47153 AG Barr Annual Report 2025 AW4 SQ WEB - Flipbook - Page 61
Strategic Report
Strategic priorities:
Connecting with consumers
Movement:
Corporate Governance
Building brands
No change
Accounts
Driving efficiency
Increased
Risk
Impact
Gross risk movement during the year
Controls and mitigating actions
Failure of critical IT
systems or a breach
of cyber security
A failure of critical IT systems could result
in a loss of key systems, business interruption,
lost sales or lost production. A cyber security
breach (both within our network and at
third parties) could lead to operational
disruption, loss of data, financial loss
and reputational damage.
The external cyber risk environment continues
to evolve at pace, with new advancements
in technology such as artificial intelligence
presenting new threats requiring an
appropriate mitigating response. The risk
of cyber attacks continues to increase on
an ongoing basis however our mitigating
activities have also proportionately increased
to ensure no change to the net risk rating.
IT assets within the Group are proactively
managed and procedures exist that support
effective and efficient recovery. Robust business
continuity plans and contingency measures are
in place and are regularly tested. Appropriate
processes and controls related to IT systems
resilience and recovery capability are in place.
Net risk
rating
Building trust
Decreased
New
Net risk movement
during the year
Moderate
Appropriate cyber risk monitoring controls are
in place and various actions have been taken
during the year to mitigate cyber security related
risks and facilitate business recovery in the event
of an attack.
Employee awareness campaigns continued
during the year to increase employee cyber risk
awareness. Employees are required to complete
cyber security awareness training on an annual
basis. A Digital Governance Group is in place,
overseen by the Risk Committee, the purpose
of which is to manage the risks related to the
Group’s externally facing digital properties.
An information security dashboard is reviewed
bi-monthly at every Risk Committee. A review
of cyber risk is presented to the Risk Committee
twice each year.
Failure of the
Group’s operational
infrastructure
A catastrophic failure of the Group’s
major production or distribution facilities
could lead to a sustained loss in capacity
or capability.
No change
Assets within the Group are proactively managed Moderate
and maintained. Risk assessments are carried out
on a regular basis and appropriate actions taken.
Robust business continuity plans are in place
and are tested annually. The business continuity
employee training programme continued during
the year.
59
