The Bridgestone Group has formulated a global IT security policy and is taking measures based on this policy in collaboration with IT security teams in each SBU.
In 2020, the Group conducted an initial assessment of its IT digital maturity to identify its long-term cyber security risk. In the same year, the Group strengthened IT security with e-learning programs for employees that address email and other technologies. The Group also regularly conducts internal audits to raise awareness of IT security among employees.
In 2021, there were no information security incidents that resulted in any damage. During the year, the Group enhanced cyber security based on the digital maturity assessment conducted in 2020. The WG also addressed cyber risks with the IT function and updated the cybersecurity criteria triggering reportable EARs.
To counter targeted attacks and other advanced cyber threats, the Group has established a global organizational structure to quickly respond to any IT security incidents. It has also been strengthening monitoring of its website security, networks and other systems, and improving its ability to detect suspicious emails.
In February 2022, Bridgestone Americas (BSAM) detected an IT security incident. The SBU responded by disconnecting affected systems from its network and working with external security advisors to identify the threat. As of March 17, it is understood that the incident was the result of an untargeted ransomware attack. Once BSAM was confident that it had contained the threat, it reconnected affected systems and resumed operations. The SBU has since been reinforcing its IT security to prevent recurrence.
In Japan, Bridgestone Corporation and its group companies take a systematic approach to IT security under the direction of the Chief Digital Officer (CDO) to prevent IT security incidents, including leaks of customer data and other confidential information. The company formulates corporate standards and rules on IT security, which are reviewed and revised to stay abreast of technological advancements and changes in IT risks. The company sets particularly strict standards for information systems that handle personal information.