Frank Sewell
Research Director, Vendor Management
Info-Tech Research Group

Access to information about companies is more available to consumers than ever. A negative event could impact your organizational reputation at any time. As a result, organizations must implement mechanisms to monitor and manage how information is perceived to avoid potentially disastrous consequences to their brand reputation.

Make sure you understand where negative events may come from and have a plan to manage the inevitable consequences.

Identifying and managing a vendor’s potential impact on your organization’s reputation requires efforts from multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how social media can affect your brand.

Organizational leadership is often caught unaware during crises, and their response plans lack the flexibility to adjust to significant market upheavals.

Vendor management practices educate organizations on the different potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.

Prioritize and classify your vendors with quantifiable, standardized rankings.

Prioritize focus on your high-risk vendors.

Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your reputation and brand with our Reputational Risk Impact Tool.

25%

94%

14 hours

“Brand recognition is the ability of consumers to recognize an identifying characteristic of one company versus a competitor.” (Investopedia)

“Most trademark valuation is based directly on its projected future earning power, based on income history. For a new brand with no history, evaluators must apply experience and common sense to predict the brand's earning potential. They can also use feedback from industry experts, market surveys, and other studies.” (UpCounsel)

The cost of rebranding for small to medium businesses is about 10 to 20% of the recommended overall marketing budget and can take six to eight months (Ignyte).

"All we are at our core is our reputation and our brand, and they are intertwined." (Phil Bode, Principal Research Director, Info-Tech Research Group)

Bad Customer Reviews

Breach of Data

Poor Security Posture

Negative News Articles

Public Lawsuits

Poor Performance

• There is a dedicated brand protection department.
• All employees are educated annually on brand protection policies and procedures.
• Brand protection is tied to cybersecurity.
• The organization actively monitors its brand and reputation through various media formats.
• The organization has criteria for assessing x-party vendors and holds them accountable through ongoing monitoring and validation of their activities.

Brand Protection
Done Right

Never underestimate the power of local media on your profits

Info-Tech Insight

Keep in mind that too much exposure to media can be a negative in that it heightens the awareness of your organization to outside actors. If you do go through a period of increased exposure, make sure to advance your monitoring practices and vigilance.

Story: Restaurant data breach

Losing customer faith

A popular local restaurant’s point of service (POS) machines were breached and the credit card data of their customers over a two-week period was stolen. The restaurant did the right thing: they privately notified the affected people, helped them set up credit monitoring services, and replaced their compromised POS system.

Unfortunately, the local newspaper got wind of the breach. It published the story, leaving out that the restaurant had already notified affected customers and had replaced their POS machines.

In response, the restaurant launched a campaign in the local paper and on social media to repair their reputation in the community and reassure people that they could safely transact at their business.

For at least a month, the restaurant experienced a drastic decrease in revenue as customers either refused to come in to eat or paid only in cash. During this same period the restaurant was spending outside their budget on the advertising.

A successful general contractor with a reputation for fairness in their dealings needed a specialist to perform some expert carpentry work for a few of their clients.

The contractor gave the specialist the clients’ contact information and trusted them to arrange the work.

Weeks later, the contractor checked in with the clients and received a ton of negative feedback:

• The specialist called them once and never called back.
• The specialist refused to do the work as described and wanted to charge extra.
• The specialist performed work to “fix” the issue but cut corners to lessen their costs.

As a result, the contractor took extreme measures to regain the clients’ confidence and trust and lost other opportunities in the process.

You work hard for your reputation. Don’t let others ruin it.

Don’t forget to look within as well as without

Story: Internal reputation is vital

Trust works both ways

An organization’s relatively new IT and InfoSec department leadership have been upgrading the organization's systems and policies as fast as resources allow when the organization encounters a major breach of security.

Trust in the developing IT and InfoSec departments' leadership wanes throughout the organization as people search for the root cause and blame the systems. This degradation of trust limits the effectiveness of the newly implemented process, procedures, and tools of the departments.

The new leaders' abilities are called into question, and they must now rigorously defend and justify their decisions and positions to the executives and board.

It will be some time before the two departments gain their prior trust and respect, and the new leaders face some tough times ahead regaining the organization's confidence.

How could the new leaders approach the situation to mend their reputations in the wake of this (perhaps unfair) reputational hit?

It is not enough to identify the potential risks; there must also be adequate controls in place to monitor and manage them

Identify, manage, and monitor reputational risks

Global markets

• Organizations need to learn how to assess the likelihood of potential risks in the changing global markets and recognize how their partnerships and subcontracts affect their brand.
• Now more than ever, organizations need to be mindful of the larger global landscape and how their interactions within various regions can impact their reputation.

Social media

• Understanding how to monitor social media activity and online content will give you an edge in the current environment.
• Changes in social media generally happen faster than companies can recognize them. If you are not actively monitoring those risks, the damage could set in before you even have a chance to respond.

Global shortages

• Organizations need to accept that shortages will recur periodically and that preparing for them will significantly increase the success potential of long-term plans.
• Customers don’t always understand what is happening in the global supply chain and may blame you for poor service if you cannot meet demands as you have in the past.

Identifying and understanding potential risks is essential to adapting to the ever-changing online landscape

Info-Tech Insight

Few organizations are good at identifying risks. As a result, almost none realistically plan to monitor, manage, and adapt their plans to mitigate those risks.

Reputational risks

Not protecting your brand can have disastrous consequences to your organization

• Data breaches & lawsuits
• Poor vendor performance
• Service disruptions
• Negative reviews

• Check online reviews from both customers and employees.
• Check news sites:
  • Has the vendor been affected by a breach?
  • Is the vendor frequently in the news – good or bad? Greater exposure can cause an uptick in hostile attacks, so make sure the vendor has adequate protections in line with its exposure.
• Review its financials. Is it prime for an acquisition/bankruptcy or other significant change?
• Review your contractual protections to ensure that you are made whole in the event something goes wrong. Has anything changed with the vendor that requires you to increase your protections?
• Has anything changed in the vendor’s market? Is a competitor taking its business, or are its resources stretched on multiple projects due to increased demand?

Insight Summary

Reputational risk impacts are often unanticipated, causing catastrophic downstream effects. Continuously monitoring your vendors’ actions in the market can help organizations head off brand disasters before they occur.

Insight 1

Understanding how to monitor social media activity and online content will give you an edge in the current environment.

Do you have dedicated individuals or teams to monitor your organization's online presence? Most organizations review and approve the online content, but many forget the need to have analysts reviewing what others are saying about them.

Insight 2

Organizations need to learn how to assess the likelihood of potential risks in the rapidly changing online environments and recognize how their partnerships and subcontractors’ actions can affect their brand.

For example, do you understand how a simple news article raises your profile for short-term and long-term adverse events?

Insight 3

Socialize the risk management process throughout the organization to heighten awareness and enable employees to help protect the company’s reputation.

Do you include a social media and brand protection policy in your annual education?

• While it is true that executive-level leadership defines the strategy for an organization, it is vital for those making decisions to make INFORMED decisions.
• Getting input from your organization's marketing experts will enhance your brand's long-term protection.
• Involving those who directly manage vendors and understand the market will aid in determining the forward path for relationships with your current vendors and identifying new emerging potential partners.
• Organizations have a wealth of experience in their marketing departments that can help identify real-world negative scenarios.
• Include vendor relationship managers to help track what is happening in the media for those vendors.

Impact tends to remain the same, while likelihood is a very flexible variable.

• Re-evaluate corporate policies frequently.
• Ensure proper protections in contracts:
  • Limit the use of your brand name in the publicity and trademark clauses.
  • Make sure to include security protections for your data in the event of a breach; understand that reputation can rarely be made whole again once trust is breached.
• Introduce continual risk assessment to monitor the relevant vendor markets.
• Be adaptable and allow for innovations that arise from the current needs.
  • Capture lessons learned from prior incidents to improve over time and adjust your strategy based on the lessons.
• Monitor your company’s and associated vendors’ online presence.
• Track similar companies’ brand reputations to see how yours compares in the market.

Social media is driving the need for perpetual diligence.

Organizations need to monitor their brand reputation considering the pace of incidents in the modern age.