In a bid to strengthen its defenses against the growing threat of cyberattacks, the Japanese government is considering a new measure that would require private-sector operators of critical infrastructure to report any incidents of cyber damage.
One of the primary concerns driving the initiative is the reluctance of businesses to report cyberattacks due to fears of potential negative impacts on their stock prices. This reluctance has hindered efforts to contain and mitigate the effects of cyberattacks
This move aims to facilitate the rapid sharing of information to prevent the spread of cyberattacks to other businesses.
Addressing Reluctance to Report Cybersecurity Incidents in Japan
Government officials have expressed concern that businesses are often reluctant to report cyberattacks, fearing the potential impact on their stock prices. To address this issue, a panel of experts convened by the government is expected to outline the reporting requirements in an interim report shortly.
In 2022, the government introduced a voluntary action plan on cybersecurity for critical infrastructure, encouraging businesses to report cyberattack damage without any legal obligations. However, with the proposed mandatory reporting requirements, the government hopes to create a culture of transparency and cooperation among businesses.
The Japan Association of Corporate Executives, a major business lobby group, has been advocating for the government to make the reporting mandatory, recognizing the importance of a coordinated and proactive approach to cybersecurity.
Mandatory Reporting for Critical Infrastructure
The proposed requirements are expected to cover operators of infrastructure that could have a significant impact on people’s lives and economic activity in the event of a cyberattack. The list of critical infrastructure includes sectors such as telecommunications, finance, airports, and ports, as outlined in the government’s economic security promotion law.
Additionally, the government’s cybersecurity task force has designated 15 industries, including government and administrative services, as well as the medical sector, as critical infrastructure.
Strengthening Japan’s Cybersecurity Measures
This move by the Japanese government is a significant step toward bolstering the country’s cybersecurity measures. By mandating the reporting of cyberattack incidents, the government aims to facilitate the rapid sharing of information, enabling other businesses to take preventive actions and mitigate the potential spread of such attacks.
The government’s new plan aims to transform previous encouragement to report cybersecurity attacks on important infrastructure and businesses into specific legal obligations. By fostering transparency and information-sharing, the government aims to empower businesses within the private sector to better protect themselves and their customers from the devastating effects of cyberattacks.