Michael D. Moberly December 10, 2010
I am inclined to characterize the on-going events and acts evolving from the ‘wikileaks’ phenomena as adding several new and increasingly challenging dimensions to corporate reputation risk management.
Those new dimensions, at least at this point in my view, have 10+ elements/variables which in many respects are converging in a somewhat simultaneous fashion which certainly adds complexities to reputation risk (management) convention, i.e.,
1. the reactions – responses by PayPal, Visa, Mastercard, and servers, etc.,
2. the aggressive actions apparently perpetrated by ‘wikileak’ advocates/proponents in the form of denial of service attacks and various forms of hacking, etc.,
3. the demeanor/behaviors exhibited by Julian Assange himself (aside from criminal warrant in Sweden) in terms of whether his website and his actions will ultimately come to be perceived publicly as beting that of a leaker, a journalist, a self-styled technology era solictor, or merely a middle man.
4. pronouncements by Assanges’ supporters and legal counsel, i.e., roll out of presumed defense strategy.
5. the various U.S./foreign government pronouncements and their respective public and non-public initiatives to deflect, mitigate, and/or counter the ‘leaks’.
6. the global ‘talking heads’ that are weighing in on the issue through the conventional, primarily TV media, social medial, and blogs, etc.
7. global open source – transparency and First Amendment advocates weighing in on the issues
8. U.S. DoD’s and DoS’s respective portrayals of the reality that classified and largely embarrassing information has been leaked.
9. U.S. Attorney General Eric Holder’s legal strategies, some of which are being discussed in the media, and
10. the anticipation of what additional, presumably sensitive and/or proprietary information will be released that target particular companies.
Collectively, in their own way, each element/variable above is no doubt prompting some distinctively framed discussions in c-suites and board rooms globally, some portion of which will probably include recommendations for preparing-mounting-executing some form of ‘pre-emptive strike’, e.g.,
1. scouring client/customer lists to identify (assess, project) the potential for ‘wikileak’ types of problems to occur.
2. complete disassociation with or some probationary – alert status for customers/clients that may pose a ‘wikileak’ type of hazard – reputation risk.
3. pronouncements of new oversight guidelines related to selection, retention and/or hosting and payment services to companies that run afoul with the law or whose activities are counter to prescribed ethics.
It is certainly not a stretch, as I suspect others would agree, that we will witness perhaps a parade of companies, in the coming days and weeks engage in some variant of a ‘pre-emptive’ strike as characterized above, most likely in the form of policy changes intended to forestall and/or mitigate what may well be the initial salvo to try to counter a relatively ‘new look’ to the conventional reputation risk.
Unfortunately though, what some companies may overlook or leave out of their ‘risk equation’ is that engaging in ‘feel good’ pre-emptive reputation risk management as portrayed above, are, for the most part, irreversible and may do more strategic harm and present more reputational challenges than the equation allowed decision makers to fully recognize and consider.
The bottom line is, as most prudent business decision makers know all too well, is that a company’s reputation, while being a potentially very valuable intangible asset, it can indeed be very fragile, and once compromised or attacked, unless the company’s reputation-goodwill bank is brimming full in advance, full or partial recovery will be a very costly and time consuming endeavor, if its to occur at all.