Sarah Hewitt, Director in the Major Risks Practice of Gallagher, recently discussed the topic of managing your reputation with Ciaran Simms of Travelers Insurance.
Managing Reputation

Ciaran is an Underwriter for the Travelers Insurance Company’s Technology practice, specialising in providing insurance and risk management solutions for IT, Telecommunications, Electronics and Medical Technology companies.

Based on the podcast (available here), in this article we discuss why reputation matters to companies, whether data breaches are a risk for your company, making the headlines for all the wrong reasons, and how to protect your reputation.

The importance of reputation

In an age when a negative post can go viral and a video can reach millions of people in a few hours, reputation management is moving to the forefront of corporate concerns. Brand reputation is valuable to companies because customers see this as representing positive attributes that build trust – and trust leads to sales.

Unfortunately, the opposite is also true. When a brand becomes associated with negative messages, the damage in the marketplace can be extensive. A poor reputation can even impact the ability of a company to attract and retain a talented workforce as no one wants to work for a company with a bad reputation. The erosion of a brand can come from any number of directions, including substandard products, poor customer service and lack of social responsibility.

Increasingly, data breaches can also create negative attention for a company, often leaving customers believing that their information has been mishandled because of corporate indifference. If your company collects and stores data, a data breach is always a distinct possibility.

Consider the following statistics1:

  • In the 2015 Government and PwC Information Security Breaches Survey, it was found that 90 per cent of large UK organisations had suffered a security breach
  • The survey found that 74 per cent of small organisations had suffered a breach
  • Despite the large number of data breaches reported, experts agree that many breaches are never reported

Companies hitting the headlines because they have been victims of data breaches are almost too numerous to mention.

Examples include:

A well know telecommunications company (TalkTalk) hack, during which more than 150,000 customers’ details – including their bank account numbers and sort codes – were stolen. The company told the BBC that the hack was likely to cost them up to £35 million2.

Not all data breaches are due to malicious hacks. Marks and Spencer apologised to customers after its website experienced a technical error that allowed customers to see each other’s personal details3.

Yahoo admitted it had been hacked 3 years ago, and 3 billion of its records had been breached with all users being affected4.

What can companies do to protect their reputation?

Many experts agree that the most effective protection for your reputation is to consistently follow best practices when conducting your business. However, bad things can happen to good companies – especially when it comes to data integrity in an era of hacking, viruses, spyware and malware. Therefore, it is important to be prepared.

  1. Assess your risks - Understand the risks to your reputation, whether from data breaches, product failures, customer complaints or social media attacks. Identify your assets that can be called into action to defend or repair your reputation.
  2. Form a response plan - Create a plan for handling a negative event, including creating an Incident Response Team. If a data breach occurs, what steps will the company take first? Who will notify authorities, handle the media and liaise with customers? What resources are available to handle the extra workload and provide the expertise to address the situation? The plan should lay out timelines and responsibilities so that certain key decisions do not have to be made in the heat of the moment.
  3. Build relationships - To avoid a steep learning curve in the midst of a crisis, develop relationships in advance with companies who can provide reputation management assistance.
  4. Transfer your risk - As for any other type of risk, a company should look for ways to transfer the risk of suffering a data breach. Many types of insurance today include coverage for cyber incidents. Look for a policy that pays for reputation management and PR services.

For more information about managing your reputation please get in touch with your usual Gallagher representative.


  1. The survey referenced was the Information Security Breaches Survey 2015, conducted by PricewaterhouseCoopers (PwC).