We’re in the see-through economy—an incredibly fast-paced age of transparency where consumers and investors are empowered through interconnectivity and technology to impact a company’s reputation. Customers and investors see the truth: a security breach is a reputational issue as much as a data security issue.
When a company’s brand does not meet the expectations of privacy and accountability, their users are more likely to choose an alternative product to make a statement, and investors are more likely to sell their shares in that company.
This is where the trend of Environmental, Social, and Governance (ESG) investing runs parallel to the see-through economy. ESG investors are sending a message that they’re tired of negligence and the mishandling of corporate scandals and negligence. Already, shareholders are speaking up about their expectations not being met in a corporation’s risk management program.
An effective ERM program proves to ESG investors that a company takes those expectations seriously. A study by Queens University has proven that companies that implement a comprehensive ERM program see a 25% increase in market value.
Data breaches like the one experienced by Under Armour are failures in risk management and are entirely preventable. The underlying issues behind these failures are typically buried deep in the operations of the company, often known by supervisors and mid-level managers for months or even several years ahead of time. The problem is that the root-cause of these incidents often cannot be identified by these individuals, who do not have the means to connect with employees across the silos of their work groups to understand how related risks transpire in other areas of the business. This means systemic risks aren’t addressed, and managers aren’t able to engage the right resources to fix the heart of the problem.
These days, companies seem to be in constant fear of the see-through economy. We find our customers embrace it. Companies can use enterprise risk management to empower employees and make everyone a process improvement specialist. Instead of treating these incidents, such as the one Under Armour is dealing with, as reactive one-off events, companies should be using ERM’s risk-based approach to identify and address the root-causes of their concerns.