As digitalization progresses and the environment surrounding financial services undergoes change, cybersecurity is becoming increasingly important. Aiming to provide customers with even safer, more secure services, we have established a cybersecurity management system and are reinforcing our security measures.
The Group’s system for ensuring cybersecurity is based on the “Standards for System Risk Crisis Management and Countermeasures,” which clarify responsibilities and roles, and countermeasures are implemented under the leadership of management. Specifically, we have set up the “Cybersecurity Response Team,” a dedicated, cross-organizational team comprising security managers from each Group company, which works as a Group to implement necessary measures. The team provides quarterly reports on its activities to the “Group Risk Management Committee.”
We determine the Group’s policy on cybersecurity countermeasures through deliberation by the “Group Risk Management Committee.” Based on the policy determined by the Committee, the “Cybersecurity Response Team” is working to improve its response to emergencies and its understanding of security levels in times of normality, both of which are essential for cybersecurity countermeasures.
In terms of our cybersecurity initiatives, we have formulated a cybersecurity roadmap and are engaging in relevant initiatives. To protect customers from cyberattacks that are becoming increasingly sophisticated and ingenious each year, we hold management-level discussions at the Group Risk Management Committee and update our cybersecurity roadmap each year to take appropriate action.
We are working to reinforce security measures for the services used by our customers by introducing systems to detect any unauthorized external access and conducting vulnerability assessments of our services. Moreover, to create an effective organizational structure, we host study groups for management inviting external experts every year, and conduct drills that simulate cybersecurity incidents.
Further, we have formulated a cybersecurity human assets development plan and are engaging in personnel development to continuously develop human assets with expertise and skills in cybersecurity. We create curricula based on individual skill levels, and alongside learning the Company’s operations, we dispatch trainees to Mitsubishi UFJ Financial Group, Inc., as part of the Chance System Uniform Promotion project, to improve their expertise and skills.