During the winter of 2007, TJX Corp. and JetBlue, two companies with relatively untarnished reputations, found themselves in the midst of corporate crises. TJX was forced to acknowledge that hackers had breached its data security systems, stealing nearly 46 million customer credit card records from its popular T.J. Maxx, Marshallsand HomeGoods stores. A few weeks later, JetBlue took a beating when severe weather in the Northeast wreaked havoc with air travel, stranding several JetBlue planes and hundreds of passengers on runways for up to 10 hours in some cases.

The stock prices of both companies suffered. TJX was threatened with class action suits and regulatory action, while JetBlue suffered the humiliation of losing its BusinessWeek top customer satisfaction position on the cover of the March 5 issue. Even though the crises were relatively short-lived, the companies are only just now emerging from their wake–both finally beginning to once again outperform their industry group. As Warren Buffett once said, "It takes 20 years to build a reputation and five minutes to ruin it."

As senior executives begin to embrace the need for implementing effective risk management strategies, many too often ignore what may well be the most potent risk an organization faces. A recent Harvard Business Review article made the point that 70% to 80% of a company's market value comes from hard-to-access or -quantify intangible assets such as brand equity, intellectual capital and goodwill, making organizations especially vulnerable to anything that damages their reputations. Not only is reputation one of the most difficult assets to quantify, it is also probably one of the hardest to protect and manage.

Recommended For You

Nonetheless, in this era of corporate scandal, malfeasance and heightened risk to corporate reputations, managing reputational risk must be a company's top priority and a company cannot wait until the crisis is upon it. While all this is relatively intuitive and most companies at least understand the stakes, many fall short–or give up entirely when it comes to finding proactive solutions to mitigate the problem beforehand.
The key is to bring reputational risk management into the same framework that is widely used to manage other risks across the organization. Whether that framework is based on COSO II, Basel or ANZ-4360, for example, the crucial point is that reputational risk must be identified, assessed, monitored and managed in the context of an enterprise-wide risk and control structure.

A company may not be able to avoid every land mine, but this kind of formal focus on managing risk can effectively minimize lethal impacts by reducing the likelihood of events and formalizing crisis response when exposure actually occurs. By taking a proactive, risk-based approach toward the management of reputation, an organization can, in fact, effectively develop concrete strategies for building, maintaining and protecting its most elusive, yet most defining asset.

NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.