| 5. Risks associated with client portfolios | ||||
|---|---|---|---|---|
| High ✔ | Medium | Low | ||
Contracts may be terminated on short notice. Clients are free to terminate their contracts with their communications agencies, after a relatively short notice period. Moreover, the Groupe‘s contracts with its clients are under constant threat from rival competitive bids. In addition, there is a trend towards operating on a project-by-project basis, a gradual reduction in the number of agencies working with an advertiser and the concentration of advertising budgets among a few leading agencies. Finally, with the intensification of corporate consolidation processes globally, the risk of losing a client following a merger and/or acquisition has become quite common. All of these factors contribute to the increased risk of a single event having significant consequences.
A significant percentage of the Groupe‘s revenue is derived from its major clients. In 2021, the Groupe’s top 5, 10, 30 and 100 clients accounted for 12%, 20%, 37% and 56% of the Groupe’s consolidated revenue, respectively (see also Section 6.6 “Notes to the consolidated financial statements”, Note 29 “Risk management”).
One or several large clients may decide either to switch advertising and communications agencies or to curtail its spending on advertising or even suspend it, at any time and without having to justify it. A substantial decline in the advertising and communications spending of the largest clients, or the loss of any of these accounts, could have a negative impact on the Groupe.
| 6. Risks of IT system failures and cybercrime | ||||
|---|---|---|---|---|
| High ✔ | Medium | Low | ||
The digital marketplace is expanding at an unprecedented pace, and the reliance on information technology has never been greater. This dependence entails risks for the Groupe, such as technical failure, a malicious attack, as well as possible internal threats that could lead to an interruption of services, the loss of personal data, or the manipulation or disclosure of confidential information.
System failures can be the result of both natural and malicious activities or a simple technical failure. These failures may impact the Groupe directly or impact one of its partners or suppliers. This can potentially lead to long periods of malfunction and hamper the Groupe’s ability to serve its clients.
Malicious attacks may take the form of denial-of-service attacks, or as generic or targeted ransomware-type attacks that directly impact the Groupe’s infrastructures or the systems of its suppliers or partners. The number of cyberattacks has been rising sharply since the mid-2010s, and 2020 marks an acceleration and an even more significant professionalization in the context of a pandemic and significant changes in working methods. Each of these has the ability to inhibit normal business operations and even suspend them for periods of time, as well as potentially infecting client deliverables and even their own network environments, thereby causing significant damage.
Finally, insider threats, although normally not malicious, can also be seriously detrimental to normal business operations. Untrained or ignorant staff can unwittingly share sensitive or personal information, or innocently fall prey to a variety of cyberattacks (phishing, spear phishing, CEO fraud, etc.). The malicious or disgruntled insider, while rare, can also inflict serious reputational or financial damage by purposefully releasing confidential and sensitive information or by committing acts of sabotage resulting in technical failure.
These risks of failure of information systems and cybercrime can have adverse consequences, including in terms of additional costs (remediation costs, contractual penalties owed to clients, regulatory fines) and potential loss of revenue and damage to the reputation of the Groupe, as well as leading to situations in which its legal liability is engaged.
