As IT infrastructure grows more mature, the prevalence of cyberattacks and virus infections is growing sharply around the world. The Global Risks Report 2018, announced in January 2018 by the World Economic Forum (WEF), recognizes cyber risks as posing a level of threat similar to abnormal weather and natural disasters.
In addition to the conventional risks facing the automotive industry, such as leaks of confidential information and infections by computer viruses, a number of other risks are emerging as society grows more “connected” through advances in such areas as autonomous driving and the Internet of Things (IoT). As a result, enhancing cyber security has grown essential.
Against this backdrop, in 2016 we formulated the DENSO Group Basic Principles of Information Security, under which we are working to protect information and reinforce management.
DENSO Group Basic Principles of Information Security
The DENSO Group has adopted “contributing to a better world by creating value together with a vision for the future” as its corporate philosophy. Guided by this philosophy, the Group is engaging in business activities to deliver the joy of driving and the convenience of vehicles to people around the world with the aim of preserving the global environment and realizing a safe and secure society.
In the field of information security, where safety and security are vital, the number of new risks, in addition to existing ones, are rising on a daily basis, including increasingly sophisticated and cunning cyberattacks on the Group’s products and factories.
Amid an accelerating shift toward a “more connected society” with the emergence of innovations such as automatic driving and IoT, the Group recognizes the delivery of secure, highly reliable products to customers around the world as well as the protection of customers’ information assets from various threats as the most important issues for its management.
As such, the Group has established its basic principles of information security and is working Groupwide to further strengthen information security efforts under the guidance of the chief information security officer (CISO).
We will strictly adhere to law and government policies related to information security as well as other social norms.
We will establish management systems for information security under the guidance of our top management.
We will identify risks related to information security and implement appropriate personal, systematic, and technological efforts to counter these risks.
We will continuously conduct educational and enlightenment activities related to information security.
We will promptly investigate any incidents that arise concerning information security and make concerted efforts to minimize damage and prevent reoccurrences.
We will carry out inspections of our management systems and initiatives related to information security and work to continuously improve and revise these systems and initiatives.
DENSO approaches information security activities from both a product perspective and a corporate perspective.
By connecting society, we expect automobiles to contribute significantly to improvements in convenience and comfort. At the same time, this connectedness poses the threat of cyber risks, such as cyberattacks and viruses. DENSO is positioning autonomous driving and connected cars as fields of focus, and we are developing integrated platforms to support them. To succeed in building these platforms, above all they must be safe. By providing products that are safe from the perspective of information security, we will contribute to a mobile society that is safe and provides peace of mind.
DENSO is promoting IoT, using networks to connect its factories and Group companies. Although we expect this approach to make development and production more efficient, it also entails risks. For instance, a virus infection at a factory could propagate instantaneously across all Group companies. To prevent such occurrences, we are adopting information security measures in our internal networks and factories, ensuring our ability to provide a steady supply of products.
By meeting one of our corporate social responsibilities, the thorough implementation of information security measures, we are protecting DENSO’s information assets.
Led by the chief information security officer (CISO), we have established a specialized department at DENSO’s headquarters to manage information security. Similarly, we have set up specialized frameworks in six regions around the world. We have also assigned a person responsible for information security in every DENSO department and at every Group company, working to promote information security activities throughout the DENSO Group.
As specific product-related activities, we are developing products to prevent on-board products in such areas as connected and advanced driver assistance and automated driving from cyberattacks. We are also building a proprietary framework to ensure that products are mounted securely.
Furthermore, at our factories we engage in thorough information management and operation to prevent production stoppages. We are also developing other defense measures that logically separate our network and the outside in order to block cyberattacks.
As outlined above, DENSO is promoting and reinforcing a host of information security activities. Nevertheless, defending ourselves from 100% of threats is problematic, as new types of cyberattacks and unknown viruses emerge on a daily basis.
As product- and corporate-oriented measures for addressing new types of risk and unknown risk, we monitor networks and equipment to detect abnormalities. When abnormalities are detected, we enact measures to swiftly quarantine the affected area.
We recognize that employee awareness is the most important aspect of promoting information security measures. For example, DENSO regularly conducts drills and training—such as by sending employees emails that look as if they could contain viruses. In addition to raising individuals’ awareness of security, in this way we put in place a structure for responding when the threat is real.