DRIVEN BASE

Governance

alt

Information Security

Basic Stance

As IT infrastructure grows more mature, the prevalence of cyberattacks and computer virus infections will grow sharply around the world. Global Risks Report 2023, announced in January 2023 by the World Economic Forum (WEF), recognizes cyber risk as a major threat, ranking it as the eighth highest significant risk in the next two to 10 years.
In addition to the conventional risks facing the automotive industry, such as leaks of confidential information and infections by computer viruses, a number of other risks are emerging as society grows more “connected” through advances in such areas as autonomous driving and the Internet of Things (IoT). As a result, enhancing cyber security has grown essential.
Against this backdrop, in 2016 we formulated the DENSO Group Basic Principles of Information Security, under which we are working to protect information and reinforce management.

DENSO Group Basic Principles of Information Security

The DENSO Group has adopted “contributing to a better world by creating value together with a vision for the future” as its corporate philosophy. Guided by this philosophy, the Group is engaging in business activities to deliver the joy of driving and the convenience of vehicles to people around the world with the aim of preserving the global environment and realizing a safe and secure society.

In the field of information security, where safety and security are vital, the number of new risks, in addition to existing ones, are rising on a daily basis, including increasingly sophisticated and cunning cyberattacks on the Group’s products and factories.

Amid an accelerating shift toward a “more connected society” with the emergence of innovations such as automatic driving and IoT, the Group recognizes the delivery of secure, highly reliable products to customers around the world as well as the protection of customers’ information assets from various threats as the most important issues for its management.

As such, the Group has established its basic principles of information security and is working Groupwide to further strengthen information security efforts under the guidance of the chief information security officer (CISO).

  1. We will strictly adhere to law and government policies related to information security as well as other social norms.

  2. We will establish management systems for information security under the guidance of our top management.

  3. We will identify risks related to information security and implement appropriate personal, systematic, and technological efforts to counter these risks.

  4. We will continuously conduct educational and enlightenment activities related to information security.

  5. We will promptly investigate any incidents that arise concerning information security and make concerted efforts to minimize damage and prevent reoccurrences.

  6. We will carry out inspections of our management systems and initiatives related to information security and work to continuously improve and revise these systems and initiatives.

Objectives

DENSO approaches information security activities from both a product perspective and a corporate perspective.

  • security-img-objectives

Product

The automotive industry is experiencing technological innovation exemplified by connected driving, autonomous driving, sharing, and electrification (CASE) technologies. These technologies are contributing to higher levels of comfort and convenience, but at the same time they have created a need for preventive measures against cyberattacks targeting vehicles as well as Internet of Things (IoT) and mobility services. DENSO seeks to develop safe and secure products and services that support the automotive industry in order to help realize a robust and trustworthy mobility society.

Corporate

DENSO is promoting Factory-IoT, using networks to connect its factories and Group companies. Although we expect this approach to make development and production more efficient, it also entails risks. For instance, a virus infection at a factory could propagate instantaneously across all Group companies. To prevent such occurrences, we are adopting information security measures in our internal networks and factories, ensuring our ability to provide a steady supply of products.

By meeting one of our corporate social responsibilities, the thorough implementation of information security measures, we are protecting DENSO’s information assets.

Promotion Structure

Led by the chief executive in charge of information security (senior executive officer), we have established a specialized department at DENSO’s headquarters to manage information security.

Similarly, we have set up specialized frameworks in six regions around the world.

We have also assigned a person responsible for information security in every DENSO department and at every Group company, working to promote information security activities throughout the DENSO Group.

Specific Initiatives

Addressing Risk of Increasingly Sophisticated Cyberattacks and Preparing for Digitalization

At DENSO, Group companies in North America and Europe confirmed that they were subject to cyberattacks that gained illicit access to their IT systems in fiscal 2022. Determined to prevent such incidents from ever occurring again, we are taking Groupwide measures, such as 1) re-training and thoroughly drilling each and every employee about basic operations in order to change their awareness of cybersecurity and 2) in addition to developing our robust defense-in-depth system, strengthening systems to promptly detect and monitor increasingly sophisticated cyberattacks on a global scale by deploying the latest technologies, including AI, to ensure that our information assets are protected from various threats.

Along with advances in self-driving cars and IoT, addressing cyber risks in cars and production facilities has become an extremely important issue. To that extent, we are developing technologies that protect in-vehicle products, such as advanced driver support and automated driving systems, from cyberattacks to ensure that people can drive cars safely and with peace of mind. We are also establishing a unique framework for ensuring that such technologies are steadily installed in vehicles. Furthermore, we are reinforcing security measures toward plant networks, production lines, and other facilities.

Enhancing Employee Awareness

We recognize that employee awareness is the most important aspect of promoting information security measures.
For example, DENSO regularly conducts drills and training—such as by sending employees emails that look as if they could contain viruses. In addition to raising individuals’ awareness of security, in this way we put in place a structure for responding when the threat is real.

TOPIC: Initiatives of DENSO CORPORATION

DENSO CORPORATION implements Targeted Attack Email Response Training in which an email containing a mock cyber virus is sent to all employees. The timing of this training is random each year.
This training aims to enhance employee awareness of the importance of not carelessly opening attached files or clicking on links in emails from unknown senders. It also aims to heighten the awareness of reporting such emails to DENSO’s security hotline. Furthermore, the training helps ensure that employees understand how to appropriately respond in the unlikely event that they do open an email containing a virus.

In addition, we offer educational programs to all employees on the latest risks related to information leaks and appropriate ways to respond to such risks. In these ways, we make employees aware of the fact that each one of them serves as a stronghold for information management.

Future Initiatives

With the increasing advancement of a “connected society,” we will enhance the quality and speed of our work by continuing to promote digitalization throughout the Company and accelerating the transformation to data-driven work processes in a bid to provide customers with even better value and experiences as quickly as possible.
Moreover, to ensure that the way we use information assets does not infringe upon the rights and interests of the information provider, we are working to forecast risks from a broad range of perspectives, including contract conditions and adherence to laws and regulations; formulate relevant rules; and establish a structure to appropriately manage and operate these assets. In these ways, we will work to strengthen governance going forward.