The IT Law Wiki
The IT Law Wiki

Definition[]

Reputational risk is the risk of significant negative public opinion that results in a critical loss of business or customers.

Overview[]

Reputational risk may involve actions that create a lasting negative public image of overall business operations, such that a company’s ability to establish and maintain customer relationships is significantly impaired. Reputational risk may also arise if actions by the company cause a major loss of public confidence in the company’s ability to perform functions critical to its continued operation. Reputational risk can arise in response to actions a company itself takes, or in response to actions of third parties. Increased reputational risk can be a direct corollary of heightened risk exposure, or problems, in other risk categories, particularly operational risk.

Reputational risk may arise when systems or products do not work as expected and cause widespread negative public reaction. A significant security breach, whether as a result of external or internal attacks on a company’s system, can undermine public confidence in the company. Reputational risk may also arise in cases where customers experience problems with a service and have not been given adequate information about product use and problem resolution procedures.

Mistakes, malfeasance, and fraud by third parties may also expose a company to reputational risk. Substantial losses caused by mistakes of another company offering the same, or similar, products or service may cause a company’s customers to view its products or service with suspicion, even if the company itself did not face the same problems. Reputational risk may also arise from targeted attacks on a company. For example, a hacker penetrating a company’s website may alter it to intentionally spread inaccurate information about the company or its products.

Source[]