GROUP MANAGEMENT REPORT avoid financial risks that could arise on account of loss of system or data integrity (e.g., data corruption uncertain sporting successes. As in previous years, by means of malware), compromising IT system or Borussia Dortmund further counters this risk by data availability (e.g., internal business interruption, setting strict budgets for the individual divisions outages in external communications). On the other and undertaking corporate planning on a revolving hand, IT cyber risks arise from the opportunity for basis using various planning scenarios. large volumes of information to be disseminated Furthermore, the Company also uses planning widely, cheaply and at breakneck speed (e.g., e-mail scenarios to calculate various earnings and campaigns against the Company, calls on social liquidity effects potentially presenting additional media to boycott the Company) and from social opportunities for financial investment or shortfalls. hacking. Borussia Dortmund seeks to counter these It is of fundamental importance to permanently IT cyber risks by reducing the risk of occurrence modify the planning projections and to balance the through investments in data security and data need to remain competitive on the pitch and protection. That includes expanding the firewall to ensure economic stability and success on the one protect against external attacks and launching hand with the corresponding countermeasures Project Security, a general initiative to identify and that have already been taken to reduce the address potential security vulnerabilities. likelihood of the risk occurring on the other, especially during the COVID-19 pandemic in which Category 2 – personnel risk the external conditions are changing faster than The importance of human resources to companies ever before. The transfer business remains a key is growing. The Company's success is largely action area for Borussia Dortmund and is one of dependent on the commitment, motivation and the most important sources of income in the skills of both its sporting personnel and business of football. Achieving high sums for managerial/administrative staff. transfers often involves a loss of sporting quality within the squad, but after carefully weighing up This category currently includes five high-priority all of the athletic and business aspects it is possible risks: that value-driven transfers may also be concluded contrary to the Company's sporting interests. Protecting confidential information is a subject that remains in the public eye. Never before has data A new high-priority risk in this category are IT cyber protection posed so many challenges. In particular, risks, which are closely linked with protecting the increasing internationalisation of day-to-day confidential information. They are generally business operations necessitates a detailed understood as the risks posed while navigating a understanding of the respective data protection digital and interconnected world (cyberspace). In regulations applicable in individual countries. In specific terms, on the one hand IT cyber risks addition, technical progress harbours many pitfalls, involve the possibility of wilful and targeted cyber especially in relation to online data. Hackers stepped attacks on data and IT systems. The consequences up their attacks in recent years, releasing the of these attacks include: compromising data personal data of politicians, celebrities and others. confidentiality (e.g., data losses, data espionage), Action has to be taken to prevent the unauthorised 157