High ✓ Medium Low
Contracts may be terminated on short notice. Advertisers are free to terminate their contracts with their communications agencies, after a relatively short notice period. Moreover, the Groupe’s contracts with its clients are under constant threat from rival competitive bids. In addition, there is a trend towards operating on a project-by-project basis, a gradual reduction in the number of agencies working with an advertiser and the concentration of advertising budgets among a few leading agencies. Finally, with the intensification of corporate consolidation processes at the global level, the risk of losing an advertiser following a merger and/or acquisition has become quite common. All of these factors contribute to the increased risk of a single event having significant consequences.
A significant percentage of the Groupe’s revenue is derived from its major clients. In 2020, the Groupe’s top 5, 10, 30 and 100 clients accounted for 13%, 20%, 37% and 56% of the Groupe’s consolidated revenue, respectively (see also Section 6.6 “Notes to the consolidated financial statements”, Note 29 “Risk management”).
One or several large advertisers may, at any time and for any reason, decide either to switch advertising and communications agencies or to curtail its spending on advertising or even suspend it, at any time and without having to justify it. A substantial decline in the advertising and communications spending of the largest advertisers, or the loss of any of these accounts, could have a negative impact on the Groupe.
High ✓ Medium Low
The digital marketplace is expanding at an unprecedented pace, and the reliance on information technology has never been greater. This dependence entails risks for the Groupe, such as technical failure, a malicious attack as well as possible internal threats that could lead to an interruption to services, the loss of personal data, the manipulation or disclosure of confidential information.
System failures can be the result of both natural and malicious activities or a simple technical failure. These failures may impact the Groupe directly or impact one of its partners or suppliers. This can potentially lead to long periods of malfunction and hamper the Groupe’s ability to serve its clients.
Malicious attacks may take the form of denial-of-service attacks, generic or targeted ransomware-type attacks that directly impact the Groupe’s infrastructures or the systems of these suppliers or partners. The number of cyberattacks has been rising sharply since the mid-2010s, and 2020 marks an acceleration and an even more significant professionalization in the context of a pandemic and significant changes in working methods. Each of these has the ability to inhibit normal business operations and even suspend them for periods of time, as well as potentially infecting client deliverables and even their own network environments, thereby causing significant damage.
Finally, insider threats, although normally not malicious, can also be seriously detrimental to normal business operations. Untrained or ignorant staff can unwittingly share sensitive or personal information, or innocently fall prey to the numerous cyber-attacks (phishing, spear phishing, CEO fraud, etc.). The malicious or disgruntled insider, while rare, can also inflict serious reputational or financial damage by purposefully releasing confidential and sensitive information or by committing acts of sabotage resulting in technical failure.
These risks of failure of information systems and cybercrime can have adverse consequences, including in terms of additional costs (remediation costs, contractual penalties owed to clients, regulatory fines) and potential loss of revenue and reputation for the Groupe, as well as leading to situations in which its legal liability is engaged.