Japan Cyber Briefing: The 2026 Outlook

Past Event Round Ups
13 February 2026

On January 31, as part of Prime Minister Keir Starmer’s visit to Japan, the UK–Japan Strategic Cyber Partnership was launched, committing both countries to “work together in addressing global cyber threats.” Shortly after, representatives of British cyber firms visited Tokyo as part of a UK trade mission to Japan hosted by the government’s Department for Business and Trade. The mission focused on “active cyber defence,” namely detecting, disrupting and neutralising cyber-attacks.

 

The British Chamber of Commerce in Japan (BCCJ) welcomed the firms in early February at its Japan Cyber Briefing, an event designed to provide a focused, high-level exchange on Japan’s evolving cyber and business landscape.

 

Susan Oliver, Trade Counsellor Defence, Security, Cyber, Space and Aerospace at the British Embassy Tokyo, opened the session by noting there “could not be a better time to discuss Japan’s cybersecurity environment, regulatory context and the commercial realities that it brings.” 

 

 

Moderator and BCCJ Executive Committee Member Ken Katayama set the scene, introducing the Top 10 Information Security Threats in 2026 according to Japan’s Information-technology Promotion Agency. No. 3 was use of AI (ranking for the first time since the report was started in 2016), No.2 was cyber-attacks on supply chains and, ranking No. 1—for 11 consecutive years—was cyber-attacks via ransomware.

 

Japan continues to raise public awareness of cybersecurity, promote secure practices and encourage businesses and individuals to strengthen their cyber defences, including through initiatives such as Cybersecurity Awareness Month, held February 1 to March 18, he said.

 

Ransomware attacks

While Japan’s National Police Agency received a 1.4-fold increase in reports of ransomware attacks in the first half of 2025 compared to the same period in 2024, Cartan McLaughlin, CEO of Nihon Cyber Defence Ltd., said most ransomware attacks in Japan remain unreported.

 

He called on organisations to be prepared and have an up-to-date ransomware policy in order to respond to the accelerated timeline of ransomware attacks in recent years—from a six-week to 72-hour event. Furthermore, negotiating with the attacker is not to be feared as it can lead to a delay or provide useful intelligence on why the organisation is being attacked.

 

Tim Perry, International Cyber Programme Delivery Lead at BAE Systems Japan GK, said state actors—Russia, China, North Korea and Iran are often cited as key examples—tend to target governments and businesses, often carrying out cyber-attacks for espionage, sabotage and to gain intellectual property.

 

While we have seen these actors targeting critical national infrastructure, they also target businesses “at the heart of supplying services to the public and to militaries,” as well as the supply chain of those companies, “particularly as larger organisations have gotten much better at defending themselves,” he said.

 

To combat these threats, governments around the world have established national cyber programmes that build public-private partnerships that aim to deliver a whole-of-society approach to counter the most common attacks. The approach allows governments to address the remainder, which tend to be “advanced persistent threats or a sophisticated prolonged attack where intruders gain unauthorised undetected access to a network to steal sensitive data over months or years,” he added.

 

 

Supply chain risks

Chris Capper, Cyber Attaché for North East Asia at the British Embassy Tokyo, said governments are increasingly concerned about also protecting “critical suppliers,” adding that it’s vital to “map supply chains and establish the suppliers that underpin them.”

 

Even small firms, such as those in a large organisation’s second, third or fourth tier of supply chain, are at risk of cyber-attack, added Perry, noting that these companies could pose a cyber risk if connected to the large organisation’s network.

 

With AI tools now available to help people understand their systems and the risks within it, securing supply chains is getting easier, he said. And once those risks are established, it’s important to “enable” the companies that pose a risk to be more proactive about their cybersecurity, “not block them.”

 

Increasing bilateral cooperation

Capper outlined the three pillars of the new UK–Japan Strategic Cyber Partnership, namely “detect, deter and defend against cyber threats; enhance whole-of-society cyber resilience and build a growth and innovation ecosystem.”

 

Critically, both countries are aligned on cybersecurity and aim to work together as closely as possible, he added. For example, with Japan facing a shortage of cybersecurity talent, the UK is sharing insights on some of its approaches in building its cyber workforce, such as CyberFirst, a government-backed outreach and education programme run by the National Cyber Security Centre (NCSC).

In technology, too, “we need to ensure that when we come up with unique solutions, we’re sharing them with each other,” he said.

 

Similarly, Japan’s Ministry of Economy, Trade and Industry is learning from the NCSC’s Cyber Essentials certification scheme, which sets the minimum standard of cyber security recommended by the UK government for organisations of all sizes, in the hope of setting up something similar, shared Perry.

 

And, of course, both individuals and organisations can begin immediately to protect themselves by practicing good cyber hygiene such as updating their software, not opening suspicious emails and following other good practices, said Katayama.

 

Offering advice on staying secure, McLaughlin said everyone needs to be vigilant at all times, particularly against phishing attacks. He also stressed the importance of multi-factor authentication in cyber defence.

 

In Japan, although the complexity of the Japanese language once provided a degree of protection against cybercrime, generative AI is making phishing attacks more effective and prevalent, he explained. “Don’t take things for granted, especially links,” he added.

 

Active cyber defence trade mission

The UK firms attending the trade mission were:

 

Actica Consulting

A longstanding consultancy supporting UK national security, defence, space and critical infrastructure with high security digital transformation and cyber architecture expertise. Works exclusively with security-cleared personnel on mission critical programmes.

 

Athenian Tech

An AI-powered threat hunting and digital risk intelligence platform that predicts and prevents cyber-attacks using ML, graph analytics and largescale OSINT. Provides enterprise threat hunting, executive protection and automated takedown capabilities.

 

BAE Systems Digital Intelligence

The cyber, data, digital and space division of BAE Systems, delivering advanced cyber defence, intelligence analysis and secure digital transformation for governments, militaries and critical national infrastructure. Known for deep APT level threat expertise and high trust mission environments.

 

CREST

A global not-for-profit accreditation and certification body for the cybersecurity industry, ensuring high standards across 500+ member companies and thousands of certified professionals. Trusted by governments and regulators to validate cyber service quality.

 

Cyber Scheme (The Cyber Scheme Limited)

A UK-based provider of hands-on cybersecurity certifications and skills development, aligned with UK Cyber Council professional titles and widely used across government and defence. Known for practical assessments for pen testers, incident responders and technical cyber roles.

 

Darktrace

A global leader in AI driven cybersecurity, offering autonomous threat detection and real time response across cloud, network and email. Its Active AI platform protects nearly 10,000 organisations using behavioural learning models.

 

Glasswall

A leader in secure file protection, combining Zero Trust CDR with AI-based threat detection to neutralise unknown file borne risks. Trusted by NSA, UK Government and major enterprises, and certified to standards including SOC 2 and NIST 800171.

 

GOLDILOCK

Provides a unique hardware-based system enabling instant, remote physical disconnection from networks—without using the internet—offering strong protection for CNI and defence. Holds NATO sole source status for its “Fire Break” solution.

 

Kahootz

A secure collaboration platform widely used across UK Government—including Cabinet Office, NHS and MOD—for managing sensitive programmes. Now expanding to Japan with locally hosted deployments tailored for national security needs.

 

PQShield

A specialist in postquantum cryptography, delivering quantum resistant hardware and software aligned with new NIST standards. Known for ultrafast, ultra secure PQC implementations and leadership in global PQC research and standardisation.

 

SCI Semiconductor

A UK company building secure silicon technologies, centred on CHERI-based hardware compartmentalisation to prevent memory-related vulnerabilities. Supports proactive cyber defence and aligns strongly with Japan’s Active Cyber Defence objectives.