Information Security
Basic Concept and Initiatives
The JVCKENWOOD Group considers incidents related to the confidential and personal information held by the Group to be a management risk that could severely impact numerous stakeholders, including customers, and are reinforcing its cybersecurity system. The group employees perform their day-to-day duties keenly aware of the importance of information management, ensuring that they comply with laws and regulations on information security and personal data protection at all business locations in Japan and other countries. We are also making ongoing efforts to build a stronger information management system by enhancing system security, providing thorough information management training to employees, and reducing the risk of information leaks with an eye to bolstering information security management across the Group.
We are developing connections to external networks that contain the same safe work environment as within the Company. We are reinforcing various security countermeasures through efforts including the regular implementation of information security training and drills, the tightening of access restrictions to internal systems, and the introduction of multifactor authentication.
In addition, that includes ensuring the security of networkable products in order to prevent falsification or leakage of information as well as malicious third-party attacks that are intended to cause malfunctions (see Product Quality & Safety page for more information). Some of our business sectors (e.g., Public Service Sector) and group companies (e.g., JVCKENWOOD Creative Media Corporation) have obtained the ISO/IEC27001 certification, and we will be recommending other group companies to acquire such certification as needed.
JVCKENWOOD Group’s comprehensive policy on information security
JVCKENWOOD Group Basic Policy on Information Security
Policy on JVCKENWOOD Group’s information assets
JVCKENWOOD Group Privacy Policy
Information Security Management System
The JVCKENWOOD Group is building and reinforcing its information security system in line with its Basic Policy on Information Security by formulating rules on information management, implementing relevant measures, and providing employee training. At the same time, we remain aware of changes in the external environment and threats to our information assets as we build a system that enables us to ensure information security and quickly respond to such changes and threats. The Corporate Information Security Committee is chaired by the CEO and the Chief Information Security Officer (CISO), has the JVCKENWOOD Central Incident Response Team/Coordination Center (JK-CIRT/CC) positioned under the CISO as its secretariat, and carries out its duties under the guidance and supervision of the Board of Directors. It meets regularly and assesses information security risks in order to maintain an information security management system, monitor its operation, and implement necessary measures. Specifically, we have consolidated information systems on an integrated server, we conduct drills to counter targeted attacks from external sources, and we maintain a Computer Security Incident Response Team (CSIRT). To ensure product security, we adhere to the Basic Policy on Product Security across the Group, promote Security by Design (SBD), and maintain a Product Security Incident Response Team (PSIRT).
These initiatives will, through collaboration with the Legal & Compliance Office (which is the secretariat of the Company-wide Risk Management Committee), strengthen information security governance in a comprehensive manner.
We will be monitoring new legislation and social needs as we address this issue company-wide to ensure that our customers can use our products/services with peace of mind. In addition to collecting and analyzing information on information security on an ongoing basis and taking necessary measures, we have a system in place that enables us to respond quickly to incidents, such as information leaks. We have set up a task force consisting of a risk management officer, information security officer, and other personnel as necessary. In this way, we ensure that security incidents are responded to appropriately by minimizing their impact while developing recovery and preventive measures, etc.
Cybersecurity System of the Comapany
Information Security Initiatives
Initiatives for Personal Data Protection
We have been working to protect personal data under the JVCKENWOOD Group Personal Data Protection Policy. We have long recognized the importance of protecting the personal data of customers, business partners and employees, but public demands in this regard have recently become even more stringent.
Against this backdrop, the JVCKENWOOD Group is working with related divisions to ensure that personal information of users of our products and services is not used inappropriately, and is implementing safety management measures for personal information in accordance with the Personal Information Protection Law, which was revised in 2022. One incident concerning information security occurred in FY2024. Please see the news release "Damage Due to the Hijacking of the MAGICAL JUKE BOX YouTube Channel" for details. This incident has been resolved, but we will continue working on to upgrade response capabilities to prevent recurrence as well as to strengthen the management structure and spread awareness regarding the handling of personal information such as on social media accounts.
Information Security Training
The JVCKENWOOD Group regularly conducts information security training for our employees in Japan. This training is implemented as simulation for targeted e-mail attacks and as programs for general employees, PC advisors, and new employees, respectively. In FY2023, the participation rate for security training for general employees was 91%.
Also, various types of information security training have been implemented. In FY2024, IT security training and targeted email training were provided as a priority to overseas sites which have a high risk of being attacked, and then within Japan in June 2025. The participation rate was 95% both in Japan and overseas.
We hope to make more employees aware of the need for such training and create workplace environments that facilitate participation of training. We are determined to reduce the percentage of employees opening suspicious e-mails and improve the training participation rate.
To promote these initiatives, we had backcasted from our vision in 2030 and set the following Key Performance Indicators (KPIs) to manage progress.
| Theme | KPI | |||||
|---|---|---|---|---|---|---|
| No. | Plan/Achievement | FY2023 | FY2024 | FY2025 | FY2030 | |
| IT security training attendance rate | ① | Plan | 94% or more(Domestic) | 95% or more(Domestic) | 95% or more(Domestic) 50% or more(Overseas) |
96% or more(Domestic) 75% or more(Overseas) |
| Achievement | 91%(Domestic) | 95%(Domestic) | ||||
| Targeted email training (attendance rate for training for email openers) | ② | Plan | 94% or more(Domestic) | 95% or more(Domestic) | 95% or more(Domestic) | 96% or more(Domestic) |
| Achievement | 95%(Domestic) | 95%(Domestic) | ||||
Participation in information security-related initiatives
The JVCKENWOOD Group participates in the Personal Data Protection Committee under the auspices of JEITA (Japan Electronics and Information Technology Industries Association). This committee exchanges views with opinion leaders and makes recommendations to government agencies with the aim of creating a business environment that promotes the creation of new businesses and services and the revitalization of existing industries from the viewpoint of protecting personal information and giving consideration to privacy in Japan and overseas.
For more details, please refer to Personal Data Protection Committee (Japanese only)
