Corporate risk and reputation: the brand, consumer trust and the media

Consumer engagement, particularly online, is key to creating and maintaining trust in a brand. Post-recession distrust means that brands have to carefully consider their reputation risk strategy. Developing a risk strategy to prevent a crisis is key to ensuring that the company, and those at its helm, are well prepared for any activity that could lead to media scrutiny. This article explores the broader themes of corporate and executive reputation protection and our specific recommendations for taking control of your company’s reputation.

Corporate reputation is the overall estimation in which a company is held by its stakeholders, based on its past actions and future potential, whether these stakeholders are interested in buying the company’s products, working for the company, or investing in the company’s shares. Many organisations recognise the full worth of a good reputation and consider it their greatest asset, according it a considerable amount of attention. Many fail to appreciate its value, with reputation taking a back seat to what seem to be the more pressing demands of the daily grind. Those that ignore or do not prioritise their organisation’s reputation regularly come unstuck.

In the digital media world, the public sphere, in which reputations are negotiated, has exploded. Twitter, Facebook, chat forums and the blogosphere make the public sharing of what would once have been private information and opinions routine, casual and instantaneous. Indeed, is it really accurate to talk of a public sphere at all today, when the public and the private have blurred to the extent that they are almost indistinguishable? It may appear that maintaining and protecting corporate reputation in this digital media landscape of constantly generated content would be an endless and unavailing struggle. However, there are a great many things that can be done to safeguard reputation. The key is preparation.

Too many companies use a reactive approach to reputation protection, often when it’s too late – after the dam has burst. Increasingly, however, companies are focusing on proactive reputation management and protection, anticipating potential risks and putting systems and procedures in place to handle those risks. At the very least, the company will have peace of mind that it has done all it can to safeguard its reputation.


In the digital media world, distance is dead: news, as well as the routine noise of the web, transcends local and national boundaries, and damaging allegations about a company can spread online like wildfire. The globalisation of brands, news and media exacerbates the threat to brand reputation: what in times gone by would have been a local and short-lived story, today remains an enduring blemish on a company’s reputation – just a finger’s click and a Google search away. The lightning-fast social media age makes companies especially vulnerable to attacks on their reputation, which can come in a myriad of forms: disgruntled former employees, consumers with an axe to grind, as well as the traditional media. There is also the recent online phenomenon of the ‘Twitter storm’. While an individual posting might seem trivial alone, the rapid dissemination and reproduction of a tweet or negative blog post can have a significant cumulative impact.

The longevity and ubiquity of online media means that today’s headlines are no longer tomorrow’s fish and chip paper. Once a negative article, blog or tweet is placed online it is almost as though it is written in indelible ink. Furthermore, there is a tendency for individuals to place a huge amount of their own personal information online. The reputation of the company is intimately bound up with that of its CEO and top executives – so while companies may monitor their own reputation to a degree, far fewer companies know really what is out there about their CEOs and executives. This makes the internet a rich breeding ground for potentially damaging or private and confidential information about a corporate and its senior executives, most of which is very easy for a wily journalist to find.

One of the biggest problems with companies is that they don’t monitor reputation on a regular basis, but only deal with issues when a crisis emerges. Companies may have a large mountain of latent material which, while not being freely available in the public domain, may still be accessible online in the ‘deep web’ ie the 80 or more per cent of web content that is not indexed by traditional search engines.


Investing in a strategic reputation management model can provide a good return. Although it is difficult to quantify a concept that is as nebulous as reputation, there is no doubt that a good reputation can enhance your business in good times and can protect you when you have a crisis. Reputation planning is always to be preferred over mere crisis management.

There are five key steps on the journey to peace of mind: a reputation audit, the clean up, monitoring, planning for the future and a clear chain of command, each of which are explained in more detail below.

The audit

A reputation management model should always start with what is already out there that could pose a potential risk to the company. In order to ascertain the extent of the risk a company should conduct audits on key executives, and map the company’s online identity.

Once aware of the risks, a decision can then be taken on whether to take steps to remove offending information, or whether to monitor the situation. Blog and online forums, including gripe sites, can be an excellent early warning system for a company – increased ‘noise’ on a particular site can sound the onset of a crisis.

The clean up

Depending on the findings of the audit, there is a remarkable array of legal and IT tools available for the clean-up operation. For the overwhelming majority of companies, public registers and non-public but accessible content on the deep web contain an astonishing amount of private information about the board of directors. Directors’ current residential addresses, which can commonly be found through links with historic filings, can be removed through, say, an application to Companies House or the foreign equivalent. Similarly, photographs of a director’s home, which are freely available on Google Street View, can be removed by application to Google. There are a myriad of other mechanisms for having similar material removed from the dizzying number of public and non-public registers, thereby preventing journalists or activists from easily tracking directors down to their home addresses.

The legal mechanisms available for the clean-up operation depend on the creative application of a mixture of defamation, privacy, confidence, copyright and other IP laws. The types of information capable of being protected in these diverse areas of law are obviously very wide. A brief review of privacy cases in recent years, for example, includes information relating to sex life, health and medical treatment, personal or corporate financial information, including salaries and pensions, family, household details, the contents of correspondence and e-mails, wedding photographs and photographs of the inside of someone’s home. These are all types of information in relation to which an individual can take action to protect their right to privacy under Article 8 of the European Convention on Human Rights (ECHR).

While certain human rights, eg the right to peaceful enjoyment of one’s possessions (Article 1 of Protocol 1 to the ECHR) are drafted explicitly to include legal, as well as natural persons, European jurisprudence is not settled on whether a company can enjoy the privacy rights bestowed by Article 8. Nevertheless, a company whose reputation is maligned may sue for defamation. The maligning of the company will also usually impugn the reputation of those running the company, who may then sue for defamation in their personal capacity. Reputation has for some time been established as one of the rights protectable under Article 8.

The mere threat of a claim in defamation or misuse of private information can be enough to effect removal of damaging allegations about a company, especially in relation to older material. In relation to older material especially, it is often more straightforward to take action against the host of the material, as a secondary publisher, rather than track down the original author. There are various benefits to this, not least of which is that it allows material to be removed even where the original author cannot be found.

Removing material from the web is not always confrontational. Having a good line of communication with social media websites means you can work with them, rather than against them, to discretely remove potentially damaging or sensitive material.

Ongoing monitoring

Legal tools must be combined with sophisticated technology. Professional advisers can harness made-to-measure software for enhanced ongoing monitoring of a company and its executives, which can, for example, trace the ‘trajectory’ of negative content as it moves up Google search results. This can act as an effective early warning system for an emerging crisis. Bespoke technical analytics can be developed to monitor a company intelligently, with legal and PR primed and ready to respond 24/7.

It is crucial that this is not a one-off exercise, but is an ongoing monitoring service. It is also important that it is an in-depth and intelligent monitoring service. As efficient as Google alerts may be, they do not review and assess the level of risk to the company. This assessment requires sound knowledge of the company and its stakeholders with the results fed directly to trusted legal and PR advisers.

Future planning

A company should also plan for future events, anticipating any negative publicity or attention which might arise as a result of, for example, an IPO, new executive appointment or a court case. Discussions about potential risks work wonders to allay fears and concerns of senior executives. The risk may never materialise, but much rather that than it arrives out of leftfield at a crucial moment.

Chain of command

It is also vital that a company is prepared internally to handle a potential crisis. All matters that could affect the reputation of the company should be directed to a reputation risk committee, whose job it is to analyse and assess the risk and issue recommendations on how to deal with and prepare for those risks. There must be an agreed chain of command and nominated decision makers. Without this, the management could go round in circles, afraid and incapable of making decisions, while the ship is sinking.

These simple steps can make all the difference, in either preventing a crisis or providing clarity when a company is in the eye of the storm. The digital media landscape is daunting indeed, however, forewarned is forearmed.


The threat from modern methods of communication means that the potential damage to an individual, company or brand’s reputation is a) fast and b) global. As international companies and their brands grow, so does the need for a trusted reputation and the need to protect it internationally. The speed at which information travels, especially in the internet age, means that damage to that reputation can be swift and far reaching. Clients doing business internationally, across multiple territories and regions, need advice on an international scale. A media crisis affecting a brand’s product in Spain can rapidly spread online through the EMEA region, or even globally, and then be picked up by the mainstream media in newspaper articles across multiple different countries. Having a proactive cross-border media strategy is a vital element in damage control.

An internationally renowned client would do well to know the detail of the approaches of different jurisdictions to reputation protection, or at least have access to someone who does. It may be that their interests are better protected by the laws of another jurisdiction. This is not to advocate forum shopping; it is promoting a sophisticated and intelligent attitude to reputation protection. A defamatory article concerning a client published on a French website can be dealt with from the UK, as it is ‘published’ here, however, it would be much faster, less expensive and certainly more subtle to use the ‘droit de réponse’ procedure in France.

It is all about instant access to the appropriate advisers, who have an in-depth knowledge of the law of that country relating to reputation protection and how best to use it. It is the little black book of reputation protection specialists around the world, available at a moments notice. Schillings has an established trusted network of such lawyers, and has acted as the single point of contact to manage multi-regional threats to reputation and ensuing litigation. This allows clients to outsource the inevitable time and resources that would be required to manage such an eventuality to people who know what to do and, most importantly, who to call.

Acting swiftly and keeping ahead of the latest developments is essential in a crisis scenario and having access to this efficient international resource can make all the difference in providing a fast and effective solution, while allowing the in-house legal team to concentrate on other matters and the communications teams to work on the positive messages to help limit the damage to the corporate or brand reputation.


To ensure total peace of mind it is essential to prepare for any negative media attention in advance. All companies should have a reputation risk strategy and a crisis plan. It may never be used, but if a situation does arise it can be deployed quickly and effectively.

Online threats

  • Speed of dissemination of information.
  • Cumulative impact – the Twitter storm.
  • Permanent nature of information once published.
  • Prevalence of private information on the web.