The Third-Party Cyber Risk Landscape of Japan

This comprehensive report provides a deep dive into third-party data breaches and third-party cyber risk in Japan. The goal is to provide third-party risk management (TPRM) teams inside and outside Japan with findings that can help them set clearer priorities for the vetting of vendors and other third parties.

Key findings include:

• Japan still has a high third-party breach rate (41%): This percentage is somewhat lower than what the global third-party breaches report noted for Japan (48%), probably due to a larger sample size diluting this extreme outlier. 41% is still quite high.
• The Japanese industries with the most numerous or frequent third-party breaches include: Manufacturing, Automotive, and Construction (MAC); Technology, Media, and Telecommunications (TMT); and Retail & Hospitality (RH). MAC is a big part of the Japanese economy, whereas TMT and RH have more third-party breaches in particular.
• Third-party technology products and services are the top causes of Japan’s third-party breaches (58%): This finding fits global trends, but the percentage of Japan’s third-party breaches attributable to third-party technology is somewhat lower.
• Subsidiaries and acquisitions of Japanese companies, primarily overseas, are the other main cause of Japan’s third-party breaches (33%): This risk factor is not unique to Japan but seems to contribute to the country’s high rate of third-party breaches.
• Top threats to Japan include ransomware attacks and state-sponsored attacks from Chinese and North Korean groups. While state- sponsored attacks make up a smaller share compared to ransomware, they still account for a significant number of breaches:  Third-party attack vectors facilitate attacks on the often harder targets that state-sponsored groups pursue by finding weaknesses in their less secure supply chains.

Download this report to understand the specific risks in Japan.