PERNOD RICARD - Universal Registration Document 2019-2020

4. RISK MANAGEMENT Risk factors

Negative media/social media campaign 3.

RISK IDENTIFICATION AND DESCRIPTION

POTENTIAL IMPACTS ON THE GROUP

Media/social media attacks represent a major threat for the Group. Through the increasing number and growing influence of social media networks, the Group faces the risk of being exposed to significant media coverage of inappropriate publications or messages.

A malicious attack intending to damage the Group's reputation or a genuine incident in relation to Pernod Ricard brands could have a significant impact on the Group’s image and reputation. Further widespread negative media coverage could jeopardise consumers’ confidence in Pernod Ricard brands, resulting in a potential sales decline.

RISK CONTROL AND MITIGATION The Group’s risk is managed through a series of internal and external measures. While internal measures primarily focus on raising employee awareness of the impact of social media and sharing best practices in terms of communication, external measures are used to monitor social media and promote the Group’s S&R activities.

Cyberattack 4.

RISK IDENTIFICATION AND DESCRIPTION

POTENTIAL IMPACTS ON THE GROUP

The Group’s digital transformation has brought with it greater exposure to risks stemming from cyberattacks, as well as those related to IT and telecommunications system failures. These systems are of inestimable importance in the Group’s day-to-day processing, transmission and storage of electronic data relating to both operations and financial statements, and communication between Pernod Ricard’s personnel, customers and suppliers. Stronger personal data protection regulations, including the General Data Protection Regulation, increase the risks associated with regulatory non-compliance.

Potential impacts of a cyberattack and its effects depend on the nature of the attack, but could include: leakage, loss, theft of personal, strategic or confidential data, — and the resulting chain of potential repercussions; system failure; and — incapacity to perform day-to-day operations. — Although the Group invests a significant amount in maintaining and safeguarding its IT systems, particularly in view of growing threats in terms of cybercriminality, any malfunctions, significant disruption, loss or disclosure of sensitive data could disrupt the normal course of business, and have financial, operational or reputational consequences.

RISK CONTROL AND MITIGATION Pernod Ricard has drawn up a cybersecurity roadmap based on the establishment of dedicated governance and resources. It also has cyber insurance providing coverage of €20 million, and strives to strengthen the security of its infrastructure, websites and networks. Infrastructure monitoring and management is performed constantly. IT and security audits are performed to assess whether the level of security is adequate; they give the Group a good overview of the reliability of its IT systems. In addition, awareness-raising campaigns are conducted. Lastly, tests are carried out on the recovery of the Group’s IT systems following a hypothetical cyberattack, and a plan designed to facilitate the recovery of data as efficiently as possible has been drawn up.

133

Pernod Ricard Universal Registration Document 2019-2020

Made with FlippingBook flipbook maker