Risk Management System
Based on its risk management policy, the NYK Group has established an appropriate risk management system, which helps prevent the materialization of risks by identifying and assessing risks and formulating counterstrategies accordingly. If risks materialize, NYK gives first priority to dealing with matters that may endanger human lives. At the same time, the Company avoids or mitigates risks by obtaining appropriate information on all materialized risks in a timely manner so that the proliferation of damages can be prevented and operations can be promptly restored.
Economic and political conditions, such social factors as environmental regulations and safety and security systems, natural disasters, and technological innovation in countries around the world have the potential to affect the Group's operations and financial results. Based on its risk management rules and risk management regulations, the Group comprehensively aggregates and controls business risk from a Groupwide perspective and has established a system for responding appropriately to risk.
Enterprise risk management (ERM)
In accordance with its risk management policy and rules, the Group convenes twice yearly the Risk Management Committee, which assesses and receives reports regarding progress in managing critical risks that could have a significant impact on the Group's business management, and reports findings to the Board of Directors. The Group defines risks as uncertainties that could adversely affect its achievement of continuous growth. Chaired by the president and comprising chief executives, the Risk Management Committee identifies critical risks based on reports from each headquarters, determines the headquarters responsible for advancing countermeasures for each critical risk, and promotes risk reduction activities for the entire Group. The most critical risks, namely, risks that could have a significant impact on the continuity of the Group's businesses, include compliance risks, major accidents and other operational risks, risks related to damages caused by natural disasters, measures to mitigate climate change, risks related to infectious diseases such as novel coronaviruses, and cyber risks. In addition, critical risks that could significantly affect the Group's business management include strategic risks, market fluctuation risks, operational risks, and financial and accounting risks. Each year, the Risk Management Committee selects the most critical risks that business managers view as having the potential to significantly affect the Company's business management.
A wide variety of economic, political, and social factors in countries throughout the world have the potential to impact negatively the NYK Group's mainstay shipping and integrated logistics operations as well as the Group's cruise and other businesses. Please click on the link below.
- More Information :
Information Security Measures
The NYK Group continuously reinforces multilayered defenses in readiness for cyberattacks, which are evolving and diversifying on an almost daily basis. However, given that the perfect defense is infeasible, the Group is also developing countermeasures focused on cyber resilience, thereby enabling rapid recovery from damages. Moreover, the Group is putting in place "zero trust" countermeasures, which are not reliant upon the boundary defenses of the networks used when introducing cloud computing or telecommuting.
Specifically, the Group is introducing an endpoint detection and response (EDR) system while employing a global security operation center (GSOC) to monitor IT equipment worldwide around the clock. These systems are designed to minimize damages by rapidly detecting and countering hacks. Further, in regions worldwide the Group has established computer security incident response teams (CSIRTs), which coordinate with each other globally. By promptly sharing information not only with IT departments but also with other departments when an incident occurs, the teams underpin a system that enables the Group to deal with incidents appropriately.
In addition, based on information system security regulations, the Group assesses the cybersecurity of all domestic and overseas Group companies to heighten their levels of cybersecurity. Other initiatives have already been introduced, including cyberattack prevention training to improve employees' cybersecurity knowledge and awareness and the introduction of an educational platform for domestic and overseas Group companies.
NYK has prepared business continuity plans (BCPs) for all the major operations in NYK headquarters, so if disasters, accidents, or other events disrupt operations, the Group will be able to maintain its important functions uninterrupted wherever possible, or to quickly restore them if interrupted.
Since 2016, NYK has revised BCPs each time, transferred to a more earthquake resistant data center, and introduced an IT platform that uses cloud computing to enable the sharing of information globally. We have also established an IT tool for information sharing in the event of a natural disaster and conducted a disaster drill using the IT tool.