”The ‘Safe’ Zone and Other Challenges to Japan’s Cybersecurity Governance Efforts”

There has been notable increased concern about protecting ICT systems from cyber attacks not only in Japan but over the globe the past years given that using IT is now even more important for corporate profitability.  Cyber attacks can cause serious financial loss through theft of information, disruptions and other unlawful actions. Protecting ICT systems and their contents is  crucial for any 21st Century business or company. In response to this, companies now have to invest more in cybersecurity as a corporate strategy.

Progress in Japan’s cybersecurity activities is underway. For example, The Ministry of Economy, Trade and Industry (METI) formulated the Cybersecurity Management Guidelines with the Information-technology Promotion Agency, Japan (IPA). It is expected that these measures for cybersecurity will be promoted under the leadership of corporate managers based on the Guidelines. [ To facilitate this process, BDTI will hold a Japanese-language seminar on 10/5. Speakers will include the head of METI’s division handling cyber-security matters, a BDTI director sitting on the key committee; and lawyers familiar with global cyber-security legal risk issuess.  See: https://bdti.or.jp/news/10-05-cyber-seminar/  to sign up for the seminar. ]

Glenn Davis: ”Prioritizing Cybersecurity: Five Questions for Portfolio Company Boards”

”As the frequency and severity of cyber attacks against global businesses continue to escalate, both companies and their investors are coming to terms with a grim reality: Data breaches, or cyber incidents, are no longer a matter of if but when. Having put to rest rose-colored notions of eliminating this threat, investors are looking to boards for leadership in addressing the risks and mitigating the damage associated with cyber incidents.

Cybersecurity is an integral component of a board’s role in risk oversight. Directors have the authority, capacity and responsibility to make pivotal contributions in this area by ensuring adequate resources and management expertise are allocated to robust cyber risk management policies and practices, and ensuring disclosure fairly and accurately portrays material cyber risks and incidents.

Ferillo & Veltsos: ”Grading Global Boards of Directors on Cybersecurity”

On April 1, 2016 NASDAQ, along with Tanium (a leading-edge cybersecurity consultant), released a detailed survey of non executive (independent) directors and C-suite executives in multiple countries (e.g., the US, UK, Japan, Germany, Denmark, and the Nordic countries) concerning cybersecurity accountability. [1] NASDAQ and Tanium wished to obtain answers to three basic questions: (1) how these executives assessed their company’s vulnerabilities to cybersecurity threat vectors; (2) how they evaluated their company’s readiness to address these vulnerabilities; and (3) who within the company was held “accountable” for addressing these cybersecurity vulnerabilities.

CII’s ”Investor Guide to Engagement on Cyber Risk”

Foreword:

As the frequency and severity of cyber attacks against global businesses continue to escalate, both companies and their investors are coming to terms with a grim reality: Data breaches, or cyber incidents, are no longer a matter of if but when. Having put to rest rose-colored notions of eliminating this threat, investors are looking to boards for leadership in addressing the risks and mitigating the damage associated with cyber incidents.

Lexology: ”U.S. Bill Would Prioritize Cybersecurity at the Board Level”

”In recent years, there has been an increase in the frequency and sophistication of cybersecurity attacks on both businesses and governments. There has also been an increased interest in government regulation of cybersecurity to protect the public from data breaches. Recently, two American Senators – one Democrat and one Republican – introduced a bill that would require publicly traded companies to have a cybersecurity expert on their board, or explain why having such a board member is unnecessary.

FSA ”The Policy Approaches to Strengthen Cyber Security in the Financial Sector (Summary)”

FSA

”The Financial Services Agency (FSA) has been conducting the supervision and inspection regarding cyber security management as a part of system risk control, etc. The threat of cyber attacks is a significant risk for the stability of the financial system. It is necessary to enhance the resilience of the financial system by strengthening the cyber security of not only each financial institution but the financial industry as a whole………..”

Japanese Government Announces its Strategy on Cybersecurity – But Most Japanese Boards Lag

The Japanese government has announced its policy/strategy on cybersecurity, one of the most important emerging risk topics in foreign board rooms nowadays. The same level of concern has not quite made its way to Japanese board rooms. (Nine months ago when BDTI held a seminar on this subject, only about 25 people showed up, and most of them were from IT departments.)

An English version of the policy is available here:

http://bit.ly/1Ohj4RU