#Japan #Tokyo #Corporate Governance #Cybersecurity Index #Japan IT Federation

Japan IT Federation Announces Cybersecurity Index Company Survey 2025

The Japan IT Federation (JITF), a leading collective of IT organizations in Japan located in Chuo, Tokyo, has unveiled the findings of its Cybersecurity Index Company Survey for 2025. This initiative is spearheaded by the federation's Cybersecurity Committee, chaired by Masahiro Shimomura, and conducted by the corporate evaluation subgroup led by Mitsuhiko Maruyama.

The primary objective of this survey was to assess the cybersecurity commitments and information disclosure practices of companies included in the Nikkei 500 index. This aligns with the federation's goal of improving security levels as a corporate social responsibility across the entire supply chain. To facilitate this, the survey encouraged the disclosure of cybersecurity measures within publicly available reports such as securities filings and corporate governance reports.

The comprehensive evaluation included analysis of the information disclosed about cybersecurity efforts, personal data protection, responses from questionnaires, and assessments from attack surface diagnostic tools. As a result, the survey identified 72 companies demonstrating commendable practices and transparency regarding cybersecurity, granting them a 'rating', similar to a star-rating system for their efforts.

Among these, 18 companies were recognized with a two-star rating due to their outstanding and continuous commitment to cybersecurity practices and information disclosure. The two-star companies recognized by the Cybersecurity Index Company Survey 2025 include:

• - SCSK
• - Osaka Gas
• - Canon Marketing Japan
• - KDDI
• - Secom
• - SoftBank
• - SoftBank Group
• - Dai Nippon Printing
• - TIS
• - Toppan Holdings
• - Trend Micro
• - NEC
• - NTT
• - Nippon Steel Solutions
• - Fujitsu
• - Fujifilm Holdings
• - Hitachi
• - Ricoh

Additionally, another 54 companies were identified as having solid practices and disclosure methods, earning them a single-star rating. These include notable names such as:

• - ANA Holdings
• - Itochu Corporation
• - Internet Initiative Japan
• - EXEO Group
• - SBI Holdings
• - Omron
• - Kawasaki Heavy Industries
• - Kansai Electric Power
• - Canon
• - Kyocera

... and others, ultimately underlining the growing commitment to cybersecurity.

Survey Overview

The Cybersecurity Index Company Survey focused on the following key aspects:

• - Survey Target: Companies listed in the Nikkei 500 index as of July 1, 2025.
• - Methodology: Internet research and questionnaire surveys were conducted from July to September 2025.
• - Content of Research: Assessment of disclosures in securities reports, corporate governance reports, third-party certifications, and the use of attack surface diagnostic tools.

- Research Collaboration: Conducted in collaboration with SecurityScorecard, Inc.

The detailed report is available in both Japanese and English, and it contains comprehensive insights into the findings of the survey.

Upcoming Online Seminar

Furthermore, the JITF plans to present more detailed findings from the Cybersecurity Index Company Survey 2025 during an online seminar titled “Enhancing Corporate Value through Cyber Risk Disclosure,” scheduled for February 26, 2026. This event is free of charge, but prior registration is required. Those interested can register via the following link: Online Seminar Registration.

The seminar will feature keynotes and discussions aimed at elucidating the current state of cybersecurity policy in Japan and insights from industry experts.

Inquiries regarding the survey can be directed to the Cybersecurity Committee at the Japan IT Federation via email: [email protected].