The Evolving Risk of Reputation
The insurance industry has struggled for more than a decade to translate the value of clients’ reputations into meaningful products that result in broad uptake.
Now, intangible assets, especially assets such as brand and reputation, are rising in value. With the reach and ability of social media to quickly spread any type of reputation-damaging news, it is clear the risk to this asset is changing.
Combined with an increased regulatory focus on organizations’ corporate citizenship via ESG (environmental, social and governance) practices, these movements are pushing more client conversations regarding reputation risk management as more companies are forced to look at and, increasingly, report on their activities in these areas.
One valuation service claims intangible assets account for more than 87% of all company value.
Respondents in a 2019 global risk management survey ranked damage to reputation and brand as their second greatest risk.
Reputational risk often refers to a company’s response to a potentially damaging event, not merely the event itself.
Related Content: Insurers Edge Into ESG
While reputation risk is broader than ESG mandates, reputation risk insurance can become an important part of an organization’s enterprise risk-management strategy, a key part of the “G” in ESG.
“These policies get to the governance ‘G’ of superior ESG performance that attracts investors,” says Nir Kossovsky, CEO of reputation risk insurer Steel City Re. “The insurance itself is not the solution; it is the capstone to an integrated solution that authenticates attuned management and dutiful governance. It’s like a warranty stating, ‘Our risk-management program is good enough that someone is willing to insure it, and here’s the policy and the money behind it stating that what we have done is real.’”
Reputation risk policies have changed in the past decade, experts note. But have they come far enough to gain traction among companies that are reconsidering their intangible assets and what might be at risk?
The Rise of Reputation Value and Risk
While it has long been the case that a company’s good name is one of its greatest assets, the migration to digital has made that even more true as brick-and-mortar assets are replaced by software, methods and goodwill. According to intangible-asset valuation service EverEdge, intangible assets, which it defines as ranging from data to brands to information, patents, and industrial know-how, today account for more than 87% of all company value. A 2020 KPMG report found the importance of intangible assets has grown from around 17% of S&P asset value in 1975 to more than 80% today, with reputation and brand identified as one of the most important. A 2019 global risk management survey by Aon found damage to reputation and brand was ranked by respondents as the second greatest risk, after the leading risk of economic slowdown.
“Reputations are like a bank account: you create a store of value in it, and you keep managing it and growing it over time,” says Hampton Bridwell, chief executive of Tenet Partners, a leading brand management company that has worked on the brands of The Hartford, Transamerica and Travelers. “And you then enjoy a strong reputation, if you will, on a balance sheet level. Then, inevitably, something does happen. If you’ve done a good job of building and managing your reputation, you will have something to lean on in a crisis. That often can make the difference of a company being able to survive a crisis or not.”
Kossovsky says one of the most challenging conceptual leaps that those seeking to understand reputational risk must comprehend is that organizational adversity and setbacks do not necessarily lead to reputational damage. Rather, reputational risk often refers to the response—the degree to which organizations have engineered and communicated solutions that limit damages and foster resilience. Thus, even a potentially devastating ESG-related development might not result in reputation damage—and related stock price, sales and revenue damage—if stakeholders are convinced that an organization is generally managing risk well and will ultimately prevail over current adversity.
The calculus is how far both real and perceived behavior falls short of key stakeholder and general public expectations and how broadly, how deeply, and over what duration such perceived shortcomings reverberate with these groups and harm the organization’s reputation and financial status.
Organizations severely affected by reputation-damaging events are daily news fodder. In some cases, damage to a firm’s reputation can prove fatal.
But even more can be learned from organizations that have, to the contrary, successfully managed reputation risk. Many point to effective crisis communications as a key component of a reputational risk-management program.
In fact, Kossovsky says, sometimes organizations with good reputational resilience and communications can actually benefit from seemingly harmful adversity. In June, Fastly, a cloud-computing provider, suffered a content delivery network outage that led its system to crash for nearly an hour, Kossovsky notes. Yet the company’s market capitalization jumped 9% over the next 30 days after it communicated effectively regarding engineering and resiliency steps the company had taken to rapidly restore service, Kossovsky says.
“Many market pundits said that the event was terrible and predicted that their stock price would be punished,” he says. “Yet instead it went up because the market was impressed and positively surprised by their fast reaction. That, too, was a demonstration of real risk management, not marketing. They actually ended up benefiting from this event because, before the event, they could have said for months on end, ‘We have a fabulous risk-management system,’ and nobody would have believed them. It took this event to prove it.”
Crisis communications riders are often included in general liability and cyber-security policies, says Thomas Laughran, senior vice president and partner at global PR consultancy FleishmanHillard. Laughran says it’s important those riders aren’t cut by clients looking for cost savings.
“If you’re looking just to reduce costs on your premiums by cutting riders, it’s an easy thing to delete, but when you need it, it’s a really valuable thing to have,” Laughran says.
Laughran also notes the importance of ensuring the groundwork for activating the plan is laid ahead of time, as timing is critical during a reputational risk challenge.
“It’s important that everybody’s on the same page and that whoever the crisis communications firm is, is lined up ahead of time and is already preapproved by the carrier,” Laughran says. “Then, when the organization pulls the fire alarm, they’re not wasting precious time looking for and vetting a firm that can help them. It is set up in advance, and everybody’s ready to go, allowing everyone to concentrate on the problem and figure out the best response strategy.”
George Beattie, head of incubation underwriting at Beazley, which unveiled its enhanced reputational risk product in February, concurs. “It’s not necessarily what you say to the public when a crisis occurs, it’s what you shouldn’t say that’s most important,” Beattie says. “An executive might have felt they said the right thing by going out and backing up their team or their brand, but their statement can end up resonating badly with the media and actually propagating the crisis. That’s why taking professional advice and having that crisis communications support in place can be an essential component of reputation management.”
New Phase of Reputational Risk Insurance
Reputational risk products usually supplement other lines of insurance, including D&O, E&O, employee practices liability and cyber security, particularly since a breach is seen as a failure of the company to protect its asset value and customers.
But as ESG pressures increasingly force clients off the fence and into ESG-forward positions, insurers and brokerages are moving beyond optimizing existing policy forms to indirectly address reputational risks toward embracing coverage that addresses reputational risk as a discrete peril.
Earlier this year, Willis Towers Watson, for example, paired with Liberty Mutual subsidiary Liberty Specialty Markets to launch a major initiative for reputational risk products. So did London-based specialty insurer Beazley.
Through June, there had been a great deal of interest in such products, says David Bennett, Willis Towers Watson’s director of global markets P&C hub.
Bennett says the current reputational risk insurance marketing effort is likely the largest marketing campaign the company has ever undertaken. “We’ve got something like 5,000 leads globally, of which, to date, 500 are now being qualified,” Bennett says. “And in the March through June period, we have engaged in something like 250 meetings both internally and externally, with client account teams and clients. We have about three clients that are looking to bind in the next couple of months. Our first client is in the leisure hospitality sector.” The firm has sold one reputation-risk policy thus far.
More intense marketing is also attempting to break through to broader client acceptance, says Beazley’s Beattie, noting that intangible exposures have grown so large that a product that may have been deemed superfluous in the past is now worthy of consideration. “This is a really complex topic, and most companies don’t understand the nature of their exposure to intangible risk, because it has really changed in the last 10 years or so,” Beattie says. “The environment for offering this product is similar in a way to the early days of the cyber market. There were early-stage issues with cyber around comprehension and traction. The market really kicked up into another gear when the increasing number of incidents put the risk at the forefront of people’s minds. It remains to be seen whether that will happen with reputational risk products, but we’ve discussed this proposition with dozens of companies, approaching 100 distinct conversations, and I think we are at the stage where people are really interested to understand the product and whether the product can do things beyond what it has done in the past.”
These products differ from those of an earlier generation, Beattie says, “because they are standardized to some degree rather than written on a bespoke basis from the ground up. That standardization, and better underwriting and measurements of reputational risk damage, allow for a less costly version of the product than previous versions,” Bennett says. “I think as little as 10 years ago, when people tried to put something out in the market to cover this off, they were looking at 10% of the rate online, so if you had $10 million of capacity, that would cost you $1 million in premium. We are multiples lower than that now.” Beattie says such policies can cost as little as 1% of the rate online.
What makes a less expensive solution feasible is better tracking of the reputational impacts of adverse events than in the past and the discernment of certain patterns. Both the Beazley and WTW solutions feature Polecat analytics that monitor internet conversations about brand and reputation. Polecat can provide near real-time intelligence on reputational events and can distinguish between the social media reputational attack on the average citizen and one on a superstar with a massive following, as well as between the impact of impressions from The New York Times versus the smaller impacts created through impressions from a local newspaper.
WTW’s product covers nine named perils from which clients can choose those most relevant to their sector.
The nine enumerated perils comprise sale of harmful products, disease outbreak, bodily injury, animal abuse, employee abuse, customer abuse, active assailant, disgrace of a celebrity endorser, and abduction. The product is designed to provide an infusion of financial support at the nadir of events when time, manpower and money may be in short supply.
“There is a dual trigger,” Bennett says. “So the event happens, and then you have a significant adverse publicity event, which might be a tweet or an article in the press. At this point, the policy covers crisis communications and advertising and promotional costs even without a demonstration of revenue or profit damage. Policyholders would receive up to 10% of the capacity, $5 million of a $50 million capacity maximum, with limits that vary by client size and sector. So you could, if you took all that capacity, have up to $5 million worth of crisis communications.”
Both WTW and Beazley’s solutions involve a payout for demonstrated impact upon revenues. This is based on agreed-upon metrics and allows for ready payment, rather than after-the-fact adjusting, which Bennett and Beattie say would likely result in payments far too late to benefit clients in their hours of need.
Beazley’s Beattie says that, under its product, his company works with the client to establish a baseline anticipated profit margin and an agreed-upon amount by which revenue has to fall for a particular period of time for this component of the policy to be triggered, typically a 10% decline over three-month period. When the policy is triggered, the anticipated profit margin is applied to the difference between actual and estimated revenues to determine lost profit compensated, less certain retentions, under the policy, Beattie says. This approach permits paying insureds business interruption benefits every three months during the dating period, rather than, under a more traditional indemnity policy, appointing the adjuster and then taking as much as 18 months to two years after the fact to determine actual losses incurred and provide payments.
“We used about 10 years of S&P data looking at revenue shocks, for any reason, and looking at companies that hadn’t been affected by revenue shocks,” Beattie says. “We found that the formula that we’ve kind of created is accurate within a percent or two of actual performance. This methodology, which looks back to the corresponding period in the previous year, applies a growth rate to that period in order to calculate the estimated period for the indemnity period. And it is really very accurate.” The total limit for a single employer under the Beazley policy is $25 million.
Beazley’s product takes 15 risks to any company and determines their applicability to a given company operating in a given subsector in a given industry, Beattie says. “For example, we will infer from the research that we’ve done that sexual molestation abuse is a bigger issue for the hotel industry than it is for the restaurant industry, although they both operate in the hospitality sector. When you start to delineate between these perils on that basis, you can segment the opportunity, you can start the price consistently, which is critical.”
Steel City Re’s insurance solutions for boards of directors and enterprises rely upon a synthetic index of reputational value called the RVM Index. Using a seven-million-event experience base, Steel City Re calculates the value(s) of one or more parametric trigger(s) best matching the clients’ choices for risk retention and cost. Its parametric policies pay when the insured’s RVM Index value dips below a trigger value for 20 weeks following a publicly recognized adverse ESG event or, more broadly, after an event in the areas of ethics, innovation, safety, security, sustainability or quality.
Insurance as a Piece of Enterprise Risk Management
Kossovsky emphasizes that, to be effective, reputation-risk insurance must sit on top of an effective enterprise risk-management program. “The most valuable thing clients have from us,” he says, “are the metrics that allow them to reasonably model their potential losses and therefore execute prudent business judgment—not only in designing the insurance coverage but, more importantly, in the managerial and governance processes that are implied by their also having a reinsured captive covering that loss.”
Steel City Re also works with clients to improve their reputational risk controls. “It’s a process of putting the company in a state of reputation resilience, which, after an assessment, begins with augmenting their enterprise risk-management apparatus strategically,” Kossovsky says.
Such policies generally can be a strong tool in negotiations with lenders and institutional investors to demonstrate that governance and other ESG risks are under control, which can be a strong selling point for these policies with clients’ senior organization financial executives, Kossovsky says. It is important for brokers and agents to tell their client-side contacts that reputation risk insurance does not seek to replace their enterprise risk management but, rather, augment its capabilities with hard numbers and data, Kossovsky says.
Europe is generally ahead of the United States in facing pressure to address ESG issues that roughly align with reputational risks. But even in Europe, insuring for reputational risk remains on the cutting edge, brokers say, with most risk-management efforts internalized within clients’ organizations.
“The whole ESG wave is rather new for most of the actors on the risk management/broking scene in Europe,” says Wim Lanclus, director of risk services at Antwerp-based Vanbreda Risk and Benefits. “It’s only a year ago that the first webinars and publications became more common and widespread here on the Continent, driven by upcoming EU legislation.
“Besides some official reactions and statements from some major insurers regarding their underwriting restrictions for some industries, we’ve seen some reactions earlier this year from Ferma [European Risk Managers Federation], outlining their understandings and views on ESG risks.
“Reputational risk is important for corporates and insurers in Europe, but we’re still in the early stages here when it comes to insurance solutions for the related ESG exposures. Some major carriers came up recently with some solutions, but none of these are widespread.”
But that could change, Lanclus adds. “Emerging risks, such as the climate or cyber crime, mean that certain types of coverage from the past are no longer sustainable. Think of a traditional fire or liability policy that used to include a limited cyber coverage almost for free, as an extra. The growing number of cyber risks and incidents has led to the development of separate products.”
That is true for the insurance industry itself. In a recent A.M. Best survey of 97 European and Asia-Pacific reinsurers on ESG factors, corporate governance and product liability, including cyber security, were cited as the most relevant ESG issues for the insurance industry, alongside climate risk.
Related Content: Insurers Edge Into ESG