MANAGEMENT REPORT loss of system or data integrity (e.g., data corruption risks that could arise on account of uncertain sporting successes. As in previous years, Borussia by means of malware), compromising IT system or Dortmund further counters this risk by setting strict data availability (e.g., internal business interruption, budgets for the individual divisions and undertaking outages in external communications). On the other corporate planning on a revolving basis using hand, IT cyber risks arise from the opportunity for various planning scenarios. Furthermore, the large volumes of information to be disseminated Company also uses planning scenarios to calculate widely, cheaply and at breakneck speed (e.g., e-mail various earnings and liquidity effects potentially campaigns against the Company, calls on social presenting additional opportunities for financial media to boycott the Company) and from social investment or shortfalls. It is of fundamental hacking. Borussia Dortmund seeks to counter these importance to permanently modify the planning IT cyber risks by reducing the risk of occurrence projections and to balance the need to remain through investments in data security and data competitive on the pitch and ensure economic protection. That includes expanding the firewall to stability and success on the one hand with the protect against external attacks and launching corresponding countermeasures that have already Project Security, a general initiative to identify and been taken to reduce the likelihood of the risk address potential security vulnerabilities. occurring on the other, especially during the COVID-19 pandemic in which the external Category 2 – personnel risk conditions are changing faster than ever before. The importance of human resources to companies The transfer business remains a key action area is growing. The Company's success is largely for Borussia Dortmund and is one of the most dependent on the commitment, motivation and important sources of income in the business of skills of both its sporting personnel and football. Achieving high sums for transfers often managerial/administrative staff. involves a loss of sporting quality within the squad, but after carefully weighing up all of the athletic This category currently includes five high-priority and business aspects it is possible that risks: value-driven transfers may also be concluded contrary to the Company's sporting interests. Protecting confidential information is a subject that remains in the public eye. Never before has data A new high-priority risk in this category are IT cyber protection posed so many challenges. In particular, risks, which are closely linked with protecting the increasing internationalisation of day-to-day confidential information. They are generally business operations necessitates a detailed understood as the risks posed while navigating a understanding of the respective data protection digital and interconnected world (cyberspace). In regulations applicable in individual countries. In specific terms, on the one hand IT cyber risks addition, technical progress harbours many pitfalls, involve the possibility of wilful and targeted cyber especially in relation to online data. Hackers stepped attacks on data and IT systems. The consequences up their attacks in recent years, releasing the of these attacks include: compromising data personal data of politicians, celebrities and others. confidentiality (e.g., data losses, data espionage), Action has to be taken to prevent the unauthorised 69
Annual Report 2020/2021 Page 68 Page 70