DNFP_2018_English

2018 DECLARATION OF NON-FINANCIAL PERFORMANCE OF THE DESCOURS & CABAUD GROUP 23 THE RISK FACTORS, THEIR CONSEQUENCES AND THEIR MEANS OF CONTROL Information security relies on four components that must be guaranteed at all times: • Availability: guaranteeing that data is accessible, among other things to be able to meet our customers' requirements as soon as possible. Unavailability of information has a direct financial impact on the business and on turnover. This may be due to external causes, such as cyber-attacks targeting our e-commerce services, but may also be due to technical problems affecting our computing and network equipment, or even human causes, whether due to human error or to malicious acts. • Integrity: integrity consists in guaranteeing the accuracy and completeness of the data, and ensuring that its content and form are not altered when it is transmitted, processed and stored. One must therefore be certain that the data is accurately readable in its entirety. Loss of data integrity can have operational and financial impacts on our business, lead to fraudulent acts and have legal repercussions (breaches of contracts). Loss of data integrity may for instance be caused by a vulnerability in access control that enables illegal handling. • Confidentiality: the fact of guaranteeing that the information can only be accessed by duly authorised people. Loss of confidentiality, leading to disclosure to unauthorised people, can have financial repercussions on our business, legal impacts (non-observance of our obligations), but also impacts on the company's image. Loss of confidentiality is generally caused by poor access controls or inadequate data protective measures. • Traceability: this consists in having proper oversight of actions that could allocate the quality of the information. In the event of an incident, it is essential that the company analyses its causes and effects with a view of taking corrective and preventive measures. The inherent impacts are of an operational nature (for instance, inability to detect an intrusion on an e-commerce site) and potentially of a legal nature (for instance, inability to detect breaches of personal data). A lack of oversight is generally caused by a lack of technical and organisational resources. Any information loss of compromise can deal a devastating blow to the company, which must then make every attempt to protect its information against external or internal threats: • Data leakage through internal elements, namely a theft of information and disclosure to third parties who normally should not be able to access it. • Espionage , which may be carried out with a view to stealing the company's data, such as prices, work methods, particular know-how. For instance, a great many companies unknowingly disclose their most confidential information to their competitors every day. • Sabotage , which may aim to deny access to, destroy or falsify the company's data.