32816-Lucy-Group-AR-2025 web ready spreads_FINAL

Risk Management continued

STRATEGIC REPORT

Risk and impact

Mitigation/controls

Risk and impact

Mitigation/controls

1. Strategic

4. Financial

The Group strategy does not deliver sustainable business growth and profits.

Failure of the business to deliver the cash flows forecasted; inherent currency and inflationary risks and management of those risks; customer and supplier credit risk; and losses arising from fraudulent or dishonest activity. Tariff changes in some core markets may reduce demand, and push up costs leading to pressure on margins.

Treasury strategy is defined in the annual accounts and we have implemented supporting policies and procedures. Management regularly reviews cash flow to ensure the business has access to adequate funds to continue with its operations. The Group has regular contact with its lenders to ensure adequate medium-term financing to support its business operations for the foreseeable future. Loan covenants are regularly monitored. The Group maintains significant cash balances and has access to further credit facilities to ensure sufficient liquidity. The current trading patterns across the business give a natural hedge to most of our currency exposure; we continue to monitor this position and will implement appropriate hedging strategies as necessary. The Group reviews potential mitigating actions for its long-term pension risk and consults professional advisers as necessary. There is a whistleblowing policy in place to enable employees to highlight fraudulent or dishonest activity.

The Board regularly reviews business strategy, annual budgets and longer-term financial plans to ensure the business has the necessary resources. The Board spends significant time formulating, reviewing and communicating our strategy to ensure that our approach delivers sustainable returns. The governance of the business is reviewed, with management teams continuously strengthened and developed. We also look for opportunities to acquire businesses and talent that will help deliver our strategy.

2. Business continuity

Prolonged interruption caused by key suppliers, political unrest, pandemics, natural disasters and extreme weather events, terrorism or conflict.

The Group has developed business continuity, disaster recovery and crisis plans, which it continues to appraise, test and refine. The Group has learnt from disruptive events across the globe and this will help to inform our response should another arise, along with shaping business decisions. Group management also works with local governments and agencies to protect our employees’ wellbeing.

5. Product design

The success of the Group depends on providing high-quality products that meet our customers’ needs. There are always inherent risks in the introduction of new technologies and entry into new markets.

Executive Directors and senior management continually review product development programmes to ensure that, as far as possible, they will successfully meet business objectives and customer requirements. There is ongoing investment in designing and building innovative and sustainable products, applications and services for the Group’s markets.

3. People

Ensuring that we retain and attract the required talent to continue to achieve our strategic goals, while embedding a performance culture.

The business has robust policies and procedures in place for recruiting individuals. The retention of key employees is important for long-term stability and success. Training and mentoring is provided for employees to ensure they can fulfil their potential and support business success. Training is assessed and developed to align with employee development and business requirements. We have a well-defined and published set of values, as well as information on how this supports our wider Group culture, to make Lucy Group an attractive place for people to work. Regular performance reviews are held to identify development needs and career opportunities aligned to business needs. We undertake workforce and succession planning to ensure that the right individuals are in the right roles.

6. IT systems and cybersecurity

We have implemented strategies to give our core IT platforms the resilience required. A third party may seek to disrupt business either through external attacks to our systems/products or by seeking to steal IP or sensitive data from us. State-sponsored actors may also seek to disrupt businesses, especially in the sectors we service. Changing attack vectors to focus on social engineering to acquire credentials to infiltrate business systems. Significant prolonged outages of core systems may affect the efficiency of the business operations.

We use various system protections to reduce the threat from third parties, with ongoing assessment and analysis of risks and potential remediation to mitigate them. The Group IT team consists of high-quality, trained individuals tasked with ensuring systems’ resilience and ongoing investment to prevent obsolescence within our key operating systems. All employees regularly receive information security training, which is frequently assessed and developed to ensure it remains relevant and appropriate, and evolves to inform employees of emerging trends. We continue to work with third parties to assess the security of our systems and products and, where necessary, act upon issues raised by these parties. Group has achieved Cyber Essential Plus accreditation and ISO 27001. Systems security policies and procedures are embedded within the business.

62

|

Lucy Group Ltd Annual Report & Accounts 2025

LUCYGROUP.COM

|

63