Corporate data shows that Japanese companies lag behind their U.S. and European counterparts when it comes to cybersecurity. The government’s new cybersecurity strategy aims to change that.
Mihoko Matsubara is an adjunct fellow at the Pacific Forum
Japan’s government recently launched an outline of its next cybersecurity strategy (in Japanese). The document is meant to both signal Japan’s cybersecurity priorities and solicit feedback from industry and civil society prior to the strategy’s release this summer. The government has updated its strategy every few years since the first one was released in 2013. The new strategy aims to improve the cybersecurity of Japanese critical infrastructure and encourage Japanese business to pursue cybersecurity best practices, both of which will help Japan’s economic growth and innovation.
A focus on improving cybersecurity in the private sector is central to the new strategy. Japanese industry lags behind its U.S. and European counterparts. According to government statistics, only 55 percent of Japanese companies conduct cybersecurity risk assessments, compared to roughly 80 percent in the United States and 65 percent in Europe. Similarly, only 27 percent of Japanese companies have a chief information security officer (CISO), a critical position that generally oversees a company’s cybersecurity efforts. By comparison, 78 percent of U.S. companies and 67 percent of European companies have CISOs. Japanese companies are ill prepared to confront cyber threats if just under half assess their risk and less than a quarter employ an advocate whose job it is to defend a company’s assets and identify security priorities.