Information Security (Cybersecurity)

The KOBELCO Group considers information security risks as one of its significant management risks, and has established a basic policy on information security and is working on information security measures to ensure that we can take an appropriate Groupwide response.

Basic Policy on Information Security

Our Group pays the utmost attention to the confidentiality of information, and has established a management system and taken appropriate security measures to prevent unauthorized access and information leaks due to cyberattacks and other incidents. The information security promotion structure, centered on the Information Security Subcommittee, KOBELCO CSIRT/K-SOC, and the respective roles are as follows.

The Information Security Subcommittee, chaired by the CISO (director/executive officer), determines the Group basic policies and key measures on information security.

The KOBELCO CSIRT is a cooperative effort between IT divisions, legal divisions, and affiliated companies dealing with information systems to prevent cyberattacks and the spread of damage in the event of an information security incident. To this end, it updates or abolishes security regulations and standards, plans and implements information security education and training for directors, executive officers, and employees, and responds to incidents and other events.

With the goal of achieving zero serious security incidents^*, the KOBELCO Group aims to raise the level of security through the PDCA cycle that includes such elements as implementing risk management, determining countermeasures, and auditing results of security activities.

Braced for cyberattacks, we have integrated security tools for central management of information security throughout the KOBELCO Group including domestic and overseas Group companies. This allows us to carry out log monitoring 24 hours a day, 365 days a year, detect malware infection, suspicious behavior, and signs of incidents in the early stage, and take prompt steps from initial response to containment.

We are working to improve employee awareness and understanding of information security and the ability to respond to threats by regularly conducting information security education through e-learning and targeted email training for directors, executive officers and employees of the Group.

We are working to raise the level of information security management throughout the Group by conducting annual internal audits to check the status of compliance with the KOBELCO Group Information Security Standards through annual internal audits and making improvements.