BCCJ Hosts Cyber Security Roundtable with UK Cyber Security Ambassador, Juliette Wilcox CMG

As part of the 2023 Hiroshima Accord, Japan and the UK agreed to an enhanced strategic partnership, including deeper cooperation on cyber security. With cybercrime continuing to escalate internationally, the importance of strengthened defences has become urgent. Highlighting the danger to businesses, “The State of Ransomware 2022” report, which surveyed 5,600 IT professionals in mid-sized organisations, found that Japanese companies were paying an average of US$4.3 million as a result of ransomware attacks, the largest amount of the 31 countries surveyed.

Japan’s IT and manufacturing businesses are significant targets for cyber criminals, the Atlas VPN report found. The Japan Pension Service has been among the victims, with more than 1 million names and pension identification numbers leaked in a cyberattack. The Japan Aerospace Exploration Agency was also targeted in a recent attack, among some 200 aerospace companies, prompting Japan’s National Police Agency to set up a dedicated cybercrime unit in fiscal 2022.

In the UK, cyberattacks have been ranked among the top threats to national security, with cybercrime estimated to cost the British economy some £27 billion a year. Addressing these issues, the British Chamber of Commerce in Japan hosted a Cyber Security Roundtable led by Juliette Wilcox CMG, UK Cyber Security Ambassador, Department for Business and Trade, on February 6. She was visiting Tokyo in her capacity as leader of a UK cyber trade mission to Japan to promote UK cyber security technologies, accompanied by delegates from British cyber businesses eager to enter or expand in the Japanese market.

“The UK’s relationship with Japan is becoming increasingly intense, complex and connected,“ she told event participants, pointing to large-scale bilateral agreements, like the Hiroshima Accord which set the UK’s “strategic intent” to be a partner with Japan, including in security, rooted in practical agreements that can be seen in the defence space. Efforts show that both countries are “determined over the long term to have a strong defence and security relationship, underpinned by collaborative capability,” she added, noting that cyber security impacts every industry, “whether energy or trade or transport or healthcare.”

“There are now approximately 2,000 companies in the UK working in cyber security—most of them with less than 10 staff—but there is a lot of brilliant innovation. The number of people in the industry is growing, revenue is growing, and exports were up 21% last year … and it’s going to continue to go up,” she said.

Business challenges

Japan has been showing interest in UK cyber capabilities, highlighted by a January 2023 visit to London by a delegation from Japan’s Keidanren (Japan Business Federation), which saw Japan and the UK sign a Memorandum of Cooperation to deepen public-private partnerships in cyber between both countries. UK-based visitors at the BCCJ event were therefore keen to learn about the Japanese cyber industry from BCCJ members, who outlined some of the challenges in promoting their services in Japan, traditionally seen as a difficult market for new entrants.

“There’s a conservative mindset of not wanting to be the first company to implement [a solution] … so the process of validating the technology can be quite painful,” an attendee said. “Japanese companies ask a lot of questions – they want to dissect the technology and all the risks associated with it. From our side their questions may seem unusual, but from their perspective they want to cover all the bases, so if anything happens they know how to deal with it,” added another. One participant said there was “a lot of ignorance” around cyberthreats, despite the vulnerabilities of many companies, and stressed the need to show Japan case studies that demonstrate the risks to business operations. The importance of offering a locally-based service with Japanese staff, together with finding the right Japanese partner, particularly in sensitive sectors such as defence, was also noted.

Other participants pointed to the need to build relationships with all members of the team, not just the English-speaking staff, who tend to be in the minority in companies. The Japanese consensus-building approach to making key decisions means winning business could prove a lengthy process, however it also provides a barrier to entry for competitors, another participant said. “Once your product gets approval, a competitor product can’t easily be switched in,” he explained.

Asked how to convince key stakeholders of the proposed product or service, an attendee suggested building a relationship with a “champion” inside the Japanese firm who could persuade others, and potentially introduce the product to their superiors. “It’s about creating the personal relationship … it’s probably better getting a Japanese speaker to create that trust,” he said.

Yet while the Japanese public may not be focused on cyber security, the introduction of digitalised services, such as the identity card called My Number Card, could raise public awareness of the risks. An incident with the My Number Card could “change general opinion” despite companies generally being expected by consumers to fix problems themselves, a participant said. The rise of electronic transactions at the expense of cash could also highlight vulnerabilities. Cashless transactions accounted for 36% of all consumer payments in 2022, compared with just 15% a decade earlier, according to Bank of Japan data.

Meanwhile, the rise of generative AI has also increased the risks for Japanese consumers. While previous cyberattacks often used poorly worded Japanese, making it easy to identify fraudulent activity, AI now allows cyber criminals to improve their Japanese communication, even recruiting Japanese nationals to assist their attacks. “In the early days [of cyberattacks] it was easy to detect a mistake in the Japanese text … but now they’re using native speakers—they have local partners too,” a participant said. With the risks continuing to rise, both the UK and Japan have a common enemy to confront in the battle to defend a “free and secure” cyberspace.