Cyber and information security risk

Cyber and information security risk is an increasingly material risk that continuously evolves. Security incidents, cyber attacks, hacking or data leakage may have a direct impact on the operations of Investor and the portfolio companies.

Risk Mitigating Actions: The Board has adopted an Information security policy. The Executive Leadership 
Team has implemented procedures and continuity plans to identify, protect, detect, recover and respond to incidents. Investor assesses regularly its risk profile and invests continuously to protect its systems 
and improve recovery plans. Investor follows up on the subsidiaries’ cyber security maturity and resilience. To increase awareness in the organization, employees are trained. Status and actions are regularly reported to and discussed within the Audit and Risk Committee.

Key personnel/succession risk

The ability to attract and retain the right competence is a prerequisite for Investor’s long-term success. Our network is key to finding the best board and management candidates for our companies as well as for 
recruitment to Investor. 

Risk Mitigating Actions: Investor’s Board and the boards in the portfolio companies continuously identify 
required key skills, to support the companies’ long-term ambitions and needs, and reach out to individuals with relevant industrial, functional and geographical knowledge to broaden the network. The ability to attract, retain and develop individuals is supported by several measures including a well-defined recruitment process, succession planning, a competitive and long-term approach to compensation, and a focus on development opportunities through the performance reviews.