As for “brand value”, I guess I’m still a bit at a loss as to how that value is realized (or damaged) if it isn’t in market share, stock price, cost of capital, etc.

Thanks.
Jack

***
Thanks for your questions and insights – you make a number of strong points.

As to your first comment, the point I was trying to make is that in the midst of crisis, a CEO has a number of variables to consider before taking a corrective action – many of which are quantifiable while the most important one is not. If you’re in a data loss situation, the legal team can estimate the cost of increased exposure associated with publically taking full responsibility for the breach. The IR team can estimate the impact on stock price. Compliance can estimate the cost of failure to comply, etc… But how do you generate hard numbers that quantify what loss of credibility and trust does to a company?

You’re exactly right that legal risk, market share, stock price, and other measurables are inexorably tied to reputation. But so is the value of the brand. The problem is that too many CEOs in crisis see the silos, but not the whole brand. They often don’t see how to overcome all of the quantifiable risk to preserve the unquantifiable one, the brand. As a result, they too often commit the sin of inaction – which is the slow kiss of death in data loss crises or in any situation where trust is on the line.

For an example of a company that does get it, I’d point to ExxonMobil. Two decades after the Valdez spill, the company still shells out millions of dollars to ensure that their tankers are as spill-proof as possible. The company can’t precisely quantify what another spill would cost – but it understands how another spill would impact public trust. Thus, it makes the necessary investments to protect its reputation. The company sees the additional costs of corrective action as integers in a larger equation.

As to your second comment, I would simply say that trust is gained inches at a time but lost all at once – and that a crisis some may think has nothing to do with the fundamental value proposition offered by a company always has the potential to change how people view it and its leadership. Did Bill Clinton’s marital indiscretions have anything to do with governing? Most would say no – but they jeopardized his presidency just the same.

As to your third comment, I would argue that while the increased speed of communication does affect audience attention spans, its impact on how companies must respond to crisis is much more significant. Because audiences are more distracted today, they process information, make decisions, and move on to the next thing in only a matter of minutes. In today’s media environment, if you’re not ready to respond to crisis at the drop of a hat, you cede control of the story to others – and increase the chance that you’ll be tagged as a villain before you’ve even had a chance to respond.

1) It felt like Mr. Levick contradicted himself a bit — or I misunderstood something (more probably). On the one hand, he said that it wasn’t feasible to measure reputation risk, but then he went on to say that it’s relatively easy to quantify the legal, market share, stock, etc., effects of an event. It seems he differentiates between the “potential cost of loss of reputation” and those quantifiable effects mentioned above. I’d be curious about what he includes in the cost of damaged reputation outside of those effects.

2) It’s probably so obvious to Mr. Levick that he overlooked mentioning it (or it’s assumed in the context of the discussion), but it’s important to remember that in order for an event to seriously affect an organization’s reputation, the event has to be closely tied to the fundamental value proposition of the organization and/or present significant potential harm to the stakeholders or community. This is an important distinction because the infosec industry has tended to latch onto reputation damage as the FUD stick to beat management with, without understanding the dynamics involved.

3) Does Mr. Levick believe that the increased speed of today’s communications, combined with the nearly constant bombardment of “newsworthy events” has decreased audience attention span and, thus, to any degree mitigated the potential long-term effects of events?

Thanks,
Jack