cambridge Dictionary).
For a firm's reputation management, “people in general” is preferably segmented into different stakeholder groups, while “based on past behavior or character” is the essential foundation of reputation management.
A firm's reputation is a consequence of what stakeholders ...