Cyber and information security risk

Cyber and information security risk is an increasingly material risk that continuously evolves. Security incidents, cyber attacks, hacking or data leakage may have a direct negative impact on the operations of  Investor and the portfolio companies.

Risk mitigating actions: The Board has adopted an Information security policy. The Executive Leadership 
Team has implemented procedures and continuity plans to identify, protect, detect, recover and respond to incidents. Investor assesses regularly its risk profile and invests continuously to protect its systems and improve recovery plans. Investor follows up on the subsidiaries’ cyber security maturity and resilience. To increase awareness in the organization, employees are trained. Status and actions are regularly reported to and discussed within the Audit and Risk Committee.

Key personnel/succession risk

The ability to attract and retain the right competence is a prerequisite for Investor’s long-term success. The risk of not being able to attract the right people could have a negative impact on both Investor and the 
portfolio companies. 

Risk mitigating actions: Our network is key to finding the best board and management candidates for our companies as well as for recruitment to Investor. Investor’s Board and the boards in the portfolio companies continuously identify required key skills, to support the companies’ long-term ambitions and needs, 
and reach out to individuals with relevant industrial, functional and geographical knowledge to broaden the network. The ability to attract, retain and develop individuals is supported by several measures including a well-defined recruitment process, succession planning, a competitive and long-term approach to compensation, and a focus on development opportunities.