Reputational Risk Draws Increased Board Awareness, But Not Action
In its fifth annual board of directors survey, "Concerns About Risks
Confronting Boards," EisnerAmper surveyed directors serving on the boards of more than 250 publicly traded, private, not-for-profit, and private equity-owned companies to find out what is being discussed in American boardrooms and, in turn, what those boards are accomplishing as a result.
“The financial cost and damage to reputation from a cyber/privacy breach is growing exponentially,” said Nancy Brady, EisnerAmper’s director of IT risk services. ”Directors have recognized the increasing risk companies face related to cyber/data security. Now they need to roll up their sleeves and, with the companies, address these risks.”
While reputational risk remained the top concern of respondents, the survey found that companies are not necessarily translating awareness into action. In fact, only 31% said they were concerned about crisis management.
“There were a surprising amount—close to a quarter of respondents—who had no plans, and others just informally ‘doing their best.’ This lack of formality to address the most significant risk identified existed across all organizations,” the report said. “When plans existed, they included both everyday operations—such as to keep a positive reputation and reduce the risk—and strategies to address a crisis affecting reputation.”
Despite the minimal plans in place, the directors surveyed seem to hold themselves and other company executives primarily responsible for the response to a reputational crisis. When asked who is responsible for executing such a plan, they reported:
Respondents also showed improving confidence in the performance of the board, committees, external auditors and accounting departments.
Click here to view the full report.