Declaration of Cyber Security Management
At Resona Holdings and Group companies*, we recognize the necessity of maintaining cyber security as outlined in Keidanren’s “Declaration of Cyber Security Management,” which states, “from the dual perspectives of creating value and managing risk, cyber security measures are now a key management priority for all companies.” We have developed our own Cyber Security Management Declaration (“the Declaration”), and in accordance with the Declaration, we will promote further enhancement of cyber security measures led by our executive management team in order to address increasingly serious and sophisticated cyber threats.
1. Recognition of Cyber Security as a Responsibility of Management
The executive management team will enhance their own understanding of the latest cyber security circumstances and actively engage in management that positions cyber security spending as an investment. In addition, it will take responsibility for cyber security measures while recognizing that cyber security is a critical management issue, confronting realities, addressing risks, and exercising leadership.
We have positioned measures to address cyberattacks as critical management issue and will promote countermeasures against cyberattacks based on deliberations and validations through executive committees and board meetings to ensure safe and secure financial services are available to our customers.
2. Development of Management Policies and Declaration of Commitment
We will develop management policies and business continuity plans aimed at prompt recovery from security incidents while prioritizing detection, response, and recovery, in addition to identifying and protecting against risks. The executive management team will take the lead in declaring the company’s commitment to internal and external stakeholders and make every effort to voluntarily disclose recognized risks and measures to deal with them, in corporate reporting.
Specifically, a dedicated unit (Resona-CSIRT) has been created to perform duties in preparation for cyberattacks during normal times and emergencies. Its duties include cyberattack related information gathering, analysis, and procedures and manual development, in addition to conducting periodic drills and training as well as performing reviews of the contingency plan. Additionally, it discloses measures on enhancing security through disclosure reports and other means.
3. Establishment of Internal and External Systems and Implementation of Security Measures
We will ensure sufficient resources including budget and personnel, establish internal systems, and take necessary human, technical, and physical measures, as well as develop human resources and conduct training required for those at every level, including management, corporate planning staff, technical specialists, and other employees. Moreover, we will strive to manage cyber security throughout domestic and international supply chains, including at business partners and outsourcing contractors.
Specifically, we will analyze risks of cyberattacks and strive to continuously enhance security and cultivate specialist human resources. In addition, we will foster human resources at every level through training including for management and Group companies.
We will take measures to evaluate the implementation status of cyber security measures taken within our supply chain, both domestic and international, including our outsourcing partners.
4. Encouragement of widespread use of Cybersafe Products, Systems, and Services
We will strive to manage cyber security across the full spectrum of corporate activities, including development, design, production, and supply of products, systems, and services.
Specifically, we will take security measures from the time of developing new systems and services to ensure we provide safe and secure services to our customers.
Moreover, we strive to analyze fraudulent transactions and enhance security measures through utilization of one-time password and transaction verification, etc. in internet banking services, etc.
5. Contribution to Building Safe and Secure Ecosystems
We will collaborate with relevant government agencies, organizations, industry associations, and other bodies to actively share information, engage in dialogue, and build human networks, both in Japan and internationally. In addition, we will contribute to reinforcement of cyber security throughout society by raising awareness of measures taken on the basis of such information.
Specifically, we will make timely and appropriate reports to the Financial Services Agency, National center of Incident readiness and Strategy for Cybersecurity, Information-technology Promotion Agency, police and other related ministries and agencies, and actively share information through Financials ISAC Japan, JPCERT, etc. in striving to improve security measures of society as a whole.
- *Applicable Group companies of the Declaration: Resona Bank, Saitama Resona Bank, Kansai Mirai Financial Group, Kansai Mirai Bank, The Minato Bank, Resona Card, and Resona Asset Management.