Systems Maintenance and Combatting Cyber Attacks

SuMi Trust Holdings has set systems maintenance and combatting cyber attacks as one of its management foundation materialities, and considers it an important management issue. Information assets are one of the most important management resources and pose risks that may undermine the foundation of corporate management. The Group, therefore, appropriately maintains and manages all information assets it holds.

SuMi TRUST Holdings clearly states, in the Information Security Management Rules under the Risk Management Rules on which directors have the authority to amend and approve, that the head of overall information security risk management is the officer in charge of the IT & Business Process Planning Department, and that the supervising department conducting overall information security risk management is the IT & Business Process Planning Department.

The threat of cyberattacks and the damage they can inflict are growing both in Japan and overseas. Under such circumstances, SuMi TRUST Holdings is engaged in the following activities to protect the precious assets of its clients from the attacks.

The Group has formulated its Cyber Security Management Declaration against cyberattacks, working to strengthen security measures led by management.

To respond to cyberattacks, SuMi TRUST Holdings monitors computer systems of SuMi TRUST Bank around the clock. In addition, SuMi TRUST Holdings has established SuMiTRUST-CSIRT as an internal organization for gathering information, conducting analysis, and implementing measures relating to cyberattacks, and coordinates with outside expert organizations to strengthen its management system.

*For details of the Cyber Security Management Declaration please see:

In terms of internet banking, SuMi TRUST Bank offers "Rapport," a type of security software specifically for internet banking, free of charge to help shield clients' precious deposits and other assets from fraudulent transactions. Furthermore, the Bank has introduced a telephone authentication service^*1. It is strongly recommended that all internet banking clients register for telephone authentication in order to prevent any unauthorized payments.

In addition, to combat DDoS attacks^*2 in the internet banking service, the Bank has introduced an attack mitigation service designed to handle large-scale attacks, thereby reducing the risk of service interruptions caused by DDoS attacks.

SuMi TRUST Holdings will continue to keep abreast of other companies' moves and new technologies and implement thoroughgoing security measures so that clients' transactions remain safe. The measures include the early detection and prevention of unauthorized remittances.

For the Group's overall systems, self-evaluations are carried out every year using the System Risk Evaluation Table of the System Risk Management Guidelines established in line with the Center for Financial Industry Information Systems' (FISC) security measures, and the results are reported to the officer in charge. Furthermore, with regard to cyber security, we conduct regular assessments in Japan and overseas.

The Group conducts the following training every year to train management, disseminate knowledge of information security risk management, strengthen the cyber security response department, and raise awareness within the Group.

*Training is available not only for full-time employees but also for some employees of outsourcing contractors.