HUGO BOSS considers IT risks, personnel risks, and governance and compliance risks to be among the material organizational risks.
IT risks
Smooth business operations with efficient processes are strongly dependent on a powerful and secure IT infrastructure uniformly implemented throughout the Group. Serious failures of the Group’s IT system may result in significant business interruptions. In addition, cyber attacks can lead to major system interruptions, loss of confidential data, and the ensuing loss of reputation and liability claims. In order to reduce these risks, preventative system maintenance and security checks are carried out by the central IT department on a regular basis, multi-level security and anti-virus concepts are implemented, and job-related access rights are assigned. In addition to this, access control systems, daily data backups of the Group-wide ERP system, an uninterrupted power supply as well as regular online training sessions for staff should increase IT security in the Group. The Internal Audit department regularly monitors the security and reliability of the IT systems as well as the effectiveness of the implemented control mechanisms.
HUGO BOSS assumes that global cyberattacks will continue to increase in the future, and consequently classes them as an “emerging risk”. With the objective of further improving the ability to respond to potential attacks, the Company aims to keep working on the continuous development of its information security program. In this context, the Company has implemented a security information and event management system, which is intended to provide a complete overview of the Group’s IT security. Due to the implemented measures, the Management currently considers the occurrence of IT risks to be unlikely. However, the associated financial impacts could generally be high.
Personnel risks
Achieving HUGO BOSS’s strategic and financial targets is largely dependent on the skills and commitment of its employees and on safeguarding a fair and value-based corporate culture. Personnel risks mainly stem from recruitment bottlenecks, shortages of specialists and excessive employee turnover. HUGO BOSS counters this risk with a forward-looking personnel planning, comprehensive development and training measures, the continuous development of its performance-based remuneration system and flexible working models to better combine work and private life. Overall satisfaction, as determined in an annual employee survey conducted in cooperation with Great Place to Work® Germany, rose to 76% in 2021 (2020: 72%). This means that the Company has achieved its target of increasing Group-wide overall satisfaction to 75% by 2025 ahead of schedule. Management assesses overall personnel risks as unlikely, while having a moderate financial impact. Employees and Teams
Governance and compliance risks
All HUGO BOSS employees are required to comply with the Code of Conduct applicable throughout the Group and the compliance rules applicable in specific areas. The Group companies are subject to regular risk analyses and detailed audits where applicable. Adherence to the compliance rules is monitored by the central Compliance division and breaches are reported to the Managing Board and Supervisory Board. Corporate Governance and the Corporate Governance Statement, Combined Non-Financial Statement, Anti-Corruption and Bribery Matters
Breaches of data protection laws represent an increased compliance risk. The Group counters this risk using a system that complies with data protection laws and through appropriate technical and organizational measures. All employees are educated on data protection matters through activity-related training courses, the obligation to adhere to the Code of Conduct, and a separate duty of confidentiality. All internal processes and systems for processing personal data are measured on an ongoing basis and continually improved to ensure compliance with legal data protection requirements. Management classifies risks in the context of governance and compliance as unlikely, yet considers the potential financial risk to be high. Combined Non-Financial Statement, Social Matters