Cybersecurity

Basic Policy
Management Structure
Initiatives to Enhance Security

Basic Policy

Cybersecurity is one of Aozora’s main areas of focus as a bank that has a responsibility for its customers’ important assets and information. Incidents such as information leaks and service outages caused by cyberattacks could have a material impact not only on Aozora’s management, including damage to our customers and affecting business continuity, but also on society as a whole. In order to provide reliable financial services, Aozora considers the stable operation of information systems to be one of its most important management responsibilities. We work to maintain the cybersecurity system and reduce risks across the entire Aozora Group.

Management Structure

Aozora has established a security policy and a systems risk management policy, and conducts cybersecurity management with the active engagement of senior management based on a risk appetite framework approved by the Board of Directors.

To strengthen our cybersecurity management framework, we have appointed a CISO*1 as the person responsible for overall cybersecurity management. With this initiative, we have established a system through which the CISO reports to the CIO*2 as well as the CRO*3 from a Risk Management Group’s checks and balances perspective. The Cyber Security Office, a dedicated cybersecurity department formed within the IT Control Division, is responsible for establishing systems, strengthening countermeasures, monitoring, and emergency responses. We have also established a Cyber Security Incident Response Team (Aozora CSIRT), which spans across Aozora’s related groups/divisions and Group companies. By sharing cybersecurity trends and risks inherent in the Bank as well as conducting ongoing cybersecurity training, the entire Group remains prepared for emergency situations.

  1. Chief Information Security Officer
  2. Chief Information Officer
  3. Chief Risk Officer

Cybersecurity Management Structure

an image about Cybersecurity Management System an image about Cybersecurity Management System

Initiatives to Enhance Security

Multi-layered technical countermeasures and
verification of effectiveness

  • Entrance measures to prevent unauthorized network intrusion
  • Exit measures to prevent the leakage of information
  • Internal measures that presume attacks on the internal network
  • Verification of effectiveness of technical countermeasures through penetration testing by external experts

Strengthening of cyber-resilience

  • Regular cybersecurity exercises involving members of the management team
  • Recovery tests using actual systems and equipment on the assumption that an incident has occurred

Analysis of threat trends

  • Gathering information on key issues including vulnerabilities, attack strategies, and instances of damage suffered by other companies
  • Systematic responses based on a study of potential impacts affecting Aozora and related risks

Security training for employees

  • Improve ability to identify suspicious emails and ability to respond when opening them through targeted email training
  • Training through e-learning, videos, and online seminars based on the results of targeted email training and threat trends
(As of July 2025)