Reason for Priority
Risk management involves properly identifying risks and implementing measures in advance to minimize the impacts of those risks. The importance of risk management is growing amid the diversification of risks facing companies due to advancements in IT and AI technologies, the globalization of business, and environmental issues such as climate change.
In addition, making the necessary preparations and arrangements before a major disaster, such as the COVID-19 pandemic, a Greater Tokyo Area earthquake, or the Nankai megathrust earthquake, will help prevent damage and reduce risk.
Taking measures to identify, from a medium- to long-term perspective, various changing risks and thus mitigating impacts on business, the environment, and society represents one path to achieving sustainable development.
The risks facing companies are growing more diverse and complex due to the rapid evolution of technology and changes in the global socioeconomic situation. Failure to respond to such risks appropriately could result in the loss of trust among stakeholders such as customers and shareholders and may lead to damages that affect the continuity of a company.
For this reason, the development of an effective risk management system is becoming increasingly more important. The Nikon Group conducts risk assessments every year, identifies important company-wide risks, analyzes and evaluates these risks, and regularly monitors its own responses. In order for the Group to further increase the effectiveness of risk response going forward, we are focusing on improving the internal control promotion system and the functionality of three lines of defense (first line: business departments; second line: corporate administration departments; and third line: internal audit departments) and strengthening mutual collaboration. Furthermore, we continue to develop a highly efficient and flexible Group governance system in order to improve our responses to global risks, while taking into account changes in management environments and business activity structures.
Representative Director and Executive Vice President
CRO, General Manager of Group Governance & Administration Division
- * CRO：Chief Risk Management Officer
The Nikon Group has implemented a risk management system in order to deal appropriately with all risks that may have a significant impact on corporate management with the aim of sustainable growth for Nikon and Group companies.
Main initiatives and results for the fiscal year ended March 2022
Improving Our Information Management System
The Nikon Group has appointed the Representative Director and President as the head of information management, including personal information protection. We have also established operating processes in accordance with Information Security Management Systems (ISMS). In terms of systems operations, under the leadership of the Representative Director and Officer in charge of information security, the Information Security Department carries out management and supervision of activities across the entire Nikon Group. This includes formulating measures regarding information security, including responses to cyberattacks, as well as developing and maintaining systems.
In addition, the head of each organization of Nikon’s business units, divisions, and the Group companies is designated as information managers. By working with the Information Security Department, these individuals are helping to build an information security management system compatible with the situation in each country and region, while comprehensively managing the entire Nikon Group. Material matters involving information asset risks are reviewed by the Risk Management Committee, which includes members of the Executive Committee and others.
- *ISMS：Information Security Management System
Cybersecurity Infrastructure Development and Process Improvement
To maintain a strong defense against increasingly sophisticated and stealthy cyberattacks, the Nikon Group continued to deploy cybersecurity measures that were first introduced during the fiscal year ended March 2021. We also strengthened our operational system to collectively monitor and respond to cyber-attacks globally in order to achieve early detection and early response. We are also in the process of updating our system to filter out phishing scams and other suspicious e-mails. In response to the increased number of telecommuting opportunities under the “new normal” we are developing an IT infrastructure that can be accessed securely from anywhere outside the company through the use of cloud technology and other means. In addition, we regularly improve our conventional operating processes. For example, we conduct periodic checks on the vulnerability of our corporate website, which could become an entry point for cyberattacks. We regularly conduct training for designers on information security rules during the product development process.
For more information, refer to Strengthening Risk Management in the Sustainability Report.
- Basic Approach
- BCM Activities Measures
Risk Management for Information Assets and Cybersecurity
- Information Assets Management Policy
- Information Management System
- Response to Information Security Incidents
- Information Security Education
- Information Security Audit
- Personal Information Protection
- Cybersecurity Infrastructure Development and Process Improvement