Insight Archive  | Subscribe to our insights >>

Aon  |  Professional Services Practice
Reputation: A Changing Risk in a Changing World

Release Date: October 2020

What has changed?

In a previous article1 we explored the components of reputation risk and investigated if insurance offered an advantageous way of transferring the risk. Since the publication of that article the basic characteristics of reputation risk may have remained constant, but there are clearly new circumstances arising from COVID-19 that have prompted some re-thinking around reputation management. Much of this reflection has centered on organizational purpose, people issues and readiness for a crisis.

"It is difficult to make predictions, especially about the future" physicist Niels Bohr famously opined, but it is becoming apparent that certain changes in the way we work may be irreversible. Consensus appears to be building that the world may be quite different for some time to come, and we are not bridging to normality soon. There is a broad perception that COVID-19 has accelerated several major trends, particularly in the realms of technology and digitalization. These trends represent both risk and opportunity2.

In the risk category, more attention will have to be paid to large external risks. While some of these risks may be outside of the direct control of the organization, their consequences are not. A pandemic is a good example of such a “long tail” risk. It routinely appeared in surveys of major risks, but how much contingency planning was done? Was there in some respects a tick box approach due to the remoteness of the perceived risk and its potential consequences?

What can a firm do to position itself to deal more effectively with the uncertainty that arises from unexpected external shocks and thus protect or even enhance its reputation?3

Risk and Resilience

The response can be described in one word, resilience. Resilience is a concept that has relatively recently entered business and risk management vocabulary. It has a history in social sciences and was originally defined as, the capacity to absorb disturbance and retain function and structure. A more recently added dimension is the ability to recover and return to normal operations, a very important capability in today’s world.

The response to COVID-19 will demonstrate a firm’s resilience and will be an area of focus for insurers. Cyber risks and the exposure to ransomware and social engineering, for example, quickly come to mind. Taking a broader risk and risk transfer perspective suggests that there are many lessons that can be learned from the last few months. Building increased resilience might be one such lesson. How might insurers assess a firm’s resilience? Here are some areas in which to make the case for the resilient firm.

  • Behavior: a fundamental test is the support given to people. This may include the basics around work support, but also going the extra mile and providing help in areas such as wellbeing. Evidence in these areas will enhance reputation and build confidence that risk exposures will be minimized during exceptional conditions.
  • Technology (architecture, capacity and security): Professional firms would largely be well suited to deal with working from home and explanations around the systems in place and extra steps taken for capacity enhancement, and importantly additional security, will be of interest to insurers.
  • Future claims and mitigation: Is the firm scanning the risk horizon? What are the enhanced operational risks arising from extensive mobile working and how could they manifest themselves in client delivery? Is the firm looking at scenarios where future litigation might be expected? Are additional mitigation steps being put in place?
  • Approach to risk management: is it evolving? Is there a different approach to the future and how to deal with external shocks? Communicating the firm’s view of the landscape of issues it faces, and categorizing them by timeline with scenarios and responses, provides evidence of a mature approach to the management of crisis and risk.
  • Business continuity management: the ability to cope with uncertainty using the lessons of positive past experiences, effective crisis management and cyber incident response, serve to build a positive picture of a well run and resilient organization. Continuation of services to clients and strong financial performance are clearly indicators of success.

Coping with uncertainty

In a more universal sense, many lessons arise from other’s good performance and indeed mistakes. Reputation events in the past have often involved fundamental failures in risk perception, communication and crisis response. During a recent Chatham House webinar, a leading epidemiologist expressed the view that pandemic response failures globally had included the failure to link knowledge to decision-making and cognitive biases. He then went on to cite poor, confusing communications and ignoring expert advice. Thought provoking and universal truths for all of us involved in the management of risk.4

Coping with this degree of uncertainty requires particular capabilities and a crisis management framework is a good place to start. There is a cycle of understanding, responding and planning that is clearly adaptable to the current situation. The difference with COVID-19 may be that there is no conventional path through the crisis phases. Dealing with financial, operational and reputational risk implications will be continuing challenges for the foreseeable future.5

A new approach to risk management might require new skills. We can borrow from the area of complex systems and introduce design thinking and scenario planning into the process.6 There has been much debate whether COVID-19 was a Black Swan event or in fact a very predictable surprise. The use of scenarios and the construction of a broader risk radar outside of traditional operational or hazard related risks should have captured the possibility of a pandemic, although perhaps not the full-scale of what we have experienced. Design thinking can be used to create a response to complex system failure.7

In this period, maintaining the delivery of services and client relationships have been the key priorities but the ability to manage risk is a key capability to facilitate those primary objectives, and indeed protect and build the firm’s reputation. Darwin did not talk about the survival of the fittest, but about adapting to change.


To discuss any of the topics raised in this article, please contact Keith Tracey.

Keith Tracey
Managing Director


2 The Age of Accelerating Strategy Breakthroughs, at offers an excellent discussion of some “Megatrends”. See also, The next normal in professional services: how does our sector get through this, (Meridian West) at website, for exploration of challenges and possible outcomes.

3 Recovering from COVID-19: these are the risks to anticipate now – before it’s too late can be found at

4 Chatham House website contains much useful material, some is restricted to members

5 Aon’s recent paper – Decision Making in Complex & Volatile Times: Keys to Managing COVID-19 – describes a crisis management framework and the stages of crisis response. It can be found at

6 Scenario Planning for a post-COVID world can be found on

7 London Business School, IMD, Judge and Said Business Schools, all run regular webinars and their websites are excellent sources for practical guidance for dealing with turbulence