However, because CROs and ERMs already have so many exposures on their plates, and perhaps because it's a difficult exposure to measure, reputational risk may very often be lost in the shuffle. (This is a particular problem if an insurer has no enterprise risk management department or CRO taking a wide-angle view of risk.)

The solution might be to go ahead and appoint a Reputational Risk Officer (RRO). Such an individual is a natural addition to an insurer's enterprise risk management department (if the insurer has one), reporting to the ERM or CRO (if such an individual exists). But even if there is no ERM department or CRO leading it, an RRO could still do a lot of good within an insurer's marketing, communications or even legal department.

In the “old days,” such brand-related issues were usually handled by the folks in public relations, working in conjunction with their colleagues in marketing, advertising and (in case something bad happened, such as a lawsuit or regulatory action) the corporate counsel's office.

Today, however, the challenge is more complex, as insurer brands are vulnerable to attack not just in the mainstream media, but by millions of non-journalists whose critiques can go viral over a host of social media venues.

That added complexity means a more ambitious approach to reputational risk likely needs to be formulated and implemented, including:

• The establishment of multiple early warning systems so an insurer isn't caught off guard.
• The drafting of a loss-control plan to quickly counter any brand attacks in a variety of media.
• The mustering of “brand troops”—both internal and external—to come to the insurer's defense at a moment's notice if problems arise.

One possible approach was outlined at Deloitte's ERM conference by a colleague of mine, Jonathan Copulsky, a principal with Deloitte Consulting LLP, who recently published a book—“Brand Resilience: Managing Risk and Recovery in a High-Speed World”—that lays out a creative plan based on a “counterinsurgency strategy” to help risk managers at all companies (not just insurers) deal proactively and comprehensively with such exposures.

The theory behind the book is that everyone—including employees and even satisfied customers—can be critical players in defending a company's brand and repairing damages to the organization's reputation. That seems to be the very definition of enterprise risk management.

Some might suggest we already have so many titles in the executive suite that it's becoming like alphabet soup, but perhaps room should be made for this one additional function. After all, the historical trend is towards greater and greater specialization, and risk management is no exception.

It's a lot like baseball, where effective bullpens feature middle-relievers for the fifth, sixth and seventh innings, set-up relievers for the eighth inning and, of course, the closer for the ninth. There are even left- and right-handed situational specialists, who usually are called upon to dispose of a single batter. Everyone has a very specific role to play.

Enterpriserisk management might benefit from having similar specialists. Even if an individual must assume multiple roles within an ERM department's “bullpen,” having someone dedicated to (and responsible for) reputational risk could go a long way in terms of making sure an insurer focuses on the issue and comes up with a plan to deal with the problem.

Some forward-looking carriers already have such a role in place, such as a chief branding officer, but that title appears to be rare indeed in this industry. Perhaps it's time to encourage carriers to make such a function more the rule than the exception.

Sam J. Friedman joined Deloitte Research as Insurance Leader in October 2010. He may be reached at [email protected].