The UK–Japan Cyber Partnership and the State of Play in 2025

Past Event Round Ups
UK Gov / British Embassy Tokyo
UK-Japan Relations
10 March 2025

Written by Sterling Content

 

In today’s digital age and evolving cyber threat landscape, protecting the devices we use from cyber attacks is critical—for organisations, individuals and networks. 

 

Half of British businesses reported a cyber attack last year, with phishing being the most common threat, according to the Cyber Security Breaches Survey 2024 published by the UK government. And, in 2023, 197 organisations in Japan told the National Police Agency they had experienced a cyber attack, specifically using ransomware. Of those reporting, 36% were major companies and 52% were SMEs 

 

One year on from the UK government’s engagement with Keidanren (The Japan Business Federation) to advance public–private partnerships in cyber security, as outlined in the Hiroshima Accord, the British Chamber of Commerce in Japan held an event at the British Embassy to explore the critical role of international collaboration in tackling cyber threats. 

 

The expert panel comprised Chris Capper, Cyber Attaché for North East Asia at the British Embassy Tokyo; Naoko Ogawa, Director of Industrial Technology at Keidanren, Ayaji Furukawa, Senior Manager of the Cyber Security Technology Centre at Toshiba Corporation  and Ken Katayama, Project General Manager of Digital Policy at Toyota Motor Corporation.

 

Ogawa welcomed the event, explaining that greater collaboration between the UK and Japan is “essential,” particularly as cyber attacks are becoming increasingly sophisticated. The Memorandum of Cooperation between the UK’s National Cyber Advisory Board and Keidanren to deepen public–private partnerships in cyber in both countries, which was signed in January 2024, is further enhancing the bilateral relationship in the cyber domain, she said. 

 

 

Geopolitical risks

Capper expressed concern about the evolving threat landscape, in particular “the blurring—if not collaboration—between state and non-state actors.” Threat actors are especially focused on finding zero-day vulnerabilities, a security hole in a system unknown to its owners, developers or anyone capable of mitigating it. 

 

Russia presents a particular risk to the UK’s critical national infrastructure, while there is concern that North Korea’s suspected $1.5 billion hack of a cryptocurrency exchange this month could be used to fund its weapons programmes.

 

The UK has also observed hackers making the initial access into a network and then selling it on to state actors. 

 

AI is being used effectively in “information operations” (communications to influence desired audiences to act or not act in a way beneficial to the hacker), he said, adding that it is becoming good at Japanese, much to the disbelief of many in Japan.

 

Many ASEAN countries feel the cyber threat from nation states, said Furukawa. However, government agencies and state-owned critical infrastructure companies in many of these countries tend to prioritize cost over technology when procuring products, which may result in the use of unsecure IoT devices such as routers and other control systems.

 

 

Mitigating risk

Threat is “intent x capability x opportunity,” said Capper, noting that a lot can be done to affect a cyber actor’s opportunity. One example is the UK government-backed certification scheme, Cyber Essentials, which comprises technical controls that if implemented can secure 99% of internet-facing vulnerabilities. 

 

In addition to hardware and software, it’s important to understand the human dimension of cyber, as cybersecurity is about “the interplay between human and technology, with human often being the weakest link.”


Typically, sophisticated cyber threats start by living “on the edge,” a term that refers to using devices that interface between networks and the rest of the world such as routers, he added. In response, the UK’s National Cyber Security Centre and their international allies unveiled new guidelines in February to secure edge devices from increasing threats.

 

Katayama called on attendees to “be prepared for what we know,” pointing to data from Japan’s Information-technology Promotion Agency that shows ransomware has been ranked as the top threat to Japanese organisations for 10 years, while supply chain threats have been recognised for seven consecutive years. The only new threat in 2025 is geopolitical risk, which was ranked seventh. 

 

Individuals, meanwhile, should also be vigilant in practicing good cyber hygiene, such as ensuring passwords are unbreakable, he said, adding that the top three threats to them in 2025 are personal information theft from online services, unauthorised logins to online services and credit card information fraud.

 

UK–Japan synergy

The UK and Japan are working together in the areas of people, processes and technology, shared Capper.

 

Looking at people, in January, Japan joined the UK on the International Coalition on Cyber Security Workforces, an initiative to share expertise and experiences on training people in cyber security, he said.  

 

Schools in Japan have started to take part in the UK National Cyber Security Centre’s CyberFirst scheme, which encourages children and young adults to consider a career in cyber security through “a pipeline of interventions from primary school to apprenticeships.” In 2024, 235 students across seven schools in Japan took part in a competition that resulted in 34% of them stating they would consider a career in cyber security.      

 

Last year, five Japanese nationals undertook a cyber fellowship in the UK (Furukawa was among them) and another five from the country are scheduled to join in 2025. 

 

Reflecting on her fellowship experience, Furukawa praised the UK’s public–private partnership ecosystem for “promoting cyber resilience.” Frameworks such as regulatory standards, obligations, procurement requirements and certification, along with bills such as the Cyber Security and Resilience Bill, help enhance security measures for the private sector, including in critical areas like power and manufacturing. 

 

“The government also promotes the industry by supporting new businesses in cyber security, which has resulted in many new startups and research studies,” she said. This, in turn, has led to the development of cyber security consulting services and other initiatives such as Industry 100 (i100), which brings together public and private sector talent to challenge thinking, test innovative ideas and enable greater understanding of cyber security. 

 

The UK plans to continue to work closely with Japan in the area of public–private partnerships, as they are “critical to stopping cyber threats,” said Capper. 

 

On processes and technology, the UK is working closely with Japan on active cyber defence legislation, including by “sharing what the UK has done well and less well,” said Capper. It is also connecting companies from the UK and Japan so they can present joint offers to the Japanese government and others, but Capper admits that more can be done “in business to business collaboration, particularly on technology,” as Japan would need companies to develop technologies to aid any creation of active cyber defence capabilities.

 

In closing, Katayama said the strong UK–Japan ties on cyber security are possible thanks to the establishment of trust built by individuals and one-on-one relationships over years, and encouraged all in the private and public sectors to continue to work together for a safer online environment. 

cyber threats.in January 2024, is further enhancing the bilateral relationship in the cyber domain, she said.