Reputation risk management in action

Dec. 21, 2022
Eli Lilly defused a reputational crisis. What more could it have done?

When Eli Lilly was faced with a potential reputational crisis last month, it demonstrated what reputational resilience and effective reputation risk management look like.

Within two hours and 15 minutes of a fake tweet claiming that the company was planning to give away free insulin, a $23 billion stock sell-off disintegrated 6.3% of its market cap. Following Eli Lilly’s response pointing out that the tweet had come from a fake account — which came two hours and 30 minutes after that fake tweet — the company’s stock price began to rebound.

The speed with which the company responded is evidence of a robust and effective process for managing and responding to mission critical reputational risks. Research by Steel City Re shows that when companies can preemptively demonstrate the existence of that type of process, they generate a ‘reputational premium’ in the form of enhanced stock performance.

The credibility with which their response was treated demonstrates that the company’s reputation is, indeed, resilient and that stakeholders have confidence that Lilly is well-equipped to meet their expectations.

And yet, despite this strong response, all is still not well. The company’s exceedingly rapid response still clocked in 15 minutes after the share sell-off began.

In the days since that event took place, Lilly’s stock underperformed the S&P and underperformed some of its pharmaceutical industry peers. Why the lingering effect on Lilly’s stock price? What could it have done differently? What could a company in its position do now?

The key to unlocking answers to all three questions was discovered by behavioral economists Douglas Diamond and Philip Dybvig, who showed that once stakeholder’s expectations shift, a panic sell-off is a reasonable consequence. This sell-off could be triggered by “almost anything,” they wrote in their 1983 paper, “consistent with the apparently irrational observed behavior of people running on banks.” Even a tweet.

One lesson to be taken from this Nobel Prize-winning research, from this incident, and from its aftermath is the importance of reputational risk deterrence. It may be tempting to conclude that this is simply a case of a company doing nothing wrong, being hit with a random, malicious, easily dismissible attack — all of which is true, but is only part of the story.

Of all the companies the ‘pranksters’ could have gone after, they went after this one. That was not unavoidable. Just as burglars avoid houses with visible evidence of burglar alarms, adversaries in the corporate realm tend to steer clear of companies with the strongest defenses — going after weaker targets instead.

Ironically, with Lilly now having demonstrated its reputational resilience, it is less likely to be a target of such attacks in the future. But our research has shown that communicating proactively and transparently about reputation risk management and governance – before attacks occur – is the most effective way of deterring incidents in the first place.

To be credible without having to describe detailed and proprietary information about risk management systems, companies need third party authentication, usually in the form of insurance, with an underwriting process that enables companies preemptively to tell a clear, simple and compelling story — a story of authenticated risk management for mission critical reputation risk. This will reduce the chance that expectations will shift.

Even now, one can only assume that the lag in Lilly’s stock price is a sign of some lingering concern —perhaps among stakeholders wondering why it was this company in particular that was targeted, perhaps wondering if some other conspiracy theory might take hold. As Poor Richard’s Almanac noted in 1750, “Glass, china and reputation are easily cracked and never well mended.” Objective authentication that includes financial risk transfer — a third party putting money behind their opinion — could overcome whatever lingering questions may exist.

The military, and many corporate leaders, think in terms of an ‘OODA loop’ — the amount of time it takes to Observe, Orient, Decide and Act. We live in an era where weaponized social media has compressed that time frame dramatically — so that even responding within 150 minutes, as Lilly did, may be insufficient.

Understanding reputational value and resilience, anticipating, meeting or managing the expectations of stakeholders, developing and maintaining an effective reputation risk management process, and authenticating it through insurance or other third parties are all clearly crucial to protecting enterprise value. But often overlooked is the additional value that third party authentication has as a signaling device that deters reputational attacks and mitigates their impact when they occur.

About the Author

Denise Williamee | Vice President of Corporate Services, Steel City Re

About the Author

Nir Kossovsky | CEO, Steel City Re