Corporate risk strategists increasingly view reputation as a tangible financial risk, as new WTW survey shows cyber-attacks overtaking ESG as the leading concern.
Cyber-attacks have overtaken environmental and social risks as the leading threat to corporate reputation, according to new global research by Willis, a WTW business.
In its 2024/25 reputational risk readiness survey, Willis found that 65% of senior executives now cite cyber-attacks as the top reputational risk facing their organisations—up sharply from just 24% in 2023. Environmental risks followed closely at 64%, while governance and social risks were also up year-on-year, cited by 56% and 47% of respondents respectively.
David Bennett, head of reputational risk management at Willis, said this shift reflects a growing realism in boardrooms. “The results of the survey show that while crisis response teams are more robust than ever, modelling capabilities still lag,” he said.
“In today’s unpredictable environment, the ability to anticipate and assess costs and liabilities is becoming increasingly critical. Reputation has long been viewed as intangible and difficult to quantify.
However, embracing advances such as AI-powered platforms, enables organisations to monitor real-time sentiment and model the frequency, severity, and potential sources of reputational threats with greater precision than ever before.”
According to the report, reputational risk is now almost universally recognised by business leaders: 99% of companies surveyed placed it among their top ten business risks, and 86% said they have a formal process in place to assess and manage it. Notably, 22% of firms now link reputation metrics directly to board-level KPIs, up from 14% last year.
Despite this growing awareness, the ability to financially model reputational risk has declined. Just 11% of respondents said their organisations had a “great deal” of modelling capability to understand the financial impact of a damaging event, compared to 74% who claimed moderate capability in 2023 and 87% in 2022.
Willis managing director Garret Gaughan said leading firms are moving away from reputation as a branding issue and managing it as a measurable enterprise risk.
“Leading businesses are managing reputation as an operational and financial risk and have moved away from viewing it as a branding exercise, with some even linking reputation to board KPIs,” he said.
“To build resilience, companies should develop strong risk management processes, including sentiment tracking and risk intelligence.”
The report highlights that while social media can act as both a barometer and amplifier of reputational crises, many companies appear less confident in their ability to use it effectively.
Some 77% of firms now see social media as important for reputation management, down from 87% in 2023. Meanwhile, C-suite engagement on social media has stagnated at just four interactions per year.
More positively, crisis planning has improved: 87% of firms now have a formal crisis response team in place, up from 80% last year, and 91% conduct annual exercises to test their plans. However, the report notes that only 34% of crisis teams are measured against KPIs, suggesting room for improvement in performance evaluation.
Despite the challenges in financial modelling, most organisations are at least planning for reputational events. Some 94% have a reserved budget in place to manage the fallout from a damaging incident, including funds for crisis communication and brand recovery efforts.
The report concludes that many firms are now treating reputational risk with the same seriousness as more traditional exposures.
Bennett added: “The value of intangibles such as reputation and trust have risen. They have effectively solidified into tangible assets, with a monetary value, and need to be protected as such.”
No comments yet