www.bitsight.com Open in urlscan Pro
2606:4700:10::ac43:60f  Public Scan

Form analysis
0 forms found in the DOM

Text Content

This website is AudioEye enabled and is being optimized for accessibility. To
open the AudioEye Toolbar, press "shift + =". Some assistive technologies may
require the use of a passthrough function before this keystroke. For more
information, activate the button labeled “Explore your accessibility options”.

Skip to main content


UTILITY

 * Blog
 * Partners
 * Request Demo
 * Chat With Us
 * Login

See Your Rating
 * About Us

Contact Us
Country Cyber Report
Show/Hide Main Menu
 * Products
   
    * Enterprise Security
       * Security Performance Management
       * External Attack Surface Management
       * Cybersecurity Analytics
       * Security Ratings
       * Trust Management Hub NEW
   
    * Digital Supply Chain
       * Third-Party Risk Management
       * Vendor Risk Management
       * Continuous Monitoring
       * Vulnerability Detection & Response
       * TPRM Integrations
   
    * Cyber Governance & Reporting
       * Cybersecurity Ratings
       * Cybersecurity Regulations
       * Cyber Risk Quantification
   
    * Cybersecurity Data Feed
       * Cyber Data Solutions
   
    * Cyber Underwriting & Risk Control
       * Cyber Insurance
   
    * Professional Services
       * Service Offerings
   
   Free Attack Surface Report
   
   Your attack surface is expanding—know exactly how it looks. Our report gives
   you the insights you need to see your external attack surface.
   
   Receive custom report
 * Solutions
   
   See beyond borders
   
   Bitsight enables risk and security leaders to see beyond the firewall — to
   the vendors and partners, clouds and applications, patches and programs —
   that introduce risk in your digital ecosystem.
   
    * By Use Cases
       * Exposure Management
       * Third-Party Risk Management
       * Reporting and Compliance
       * Cybersecurity Regulations NEW
       * Continuous Monitoring
       * Executive Reporting
       * Supply Chain Visibility
       * Investment Management
       * National Cybersecurity
   
    * By Industry
       * Financial Services
       * Insurance Services
       * Healthcare
       * Government
       * Technology
       * Energy/Utilities
       * Retail
       * Manufacturing
       * Education
   
   A Critical Guide to Closing Your Exposure Management Gaps
   
   See why leading CISOs credit exposure management as one of the top tools and
   practices that will help them drive better prioritization of action, better
   transparency and accountability.
   
   Download Guide
 * Data & Insights
   
   Trust in our data
   
   We combine real-time discovery of networks, assets, and vulnerabilities with
   our AI attribution engine and over 100 security researchers to amass one of
   the largest and mapped risk datasets in the world.
   
    * Why Bitsight
       * Why Bitsight
       * Security Ratings Leader
       * * Trusted Ratings
       * Data & Insights
       * Data Correlation & Studies
       * Data Discovery
       * Cyber Data for Capital Markets NEW
   
    * Bitsight TRACE
       * Latest Security Research
       * Meet the Team
   
   Bitsight Named a Leader in The Forrester Wave™: Cybersecurity Risk Ratings
   Platforms, Q2 2024
   
   Bitsight was recognized as a Leader, receiving the highest scores possible in
   18 criteria.
   
   Download Report
 * Company
   
   Building trust in the digital economy
   
   Bitsight is a cyber risk management leader transforming how companies manage
   exposure, performance, and risk for themselves and their third parties.
   
    * About Us
       * Our Story
       * Our Team
       * Diversity & Inclusion
       * Press Releases
       * In the News
   
    * Connect with Us
       * Careers
       * * Open Positions
       * Events
       * Locations
       * Contact Us
   
   Bitsight’s AI-Powered Discovery and Attribution Engine Delivers Faster, More
   Accurate Enterprise Risk Maps
   
   Read release
 * Resources
   
   Did you know?
   
   More than 60% of Known Exploited Vulnerabilities remain unmitigated past
   deadlines and take, on average, 4.5 months to remediate.
   
   Source: Bitsight TRACE
   
    * Resources
       * Customer Stories
       * Reports & eBooks
       * Datasheets
       * Webinars
       * Videos
       * Cybersecurity Glossary
       * All Resources
   
    * Blog
       * Vulnerabilities & Incidents
       * Policy & Regulations
       * Exposure Management
       * Third-Party Risk Management
       * All Blog Posts
   
   The Impact of the Kaspersky Ban
   
   How the prohibition of Kaspersky Lab, Inc. impacted global users.
   
   Read blog

See Your Rating
 * Blog
 * Partners
 * Login
 * Contact Us
 * Request Demo


NAVIGATING JAPAN METI’S UPCOMING CYBERSECURITY RATING SYSTEM: STRATEGIES FOR
BUSINESSES TO ENHANCE CYBER DEFENSE

Policy & Regulations

ber Defense hero
Written by Terence Cheong August 21, 2024
Share
 * Facebook
   
 * Twitter
   
 * LinkedIn
   



On April 9, 2024, Japan's Ministry of Economy, Trade and Industry (METI)
announced its intention to implement a cybersecurity rating system for companies
by fiscal year 2025. Although the proposal is still in the consultation phase,
with industry feedback expected to lead to potential refinements, key aspects of
the planned system have been outlined:

METI aims to establish a five-level categorization of corporate cyber defense
measures, enhancing clarity for business partners regarding the extent of
cybersecurity implementations within a company. This stratification is designed
to bolster overall industry responsiveness, particularly in combating attacks
that exploit supply chain vulnerabilities.


DETAILS OF THE PROPOSED RATING LEVELS:

 * Levels 1-2: Fundamental measures including regular software updates,
   restricted access to sensitive information, and protocols for handling
   information leaks.
 * Levels 3-4: Targeted at key players within the supply chain, these levels
   require more sophisticated information management systems.
 * Level 5: The highest level, necessitating third-party certification of a
   company’s cyber defense capabilities.

The proposed rating system is expected to motivate companies to strengthen their
cyber defenses and enable partners to better evaluate the cybersecurity
preparedness of businesses. The desired outcome should be the ripple effect of
higher cybersecurity performance expectations propagating from key industry
pillars and effecting their ecosystems towards a higher state of cybersecurity
maturity. Effectively, lower cybersecurity ratings could deter potential
transactions, and directly impact the profitability of businesses. In summary, a
lack of a credible cybersecurity strategy would pose a strategic risk for
businesses.

This initiative is part of broader governmental efforts to enforce cybersecurity
within critical infrastructure and high-risk sectors. It parallels the U.S.
Cybersecurity Maturity Model Certification (CMMC), which utilizes a similar
five-level grading system influencing defense procurements. Japan's initiative,
however, extends its impact to the commercial sector, thereby facilitating more
effective due diligence by both government and businesses.


CHALLENGES AND STRATEGIC CONSIDERATIONS:

The technological and cybersecurity debt accumulated by Japanese businesses
might cause initial resistance to this initiative. To address potential
hesitations and accelerate cybersecurity enhancements, the government and
businesses might consider several strategies in accordance to their own profile.
Their cybersecurity implementation strategy may look something like this:

 1. Assessment and Planning: Essential first steps to identify current
    capabilities and outline strategic objectives.
 2. Policy Development: Establishing governance to guide cybersecurity efforts.
 3. Implementation: Deploying necessary cybersecurity measures.
 4. Training and Awareness: Educating staff on cybersecurity practices.
 5. Monitoring and Response: Continuously observing systems and preparing to
    respond to security incidents.
 6. Review and Audit: Regularly evaluating the effectiveness of cybersecurity
    measures.
 7. Improvement: Continuously refining cybersecurity practices.
 8. Third-Party Management: Overseeing the security postures of all associated
    third parties.

Focusing on the initial steps of assessment, planning, and policy development
can set the foundation for robust cybersecurity practices, enhancing resilience
across Japan's business landscape so let us focus on how to start.

For most Medium or Large enterprises, they may already have existing programs
but may have lacked a structured framework to build and scale from. Businesses
may hire third party consultants, but the necessary investments may not be
palatable. The alternative may be to develop their cybersecurity maturity
in-house. Adopting a cybersecurity framework (such as NIST Cyber Security
Framework) is often one of the recommended first steps, and then leveraging the
framework to determine the current state and planning towards their desired
target profiles matching their needs. NIST CSF has wide ranges of profiles that
could help Small and Medium Enterprises (SME) to Industry-Specific Profiles to
Cloud Security Profiles. I would recommend a security profile that would suit
your business ecosystem as well as allow you to grow as your cybersecurity
program matures. Whilst building your profiles, it may also be useful to keep an
eye on recent requirements by the US Securities and Exchange Commissions if your
company is listed in the US stock exchanges. Give this a read, for some insights
from my colleagues.

Additional considerations should be taken in the context of business
stakeholders. A government led rating could be sufficiently intuitive and seen
as a necessary hurdle to further business engagements. Such a perspective may
erode the good value cybersecurity (and their teams) may be bringing in, such as
a means to demonstrate returns on investments, risk reduction and demonstrate
good corporate governance. All of which are positive, quantified and tangible
business returns that can be easily overlooked, resulting in a pursuit of
minimum spend since cybersecurity is a cost center. Benchmarking cybersecurity
risk performance against competitors and industry peers in an independently
correlated risk metric in a visual manner involves decision makers and
stakeholders for better engagement and crossing the proverbial chasm.



BitSight Technologies, Inc.
111 Huntington Ave, Suite 400
Boston,  MA  02199
United States of America

+1-617-245-0469

Free Cyber Security Reports
 * Security Ratings Snapshot
 * Attack Surface Report
 * Supply Chain Risk Report
 * Marsh McLennan Cyber Risk Analytics Center Report
 * Ransomware Trends
 * Third-Party Vendor Risk Report

 * BitSight Academy
 * BitSight Knowledge Base
 * Privacy Statement
 * Corporate Social Responsibility Statement
 * Security
 * BitSight Security Ratings Access Terms
 * Website Terms Of Use
 * Contact Us
 * Get A Free Demo
 * Cybersecurity Glossary
 * Do Not Sell or Share My Personal Information
 * Cookie-Präferenzen

Contact Us
© 2024 BitSight Technologies, Inc. and its Affiliates. All Rights Reserved.
 * Facebook
   
 * Instagram
   
 * Linkedin
   
 * Twitter
   
 * YouTube
   


This website uses cookies to enhance user experience, for advertising purposes,
and to analyze traffic on our website as described in our Datenschutzerklärung.
You may choose to consent to our use of these technologies by selecting "Accept"
or select "Required Only" if you do not consent. To change your preferences or
learn more about our use of cookies select "Manage Settings".
Akzeptieren Nur erforderliche Cookies Einstellungen verwalten


Opens in new window
PDF Download
Word Download
Excel Download
PowerPoint Download
Document Download
Explore your accessibility options


close carousel