We use a variety of IT systems and processes in order to optimally support our globalization. Trends in information technology offer various opportunities but also harbor risks.
Risks due to cybercrime and the failure of business-critical applications
Increasing international networking and the related possibility of IT system abuse are resulting in cybercrime risks for our company, such as the failure of central IT systems, the disclosure or loss of the data integrity of confidential data from research and business activities, the manipulation of IT systems in process control, or an increased burden or adverse impact on IT systems as a result of virus attacks.
The Group operates an information protection management system based on ISO 27001 comprising security guidelines as well as organizational and technical measures to prevent and address IT security incidents. Globally used IT applications form the basis for the contractual delivery of products and solutions. The failure of business-critical IT applications could therefore have a direct influence on our ability to deliver and on the quality of our products. This also applies to the failure of a data center. To achieve the required service quality, we use a quality management system certified to ISO 9001 that also applies to the provision of IT. In addition, to reduce the risk of failure, we operate several redundantly designed data centers. Furthermore, insurance solutions for cybercrime offenses are in place at Group level.
Likewise, complications with the changeover of IT systems could negatively impact the earnings situation. Close monitoring of critical IT projects serves to mitigate this risk.
Despite the mitigating measures taken and functional continuity plans, the effects of cybercrime or the failure of business-critical IT applications and their influence on the net assets, financial position, and results of operations are considered high risks owing to likely and potentially critical negative impacts.