Declaration of Cybersecurity Management
Mizuho Financial Group, Inc. and each of our group companies* have established a "Declaration of Cybersecurity Management" taking into consideration the "Declaration of Cybersecurity Management" released by the Japan Business Federation (Keidanren) in March 2018.
In consideration of Mizuho's vital role within the social infrastructure as a financial institution, we are proactively implementing cybersecurity measures and doing our part to contribute to building a safe and secure cyberspace environment.
1. Recognize Cybersecurity as a Management Issue
- Enhance their own understanding of the latest cybersecurity developments and actively engage in management by positioning cybersecurity spending as an investment.
- Take personal responsibility for cybersecurity measures while recognizing that cybersecurity is a critical management issue, confronting realities, addressing risks, and exercising leadership.
Cyberattacks are a top–priority management issue for our organization from the perspective of ensuring uninterrupted provision of services for our customers as well as maintaining stable operations and the sustainable growth of our financial infrastructure. Management discusses cybersecurity risks on a regular basis, allocating resources for managing them and taking action to strengthen our security framework.
2. Develop Management Policies and Declare Intentions
- Develop management policies and business continuity plans aimed at prompt recovery from security incidents while prioritizing detection, response, and restoration in addition to identifying and protecting against risks.
- Take the lead in declaring companies' intentions to internal and external stakeholders and make every effort to voluntarily disclose recognized risks, and measures to deal with them, in corporate reporting.
Mizuho, led by our Cyber Incident Response Team, works to strengthen our strategic resilience capabilities through measures such as conducting monitoring via an integrated SOC (security operations center), analyzing computer viruses, and developing and deploying multilayer defense systems.
We believe it is important to keep our customers updated about the efforts we are making to strengthen our cybersecurity, so going forward we will be disclosing this information in our Integrated Report and on our website.
3. Build Internal and External Systems and Implement Security Measures
- Ensure sufficient resources including budgets and personnel, establish internal systems, and take necessary HR, technical, and physical measures.
- Develop human resources and conduct training required for those at every level, including managers, corporate planning staff, technical specialists, and other employees.
- Manage cybersecurity throughout domestic and international supply chains, including business partners and outsourcing contractors.
We acknowledge that cultivating a professional workforce with high–functioning knowledge of cybersecurity is an important medium– to long–term task for Mizuho. We are working with outside experts to develop our workforce and motivate our employees in this direction.
By conducting training at every personnel level and participating in cross–industry exercises, we are also enhancing the effectiveness of our internal frameworks and procedures.
We strive to ensure the integrity of our supply chain by monitoring cybersecurity at our contractors and business partners.
4. Contribute to Widespread Use of Cybersafe Products, Systems, and Services
- Manage cybersecurity across the full spectrum of corporate activity, including development, design, production, and supply of products, systems, and services.
We undertake a wide range of cybersecurity countermeasures to protect our customers' assets from criminal activity. In terms of internet banking, these measures include providing security software for our customers, optimizing verification systems, and monitoring transactions.
Through our website and other mediums, we also send notifications regarding potential password exploitation and virus infections to ensure the safety of our services.
5. Contribute to Building Safe and Secure Ecosystems
- Collaborate with relevant government agencies, organizations, industry associations, and other bodies to actively share information, engage in dialogue, and build human networks, both in Japan and internationally.
- Contribute to reinforcement of cybersecurity throughout society by raising awareness of measures taken on the basis of such information.
In the closely–connected world in which we live, we believe it is important to further optimize coordination between social institutions, both in times of crisis and in times of stability. That is why we are constantly working to create and maintain reliable communication and information–sharing structures regarding cybersecurity with government institutions, regulatory authorities, law enforcement agencies, the Financial Services Information Sharing and Analysis Center, and the Financials ISAC Japan.
We proactively share the information we glean from research and analysis with external parties in order to benefit society at large.
* Mizuho Bank, Mizuho Trust & Banking, Mizuho Securities, Asset Management One, Mizuho Research & Technologies (Mizuho Research Institute and Mizuho Information & Research Institute have been integrated and become a new company.), Mizuho Private Wealth Management, Custody Bank of Japan (formerly Trust & Custody Services Bank)