Based on its risk management policy, the NYK Group has established an appropriate risk management system and strives to prevent the materialization of risks by identifying and assessing risks and formulating counterstrategies accordingly. If risks materialize, NYK gives first priority to dealing with matters that may endanger human lives. At the same time, the Company avoids or mitigates risks by obtaining appropriate information on all materialized risks in a timely manner so that the proliferation of damages can be prevented and operations can be promptly restored.
Risk Management System
The businesses and performance of the Group could be affected by technological innovations, natural disasters, and social factors such as the economic and political climate, environmental regulations, and safety and security in countries worldwide. As they best understand the nature of operations, the personnel of operating divisions conduct quantitative and qualitative evaluations of risks in accordance with the Company's risk management policy and rules.
Enterprise Risk Management (ERM)
In accordance with its risk management policy and rules, the Group convenes twice yearly the Risk Management Committee, which assesses and receives reports regarding progress in managing critical risks that could have a significant impact on the Group's business management and reports findings to the Board of Directors. The Group defines risks as uncertainties that could affect its achievement of continuous growth. Chaired by the president and comprising chief executives and the deputy chief executive of the ESG Strategy Headquarters, the Risk Management Committee identifies critical risks based on reports from each headquarters, determines the headquarters responsible for advancing countermeasures for each critical risk, and promotes risk reduction activities for the entire Group. The most critical risks, namely, risks that could have a significant impact on the continuity of the Group's businesses, include compliance risks, major accidents and other operational risks, risks related to damages caused by natural disasters, measures to mitigate climate change, risks related to infectious diseases such as novel coronaviruses, and cyber risks. In addition, critical risks that could significantly affect the Group's business management include strategic risks, market fluctuation risks, operational risks, financial and accounting risks, and human rights risks. Each year, the Risk Management Committee selects the most critical among the critical risks.
A wide variety of economic, political, and social factors in countries throughout the world have the potential to impact negatively the NYK Group's mainstay shipping and integrated logistics operations as well as the Group's cruise and other businesses. Please click on the link below.
- More Information :
The NYK Group continuously reinforces multilayered defenses in readiness for cyberattacks, which are evolving and diversifying on an almost daily basis. However, given that the perfect defense is infeasible, the Group is also developing countermeasures focused on cyber resilience, thereby enabling rapid recovery from damages. Moreover, the Group is putting in place "zero trust" countermeasures, which are not reliant upon the boundary defenses of the networks used when introducing cloud computing or telecommuting.
Specifically, the Group will introduce security functions such as a multi-factor authentication (MFA) system and an endpoint detection and response (EDR) system to the entire Group, while introducing cloud systems to reduce risks caused by malfunctions or disasters as well as a global security operation center (GSOC) to monitor IT equipment on land and at sea worldwide around the clock 365 days of the year. These systems are designed to minimize damages by rapidly detecting and countering hacks. Further, in regions worldwide the Group has established computer security incident response teams (CSIRTs) that coordinate with each other globally. By promptly sharing and managing information not only with IT departments but also with other departments when an incident occurs, the teams underpin a system that enables the members of senior management to make decisions appropriately.
On the governance front, the Group regularly updates its information security regulations to respond to new technologies such as AI and works to ensure security by sharing said regulations throughout the Group.
All of these initiatives rest upon the foundation of Group employees' security literacy. To increase this literacy generally, for Group companies in Japan and overseas, we have introduced an education platform, conducted regular cyberattack countermeasure drills, and carried out security assessments. Through these initiatives, we will regularly monitor the degree to which our measures are becoming permanently entrenched.
In order to fulfill its social role in supporting the supply chain, even in the event of a natural disaster (earthquake, flood, infectious disease, etc.), the NYK Group has established a business continuity plan, or BCP.
During fiscal 2021, in response to diversifying work styles, we installed IT equipment and took a number of other actions to set up a system that enables all head-office employees to work remotely. During fiscal 2022, we developed and distributed our own mobile application for disaster countermeasures to facilitate communication and expedite an initial response in the event of an emergency. In essence, we developed a system and structure to ensure a certain level of business continuity in the event of a disruption.
Since the establishment of our BCP in 2006, we have continued to improve the accuracy and effectiveness of the BCP itself by regularly reviewing its contents, which we steadily maintain and expand, and we conduct regular drills based on natural-disaster scenarios.