Our Group has established SUMIBE-CSIRT, a cross-organizational body to prepare for the occurrence of information security incidents, to share topics through regular meetings, formulate preventive measures to prevent information security-related incidents, and develop response procedures in the event of an incident. When an incident occurs, it is designed to respond to the situation, including management, and to cooperate with external security-related organizations.

Specific measures to prevent information security incidents include thorough response to vulnerabilities that may become targets of unauthorized attacks, detect risk through the introduction of security products, and constantly monitor cyber-attacks, and security assessments by external organizations. In addition, we participate in external organizations that share information and strengthen our response to cyber-attacks, including the Initiative for Cyber Security Information Sharing Partnership of Japan (J-CSIP) and proactively obtain related information. We will continue to establish a globally coordinated incident response system with the support of external security companies.

Furthermore, we are working to strengthen prevention of information security incidents and raise awareness of information security, such as by issuing alerts within the Group as appropriate to imminent cyber risks and conducting regular information security training for all officers and employees in Japan and overseas based on cyber risk trends.

In order to minimize damage in the event of a security incident and recover quickly, in addition to in-house internal incident response drill, we are also working to strengthen our system by participating in joint drills with external organizations.

We will promote acquisition of the national certification “Registered Information Security Specialist” as measure to improve the skill sets of our in-house information security staff. We will also promote the assignment and development of security personnel at bases outside Japan.

For the number of critical security incidents, information security training participation rate, the number of times information security incident response drills were conducted, and other data, please refer to Detailed Data Related to Sustainability (Governance) > Risk Management Data.