Horizon Group — Annual Report · 2025 14 / 15

Risk Management

Horizon Group maintains a single enterprise risk register covering strategic, operational, financial, and compliance risks. The audit committee reviews the register quarterly, every material risk has a named owner on the executive committee or one level below, and mitigation progress is reported alongside the financial results. The 2025 review confirmed five principal risks; cyber resilience and supply-chain concentration received elevated attention.

Principal risks and mitigation

Executives in a scenario-planning workshop
The annual scenario-planning workshop in Bern, November 2025.

From register to routine

Twice a year, the executive committee runs a full-day scenario exercise against the register’s top risks — in November 2025 the scenario combined a supplier failure with a two-week cyber outage. The findings feed directly into the following year’s mitigation budgets, which the audit committee approves alongside the financial plan.

Risk heat overview

Risk Trend Likelihood Impact Owner
Cyber resilience Rising Possible High Chief Technology Officer
Supply-chain concentration Stable Possible High Chief Operating Officer
Currency exposure Rising Likely Medium Chief Financial Officer
Talent availability Stable Likely Medium Head of Human Resources
Regulatory and trade policy Rising Possible Medium General Counsel
Risk culture is not the register — it is what happens when no one is looking at it. The board’s task is to make sure the two never drift apart.
Prof. Anna Vogel
Prof. Anna Vogel
Chair of the Board