Cybersecurity

Recognizing cybersecurity as one of the important management issues, with the Group Chief Information Security Officer (CISO) as the supervisor under the leadership of management, the Group companies in Japan and overseas are unitedly maintaining a management system. Reports and discussions are also held twice a year by the Board of Directors, where outside directors with IT expertise also participate.

Specifically, we are promoting countermeasures by adopting global standard frameworks and standard architectures such as ISO 27001^※1 and NIST SP800. Ours basic ideas and compliance standards are determined from the perspective of people, processes, and technologies, and include constant monitoring, log analyses, periodic vulnerability-scanning, penetration tests, and risk assessments.

Furthermore, to prevent, detect, and respond to cyberattacks that are becoming more sophisticated year by year, we use the PDCA cycle to formulate and execute improvement plans in response to issues identified in this process, while taking into account the amount of risk at each group company, intelligence gained from inside and outside the group, and the application of new technologies.

Under the Tokio Marine Group CSIRT^※2, the entire Group has also been divided into three regions̶North, America, Europe, and Japan/Asia̶and we are consolidating our organization and standardizing our technologies and processes at a high level. each region carries out regular countermeasures such as employee training, including security monitoring on a daily basis, cyber drills (conducted multiple times a year mainly for relevant parties), targeted e-mail drills (conducted multiple times a year for all employees), etc. Also, in the event of a cyber incident, each region strives to establish an efficient and effective system by identifying the scope of the impact and promptly implementing initial responses, recovery, and recurrence prevention measures to prevent the spread of damage while cooperating with other regions.

A group-wide committee made up of security experts gathers knowledge from around the world and promotes advanced security measures to support our customers and society in their times of need.