What Is Reputational Risk? Examples & How to Manage It
Reputational risk is the threat that negative perception, whether earned or manufactured, damages revenue, valuation, hiring, and trust. Here is a clear definition, real examples, and a practical framework for managing it.
Key takeaways
- Reputational risk is the threat that negative perception, whether earned, exaggerated, or entirely false, damages revenue, valuation, hiring, financing, and stakeholder trust. It lives in perception and in search and AI results, not only in the underlying event.
- It behaves as a risk multiplier: reputational risk rarely arrives alone. It amplifies the fallout from other risks (a breach, a lawsuit, a product failure, a bad quarter) by shaping how customers, employees, investors, and regulators react to them.
- The main sources are conduct, product and safety, cyber and data, ESG and greenwashing, executive behavior, third-party and supply-chain exposure, reviews and social media, and, newly, misrepresentation by AI answer engines.
- Reputation is now a material chunk of enterprise value. Intangible assets make up roughly 90% of S&P 500 market value, and studies have attributed a meaningful share of that specifically to reputation, so a hit to perception can erase real market capitalization.
- Managing it is a continuous cycle (identify, assess, mitigate, monitor, respond), owned at the board and enterprise level rather than left to communications after a crisis erupts.
- Honest management is candid about what can and cannot be changed: false or policy-violating content can often be removed or de-indexed, lawful-but-damaging content usually has to be outranked, and fair criticism is fixed at the source, not scrubbed.
In this guide
Reputational risk is the potential for lost revenue, value, or opportunity caused by damage to how a person or organization is perceived by the stakeholders who matter: customers, employees, investors, partners, regulators, and the public. It is one of the most consequential and least understood risks an organization faces. Unlike a lawsuit or a data breach, it rarely appears as a single line on a balance sheet, yet it quietly shapes whether customers buy, whether talent joins, whether investors commit, and whether regulators scrutinize. This guide gives a plain definition, explains why reputational risk behaves differently from other risks, maps its main sources and real-world examples, shows how firms measure and monitor it, and lays out a practical framework for managing it at the board and enterprise level.
What is reputational risk?
Reputational risk is the threat of harm to earnings, value, or opportunity that arises from negative stakeholder perception. That damage can come from something the organization actually did, something it failed to do, or something entirely false that spreads faster than the truth. What makes reputational risk distinct is that the harm lives in perception, and increasingly in search results and AI answers, not only in the underlying event. A resolved issue that still dominates page one of Google, or a false claim repeated by an AI assistant, keeps causing harm long after the facts have changed.
A useful way to frame it: reputational risk is the gap between how an organization actually behaves and how it is perceived to behave. In their influential Harvard Business Review article Reputation and Its Risks, Robert Eccles and his co-authors argued that a company is most exposed when its reputation is better than its true character (the gap will eventually close, painfully), when the beliefs and expectations of its stakeholders shift, and when weak internal coordination lets a problem surface before anyone is ready for it. Managing reputational risk means closing that reality-perception gap in both directions: correcting inaccurate perception, and, where the criticism is fair, addressing the underlying behavior.
Why reputational risk is different: the risk multiplier
Most enterprise risks are additive. Reputational risk is a multiplier. It rarely originates entirely on its own; more often it attaches to some other event (a data breach, a product recall, an executive scandal, a regulatory fine, a bad quarter) and determines how severe the consequences become. Two companies can suffer the identical operational failure and experience wildly different outcomes depending on how each is perceived going in, how it responds, and what narrative takes hold afterward. The event is the spark. Reputation decides whether it fizzles or becomes a fire.
This multiplier quality is exactly why boards now rank it so highly. In Deloitte's global survey on reputation risk, 87% of executives rated reputational risk as more important or much more important than other strategic risks they face. It is not that a breach or a lawsuit is trivial; it is that the reputational fallout frequently dwarfs the direct cost. The direct cost of a recall is the recalled units. The reputational cost is every future customer who now hesitates, every recruit who takes a different offer, and every investor who reprices the stock. Because it compounds other risks rather than standing beside them, reputational risk cannot be delegated to a single function and handled after the fact. It has to be built into how the whole organization anticipates and responds to everything else.
Managing reputational risk at the company level?
Senior-led and confidential. You pay only for results.
The main sources and types of reputational risk
Reputational risk tends to originate from a recognizable set of sources, and a mature program maps each one to an owner, a monitoring method, and a response plan rather than treating reputation as something communications handles only after a crisis erupts. The major categories are: conduct and culture (leadership behavior, discrimination or harassment claims, toxic workplace stories); product and safety (defects, recalls, failures that put customers at risk); cyber and data (breaches and mishandled personal information that signal weak stewardship); ESG and greenwashing (public claims about sustainability, labor, or governance that do not match practice); executive risk (a founder or CEO whose personal statements, history, or misconduct become attached to the entire brand); third-party and supply-chain exposure (vendors, partners, franchisees, or portfolio companies whose problems become yours by association); reviews and social media (viral complaints, coordinated review-bombing, and manipulated ratings); and information risk (defamation, misinformation, and old-but-accurate content that keeps resurfacing).
The newest category deserves its own line: AI-answer misrepresentation. When ChatGPT, Google's AI Overviews, Gemini, Copilot, or Perplexity summarize a company or executive, they can confidently repeat outdated, out-of-context, or outright false information to anyone who asks, and most users never click through to check the source. That makes the AI answer a reputation surface in its own right, and one you cannot edit directly. Not every negative event is a crisis, and not every reputational risk stems from wrongdoing. Some of the most damaging cases involve accurate-but-old information or entirely fabricated claims that persist simply because no one has addressed how they appear in search and AI results.
Reputational risk examples
Reputational risk is easiest to grasp through the situations that create it. A data breach exposes customer information and signals weak security, and the loss of trust often outlasts the technical fix. A product recall or safety failure raises doubts that extend well beyond the affected product line. Executive misconduct or a controversial public statement becomes attached to the whole brand, which is why leadership behavior is treated as an enterprise risk and not a personal matter. A viral customer complaint or a coordinated review-bombing campaign can tank a rating and a sales pipeline in days. An ESG or greenwashing controversy, where public claims do not match practice, can alienate customers, employees, and investors at once. Regulatory action or an enforcement headline compounds the underlying issue with a public credibility hit. A defamatory article or blog post that ranks for the company or a founder's name quietly costs deals and financing for years. And AI misrepresentation now surfaces any of the above, sometimes long after resolution, to whoever asks a chatbot about you. In almost every case, the durable damage is not the event itself but how it lives on in the places people look.
Reputational risk and enterprise value
The reason reputational risk has climbed to the top of the board agenda is that reputation is now a large, measurable part of what a company is worth. Decades ago, most corporate value sat in tangible assets: factories, inventory, equipment. Today, according to Ocean Tomo's long-running Intangible Asset Market Value Study, intangible assets account for roughly 90% of the market value of the S&P 500, a near-complete inversion from the 1970s. Reputation, brand, trust, and goodwill are a meaningful slice of that intangible value, and various studies have attributed a substantial share of total market capitalization specifically to corporate reputation. The World Economic Forum has cited estimates that reputation represents more than a quarter of a company's market value.
The practical implication is blunt: when perception takes a hit, real market capitalization can evaporate, because so much of the value was riding on trust in the first place. This also reframes reputation as an asset to be protected and grown, not merely a liability to be contained. That is the logic behind corporate reputation management as a discipline: treat reputation like any other material asset, with monitoring, defense, and deliberate investment, rather than something you only think about when it is already on fire. For large or multi-brand organizations, the same logic scales up into enterprise reputation management, coordinating reputation across business units, regions, and executives.
How reputational risk is measured and monitored
Because reputational risk lives in perception, measuring it means measuring perception across the surfaces where stakeholders actually form impressions. Mature programs track a combination of signals: share of voice and sentiment in news and social media; search-results health for the company name and key executive names (what ranks on page one, and whether it is accurate and favorable); review volume, velocity, and rating across the platforms that matter to the business; media tone in earned coverage; and, increasingly, what AI answer engines actually say when prompted about the brand and its leaders. Firms also watch leading indicators, such as employee sentiment and Glassdoor trends, that often precede a public problem.
The goal of monitoring is early detection. Reputational damage is far cheaper to contain while it is small and localized than after it has ranked, been amplified, and hardened into the default narrative. That is why continuous monitoring, rather than a once-a-year audit, is the backbone of any serious program. In 2026 that increasingly means watching AI outputs as closely as search rankings, which is the specific job of AI reputation monitoring: catching the moment a model starts repeating something false or damaging, so the underlying sources can be corrected before the misstatement spreads.
A framework for managing reputational risk
Managing reputational risk is a continuous cycle, not a one-time project, and it maps cleanly to five steps. Identify. Map where reputational risk can originate across every source above, and tie each to a named owner. You cannot manage a risk that no one is accountable for. Assess. Establish a clear baseline of how the organization and its key executives actually appear across search, news, reviews, social platforms, and AI answers, and rank the specific liabilities by severity and visibility. A harsh but fair review at the top of page one may deserve attention before a false claim buried on page three.
Mitigate. Reduce exposure before anything goes wrong: fix the underlying issues that create the reality-perception gap, strengthen internal coordination so problems surface early, and build an accurate, authoritative baseline of owned and earned content so a single bad result cannot dominate. Monitor. Put continuous monitoring in place across search, reviews, social, and AI so new threats are caught while they are still small. Respond. When something does surface, act fast and proportionately: where content is false, defamatory, or policy-violating, pursue removal or de-indexing; where it is lawful but damaging, suppress it by building stronger content that outranks it; and where the criticism is fair, fix the underlying issue rather than trying to bury it. A credible assessment is honest about what can and cannot be changed. Accurate, lawfully published information from a legitimate outlet often cannot simply be deleted, and any advisor who promises a clean slate is overselling. When a situation is already live and moving fast, this response phase becomes formal crisis management, with pre-assigned owners and pre-approved messaging so the organization acts in hours, not days.
Who owns reputational risk: the board and the enterprise
Reputational risk is too consequential, and too cross-functional, to sit inside communications alone. Because it multiplies every other risk and represents a material share of enterprise value, oversight increasingly belongs at the board and senior leadership level. The board's role is to ensure that reputational risk is identified, owned, monitored, and reported like any other principal risk, and that the organization's actual conduct, not just its messaging, is aligned with the reputation it projects. In practice, ownership is distributed: legal, security, HR, investor relations, marketing, and operations each hold pieces of the exposure, which is exactly why coordination is the failure point that the HBR framework flagged. Enterprise reputation programs exist to stitch those pieces into a single view with clear accountability.
This enterprise lens also extends outward to the people and companies an organization associates with. Reputational due diligence applies the same discipline to counterparties: before an investment, acquisition, partnership, or executive hire, a buyer or investor examines the target's and the individual's reputational exposure the way it examines their financials. Reputation Resolutions supports investors and acquirers with reputational due diligence, and helps companies preparing for a transaction, financing round, or sale get their own house in order first through deal-ready reputation work, so a preventable reputational red flag does not surface during someone else's diligence and reprice or sink the deal.
Reputational risk in banking and financial services
In regulated industries, reputational risk has long been treated as a formal supervisory concern. For decades, U.S. banking regulators including the Office of the Comptroller of the Currency listed reputation risk among the categories examiners assessed, defined broadly as the risk to earnings or capital arising from negative public opinion. For banks, insurers, and financial advisors, reputational damage can trigger deposit flight, partner attrition, and heightened scrutiny, so many firms carry reputational considerations into vendor selection, product approval, and executive conduct policies.
One important recent development: in 2025 and 2026, U.S. banking regulators moved to stop using reputation risk as a basis for supervisory action, with the OCC removing reputation-risk references from its examination materials and agencies advancing rulemaking to prohibit criticizing or penalizing an institution on reputation-risk grounds. It is worth understanding what that change does and does not mean. It limits how regulators may use the concept as a supervisory tool; it does not eliminate the underlying business risk. Deposit flight, partner attrition, lost financing, and customer defection driven by damaged trust are just as real whether or not an examiner is permitted to cite them. Reputational risk insurance exists but covers only a narrow slice of the exposure. The durable protection, in finance and every other sector, remains a documented program for monitoring, assessing, and remediating reputational threats before they escalate.
AI answer engines: the newest source of reputational risk
The single biggest shift in the reputational-risk landscape is that a growing share of first impressions now form inside an AI answer rather than a list of blue links. When a customer, recruiter, investor, journalist, or potential partner wants to know what an organization is really like, many now ask ChatGPT, Google AI Overviews, Gemini, Copilot, or Perplexity and read the summary those systems produce, often without clicking a single source. As Search Engine Land has documented, these systems pull from a wide range of inputs (news, Wikipedia, Reddit, reviews, and social posts) and compress contradictory information into one confident narrative that users tend to accept at face value.
That creates three distinct risks. First, stale or false claims get a fresh audience, delivered in an authoritative tone that makes them sound settled even when they are wrong or years out of date. Second, the surfaces multiply: different engines favor different sources, so a clean Google page-one no longer guarantees a clean AI answer. Third, the fix is upstream: you cannot edit a model's output directly, so influencing it means correcting and strengthening the underlying sources these systems rely on, then monitoring the outputs to confirm the correction takes hold. This is why forward-looking reputational-risk programs now treat AI answers as a monitored surface alongside search and reviews, and why AI reputation monitoring has become a standard component rather than an experiment.
How Reputation Resolutions helps organizations manage reputational risk
Reputation Resolutions has helped clients across 40+ countries manage reputational risk since 2013, with more than 5,000 engagements and an A+ rating from the Better Business Bureau. For organizations, that work spans corporate reputation management for companies that want to treat reputation as the material asset it is, enterprise reputation management for large and multi-brand organizations coordinating reputation across units and executives, reputational due diligence and deal-ready reputation work for investors, acquirers, and companies heading into a transaction, continuous AI reputation monitoring so threats are caught while they are still small, and crisis management when a situation is already live. Content-removal work is results-based: for qualifying content, you pay only after removal is confirmed. The right starting point is an honest assessment of where your reputation stands today and which risks are worth addressing first, told plainly, including the parts that cannot be changed.
Frequently asked questions
What is reputational risk in simple terms?+
Reputational risk is the threat that negative perception damages your business: lost revenue, lower valuation, harder hiring, tighter financing, and eroded trust among customers, employees, investors, and regulators. The damage can come from something you did, something you failed to do, or something entirely false. What makes it distinct is that the harm lives in perception and in your search and AI results, not only in the underlying event, so it can keep hurting you long after the facts have changed.
Why is reputational risk called a risk multiplier?+
Because it rarely arrives on its own. Reputational risk usually attaches to some other event, such as a breach, a recall, a lawsuit, or an executive scandal, and then decides how severe the fallout becomes. Two companies can suffer the same operational failure and see very different outcomes depending on how each is perceived and how it responds. The direct cost of the event is often small next to the reputational cost: every future customer, recruit, and investor who now hesitates.
What are the main types of reputational risk?+
The main sources are conduct and culture, product and safety failures, cyber and data breaches, ESG and greenwashing controversies, executive behavior, third-party and supply-chain exposure, reviews and social media (including coordinated review-bombing), and information risk such as defamation and misinformation. The newest category is AI-answer misrepresentation, where systems like ChatGPT and Google AI Overviews confidently repeat outdated or false information about a company or its leaders.
How does reputational risk affect enterprise value?+
Significantly, because reputation is now a large part of what a company is worth. Intangible assets make up roughly 90% of S&P 500 market value, and studies have attributed a meaningful share of that specifically to reputation and brand, with the World Economic Forum citing estimates above a quarter of market value. When perception takes a hit, real market capitalization can evaporate, because so much of the value was riding on trust to begin with. That is why reputation is increasingly managed as a material asset, not just a liability to contain.
How do companies measure and monitor reputational risk?+
By tracking perception across the surfaces where stakeholders form impressions: sentiment and share of voice in news and social media, the health of search results for the company and executive names, review volume and ratings, media tone, and, increasingly, what AI answer engines actually say when prompted. The goal is early detection, since damage is far cheaper to contain while it is small than after it has ranked and hardened into the default narrative. Continuous monitoring, including AI outputs, is the backbone of a serious program.
Who is responsible for managing reputational risk?+
Because it multiplies every other risk and represents a material share of enterprise value, oversight increasingly belongs at the board and senior-leadership level, not inside communications alone. Ownership is distributed across legal, security, HR, investor relations, marketing, and operations, which is exactly why weak internal coordination is a common failure point. Enterprise reputation programs exist to stitch those pieces into a single view with clear accountability and regular reporting to the board.
Is reputational risk still a regulatory concern for banks?+
The picture is shifting. U.S. banking regulators, including the OCC, historically listed reputation risk among the categories examiners assessed, but in 2025 and 2026 they moved to stop using reputation risk as a basis for supervisory action. That change limits how regulators may use the concept as a supervisory tool; it does not eliminate the underlying business risk. Deposit flight, partner attrition, and lost financing driven by damaged trust are just as real whether or not an examiner is allowed to cite them.
Can reputational risk be fully removed or eliminated?+
No, and any advisor promising a clean slate is overselling. Reputational risk can be reduced, monitored, and managed, but not eliminated, because it depends on perception and events you do not fully control. False, defamatory, or policy-violating content can often be removed or de-indexed; lawful-but-damaging content usually has to be outranked by stronger material over time; and fair criticism is best addressed by fixing the underlying issue. Honest management is candid about which of these applies before promising anything.
What is the difference between reputational risk and a reputational crisis?+
Reputational risk is the ongoing exposure: the potential for perception to damage your business. A reputational crisis is that risk materializing into a live, fast-moving event that demands immediate response. Good reputational-risk management is largely about preventing crises and catching problems while they are small, but when one does erupt, it moves into crisis management, with pre-assigned owners, pre-approved messaging, and a coordinated response across search, media, reviews, and AI answers.
Sources & references
- Harvard Business Review: Reputation and Its Risks (Eccles, Newquist, Schatz)
- Deloitte: 2014 Global Survey on Reputation Risk (Reputation@Risk)
- Ocean Tomo: Intangible Asset Market Value Study
- OCC: Final Rule, Prohibition on the Use of Reputation Risk by Regulators
- Search Engine Land: Why AI search is your new reputation risk and what to do about it
- FTC: Consumer Reviews and Testimonials Rule, Questions and Answers
Prefer we handle it?
Managing reputational risk at the company level?
We build the monitoring, remediation, and response program that protects corporate reputation.
See corporate reputationReady to See What AI Finds About Your Reputation?
Schedule your free, confidential consultation and we'll show you exactly where you stand across search engines, review sites, and AI platforms.
