Management & facts

For us, comprehensive risk and opportunity management also means considering the opportunities and risks arising from ecological or social aspects, or from the management of our company (environment, social and governance – ESG ). We actively and systematically involve relevant stakeholders  in order to identify which current and potential ESG risks and opportunities are important for Deutsche Telekom. We also participate in a number of working groups and committees. We continuously track ESG issues and systematically ascertain our stakeholders’ positions on these matters.

Important tools we use for this purpose are:

• Our risk management system, which systematically identifies, evaluates, and adresses relevant risks
• Our (annual) evaluation of emerging risks, which provides an overview of new and long-term trends in external risks
• Our extensive analysis of physical and transitory risks (risks resulting from sudden adjustments to economic sectors due to climate change), which we align with the recommendations of the Task Force on Climate-related Financial Disclosures (TCFD )
• Our involvement in working groups and committees, numerous national and international business associations, and social organizations (GeSI , Federation of German Industries, Bitkom, econsense, and the German National Association of Senior Citizen’s Organizations, for example)
• Stakeholder dialog formats organized by us
• Our various publications, such as the media review and newsletters
• Our internal compliance evaluation, which also examines the most important sustainability risks
• We continue to develop our materiality process. Key factors for further development in 2022 included changed requirements laid down in the GRI standards in 2021, as well as requirements stipulated in the CSRD . In response, we also assessed our financial sustainability opportunities and risks, among others

In our annual report, we also provide information about the following issues, which we have identified as key aspects of our risk-and-opportunity management process:

• Climate protection
• Suppliers
• Healthcare

Emerging risks  are difficult to predict, because their future development is extremely uncertain. They involve events that are beyond our influence and control, such as geopolitical tension, new technologies, or macroeconomic factors. These risks are either new or become significantly more significant for our company over time. Even if they already impact our business today, their impact can grow in the long term (three to five years) and potentially impede most of our activities to a much greater extent in the future.     

We need to act early and effectively to identify and assess risks like this and protect our company and our customers from them. This could even require adjustment of our strategy and/or our business models to mitigate their impact. To enable us to respond to such risks comprehensively, our risk management system must systematically identify and assess these emerging risks, to derive mitigating measures.

We describe the emerging risks that are becoming increasingly important to us here.

Technological risk: Cyber attacks
Cyber attacks are increasing rapidly. The speed of digital transformation, machine learning, and computing capacity is growing exponentially. At the same time, the attacks are becoming increasingly specific and efficient. They are overtaking security fixes, with the result that the number of vulnerabilities that could be exploited by this kind of attack at our company is increasing.

The potential impacts of this risk include:

• Failure to protect our infrastructure and our customer data against cyber attacks
• A lack of knowledge among employees or excessively complex infrastructure can make it more difficult to prevent cyber attacks, such as those triggered by artificial intelligence
• Compliance with increasingly strict legal requirements for data retention and the data protection could affect our strategy or our business models.
• Financial losses can arise from new extortion techniques that are increasingly being used in attacks and demanding payments in cryptocurrencies, for example.
• Loss of reputation, because customers could lose trust in the quality of our communications services.

Our corrective measures include:

• Switching to more robust IT control environments
• Improving protection against widespread types of attacks
• Deploying machine learning technology (artificial intelligence) to identify attacks
• Improving reactivity when defending against identified attacks
• Raising awareness of cyber attacks among our customers
• Better recognition of malware and improvement of user authentication techniques

Environmental risk: Weather extremes
Advancing climate change will increase the intensity and frequency of extreme weather events. The related physical effects include warming oceans, higher heat and humidity, increased average temperatures, heavy storms (wind, lightning, hail, tornadoes, and hurricanes), and heat waves – which in turn can result in natural disasters like flooding and drought.

The potential impacts of this risk include:

• Flooding of river basins and coastal areas due to heavy rainfall, which can destroy or seriously damage our base stations, network nodes , and other infrastructure
• Tornadoes and hurricanes that can cause significant damage to data centers, cell towers, office buildings, and our retail outlets
• Heavy storms can also damage or destroy cell towers, particularly at higher-elevation sites.
• Forest fires and heat waves can damage or destroy nearby cell towers or locations of our network technology.
• Infrastructure that is not robust enough to withstand these tougher conditions in the long term
• Reduction in the stability of our power supply

These impacts can result in longer and more frequent network outages, which in turn have the potential to lower our revenue, increase our churn rate, and damage our reputation. In addition, additional investments will be necessary to adapt our processes and make our infrastructure more robust. The costs of insurance cover for such events will likely increase steadily over time.

Our risk mitigation measures include:

• Better methods for predicting when and where potential disasters might occur in future
• Identifying weak points in our cell towers and other infrastructure
• Eliminating identified weak points in our infrastructure to withstand higher wind speeds and temperatures Designing more robust network infrastructure in areas that are particularly susceptible to such disasters
• Installing emergency power supplies for all critical network elements, to avoid network outages and reduce downtimes
• Improving our plans for maintaining operations and for disaster recovery for scenarios in which such outages might occur

Business risk: Infectious diseases/pandemics
Outbreaks of disease and pandemics cannot be predicted. Nonetheless, historical data shows that regional and global pandemics have become increasingly frequent over the past decades. A new sickness or virus can spread quickly, become a pandemic, and drastically impede global economic growth. This can affect multiple industry sectors and supply chains and have significant impacts on the way we live and work.

The potential impacts of this risk include:

• Increasingly delayed deliveries and payments, as well as payment defaults among business customers and consumers, increasing our bad debts
• Restrictions in the public sphere could force our stores to close and affect sales and services for our customers
• Travel restrictions could affect our roaming traffic volumes and our revenue
• Customer growth could be curbed, because it is difficult to acquire new customers
• Companies may need to reduce their orders of IT services and devices
• Restrictions to social contacts (distance learning and working from home) could overload our networks and reduce their efficiency
• In the case of a severe pandemic, coupled with restrictions, our workforce could be reduced temporarily or permanently

Our corrective measures include:

• Monitoring of relevant developments by our Group Situation Center
• Organization of crisis management and task forces
• Issuance of pandemic guidelines
• Provision of suitable hygienic and personal protective equipment for sales outlets, offices, and network infrastructure sites
• Ramping up and hardening our networks to handle additional peak loads in voice and data traffic
• Protecting our customers and employees through mobile working, online sales, and online customer service