Mercia is... Ambitious - Annual Report and Accounts 2021

b'44 Mercia Asset Management PLC Annual Report & Accounts 2022Principal risks and uncertainties continuedRisk Possible consequences MitigationHigh inflation rates putCost increases add pressure toThe SME portfolio companies are well led and well increased pressure onthe liquidity of SME portfoliofunded, with proportionally modest cost bases and are both portfolio companiescompanies, increasing the risk oftherefore resilient to short-term liquidity pressures.and Mercias cost base,failure where the costs cannot beThe Groups cost base is largely made up of staff costs, principally salaries, costpassed onto customers. with a highly competitive staff remuneration package of goods sold and otherAn increase in Mercias cost baseoffered, including the potential to receive performance-operating costs. puts adverse pressure on the short- related bonuses, share options and other benefits, such term financial performance of as an electric company car scheme.the Group. Breaches of the GroupsCyber security or infrastructureThe Group reviews its infrastructure and cyber security digital security, throughfailures may result in the lossprocesses with its outsourced IT provider on a regular cyber attacks or a failureof data, misuse of sensitivebasis, and continues to invest in resources to enhance of the Groups digitalinformation, reputational damageits cyber defences and improve network monitoring infrastructure, couldand legal or regulatory breaches. to minimise the impact of any security breach. The result in the loss ofAttacks on portfolio companiesGroup uses Office 365 which, combined with the use of commercially sensitivecould, in addition, result in the lossSharePoint, enables the secure storage and sharing of data and/or createof valuable intellectual property ordata internally.substantial businessbe disruptive to business activities. Business continuity plans and disaster recovery disruption. contingencies are tested and have proved to be The incidence of cybereffective to support remote working during the crime attempts andCOVID-19 related lockdowns.reports from portfolio companies has increasedThe Group continues to work with its cyber security in the wake of COVID-19consultants to periodically test its cyber defences.and in light of the war inRegular testing is conducted through using fake phishing/Ukraine with the potentialspam emails to test staff ability to identify suspicious for Russian-backed cyberemails and the need for prompt escalation.crime or sabotage.Our IT providers have enhanced their utilisation of software patches when issued so that upgrades are made immediately, which increases resilience. Darktrace technology is installed to monitor spam filters and also to monitor network activity by internal users, such as downloading data, thereby alerting senior management to any suspicious activity.We have identified IT systems with offshore hosted servers and taken steps to ensure resilience and back-up arrangements.'