II. Risks in Fujitsu Group Business Activities
12. Security
12-1. Information Security
[ Overview and impact of risks ]
The Fujitsu Group cannot guarantee that we will be able to completely prevent the shutdown of internal networks and system operations, information leaks, or unauthorized use of information resulting from cyber-attacks, including computer virus infections and unauthorized access. In the unlikely event that the rights and interests of individuals are violated or customer information is leaked due to an information leak, trust in the Group may deteriorate and the company may face fines and penalties for the violation of the Act on the Protection of Personal Information, GDPR, and other laws and regulations.
In addition, these risks may also occur in the Fujitsu Group’s supply chain. If security risks at contractors emerge, it may affect the business of our customers and that of the Group.
[ Measures against the risks ]
To protect the confidential information and personal information of our customers, business partners, and the Group, we are enhancing the operation of our information protection management system, and are establishing internal rules, educating employees, conducting frontline inspections, carrying out audits, and providing guidance, including to our contractors.
In addition, for internal networks, which are one of the Group’s key business activity platforms, we are implementing measures that suit the characteristics of the IT infrastructure to achieve zero-trust security. We are taking measures against unauthorized access and malware as preventative measures against targeted attacks, as well as establishing an authentication and authorization infrastructure that combines device management, ID management, and measures against data leakage. We are also implementing measures against cyber-attacks, which are becoming increasingly sophisticated, diverse, and complex.
On top of this, to address security risks at our contractors, we are promoting measures to strengthen security in the supply chain from the perspective of enhancing both system and security enhancement.
12-2. Physical Security
[ Overview and impact of risks ]
The Fujitsu Group has established a physical security environment with three layers, including site, building, and floor security, but cannot guarantee that we will be able to completely prevent the shutdown of business or information leaks caused by physical destruction. If such risks realize, leaks of confidential information, damage to corporate brand value, and loss of business opportunities could affect the Group’s business.
[ Measures against the risks ]
The Group has established a physical security environment that combines human security and machine security across three layers: site, building, and floor. On top of this, in order to create a more advanced physical security environment, we are also utilizing in-house security gates combined with palm vein identification devices to prevent impersonation.
- Security