A Glimpse into Private-Sector Cybersecurity in Japan
Review of Shinichi Yokohama’s “Keiei to Saiba Sekyuriti—Dejitalu Rejilienshi [Business Management and Cybersecurity – Digital Resiliency for Executives]” (Nikkei BP, 2018).
The traditional approach in Japan by the large-scale corporate sector to addressing national technology policies—such as cybersecurity requirements—that will inevitably affect wide swathes of industry has been to await instructions from government regulators. The approach of large American corporations, by contrast, has long been to engage proactively and publicly with government agencies, through their own corporate policy teams or industry-wide trade associations, with the aim of being part of policy and regulatory formation. Industry and particular corporate businesses bring their own agendas and goals to the American public policy conversation, to be sure. They also bring important technical and operational knowledge of the issues and policy choices—ever more so in a world dominated by increasingly complex technologies.
Thus it is rare, even today, for a Japanese company to have its own in-house public advocacy team. Although there are informal ways in which the corporate sector communicates its views, the formation of public policies that impact government itself; the Japanese public and society; and the worldwide consumers, clients, and business partners of Japanese companies remains largely in the hands of regulators. These regulators often lack the technical and operational knowledge that the private sector possesses, even as government policymakers make policy for society and the economy as a whole.