Business risks/Information Systems and cybersecurity | |
---|---|
Risk identification | Risk management |
In a context of digital transformation and constant development of the Information Technologies and their uses, the Group’s business activities, expertise and, more generally, its relations with all stakeholders in its social and economic environment, depend on an increasingly virtual and digital operation. As a result, the malfunction or shutdown of these systems, the leakage or destruction of data for exogenous or endogenous reasons (including cyberattacks, malicious acts, hacks, etc.) internally or at a third-party of the Group could have a material impact on the Group’s business activities. |
The IT Department has implemented strict security rules for infrastructures, devices and applications. Furthermore, to adapt to the development of new ways of communication and collaboration, L’Oréal has introduced an Information and Communication Technologies Code of Practice. To deal with the growing cyber-threats, L’Oréal continuously strenghten the resources dedicated to information system security. A multi-year plan aimed at reducing the level of risk from cyberthreats and strengthening the maturity of risk management was therefore set out. This plan relies in particular on anti-intrusion solutions, regular read teaming and penetration tests, an information system security audit programme, the protection of sensitive assets and global supervision to detect malicious activities. L’Oréal’s security focus is constantly adjusted to deal with new threats of cyberattacks. For example, the Group is increasingly investing in incidents detection and reactions systems and proceeds to regular reviews of the effectiveness of these solutions. Online training in cybersecurity best practices is available for all eligible employees (more than 42,000 employees, i.e. 73% of eligible employees, have received training via a new e-learning module published at the end of 2021). Specific trainings are also available for other employees. In addition to regular communication throughout the year, the Group conducts an annual global awareness campaign called Cyberweek. Management of risks related to data is described in the “Data” risk section. |
Business risks/Geographic presence and economic and political environment | |
---|---|
Risk identification | Risk management |
L’Oréal is a global corporation that has subsidiaries in 76 countries. More specifically, the global development of the cosmetics market has led L’Oréal to develop its Travel Retail business and its business in countries of North Asia, which represented 29,6% of sales in 2022, SAPMENA-SSA (South Asia Pacific, Middle East, North Africa, Sub-Saharan Africa) 7,7% of sales, and Latin America (6,2% of sales). Because of this globalisation, political or economic disruption (strong economic slowdown due, for example, to geopolitical tensions, sustained high inflation, international trade tensions or sovereign debt crises) in countries in which the Group generates a significant portion of its sales could have an impact on its business activities. As regards Russia’s invasion of Ukraine at the beginning of 2022, depending on its duration and extent, the conflict could impact economic growth worldwide and, consequently, affect the markets in which the Group operates. The impact and management of inflation and currency risks, and those associated with economic sanctions policies, are described in the risk factors entitled “Inflation and currency risk” and “Risk of non‑conformity” respectively. The impact and management of the risk related to Covid-19 are described in the “Sanitary crisis” risk factor. |
L’Oréal’s global presence and its portfolio of 36 major international brands helps to maintain a balance in sales and offsetting between the geographic zones, product categories and distribution channels (details on sales from the zones are presented in section 1.3.). With regard to the crisis in Ukraine and Russia, L’Oréal is closely monitoring the situation and its potential for adversely impacting the global economy and, in particular, its business activity (see section 1.3.1.). |
Business risks/Crisis management | |
---|---|
Risk identification | Risk management |
Prejudicial events or information mainly related to the use or misuse of a product, or an inappropriate individual behaviour, whether proven or not, could affect the reputation of L’Oréal, its 36 major international brands and its products and, as a result, affect sales and, more generally, its financial position. The impact of the risk could be amplified, notably, by:
The impact and management of risk associated with social selling, particularly via influencers, are described in the risk factor entitled “Evolution of sales channels”. |
L’Oréal has set up a system of:
The deployment of the Code of Ethics throughout the Group aims at reinforcing the dissemination of the rules of conduct which form the basis of L’Oréal’s integrity and ethics. These rules of conduct seek to guide actions and behaviour, inspire choices and make sure that the Group’s values are reflected in the everyday acts of each employee. L’Oréal has implemented a “Code of Good Practice for the Use of Social Media” for its employees. |