Board Reputation and Risk in an Online Age
Author: Terry Michael
The Australian Privacy Act enshrines the responsibility of Boards and CEO’s to protect and secure their customers identity and financial data from external threats of cyber-hacking and data theft, even if the Customer data is stored in the Cloud outside Australian borders, responsibility still rests with the Board. Many Board’s currently are buying Cyber Insurance to protect the Company from many external cyber threats, but this is a short-sighted measure to managing this Board-level-risk, and is generally assessed by Boards in financial damage terms.
Reputation risk is increasing as many businesses are moving their payments and operations into the online environment as a means to get closer to the Customer. Boards are now being asked to fully assess the reputation damage of data breach, not just its financial damage, as Customers are increasing reluctant to hand over their personal identity information me credit card once a data breach has been uncovered, and mandatory data breach disclosure laws are now being introduced into Australian law to align with EU and other western countries. Reputation risk in the online cyber environment is becoming increasingly difficult manage let alone insure, with the Corporation Act siting that Company reputation risk also rests with the Board and individual Directors.
Once Instagram, Facebook or Twitter users damage company reputation on their personal sites, Cyber Insurance can do little to recover company reputation, a good example is the recent report of the Yahoo data-breach which has not only damaged company reputation but had a knock-on effect to destroy company market worth at a crucial time it’s up for sale.
The 2010 Sony data breach of the PlayStation multi-media site resulted in a 55% drop in share price due to many Customers not returning for well over a year to hand over their identity and credit card personal information. The reputation damage of this data-breach resulted in Sony’s key competitor, the Microsoft Xbox multi-media platform, rapidly gaining huge marketshare and eventually becoming a true competitor.
So while these above examples are of huge established online multi-media companies, other recent Startup companies, which have disrupted their industries such as Uber and AirBnB, would not have grown as rapidly if their online reputation wasn’t strong and customer trust was high, regardless of how revolutionary the business idea and innovative the use of digital technology to leverage global growth. Hence Uber goes to extraordinary measures to protect its online reputation. As boards grapple with digital transformation, many loose sight of the challenge of protecting their online reputation risk.