Amid the rapid changes in the environment surrounding companies, information technology (IT) has formed an important field that is closely linked to management strategy. At the Dai-ichi Life Group, we have developed an IT strategy that is in line with the Group’s management strategy and we pursue our initiatives under this strategy, aiming to accurately understand the era of rapid change and achieve sustainable growth.
While IT has an increasing impact on management, achieving the management strategy requires that we control the use and application of IT appropriately to maximize the value provided by IT for business while minimizing its risk.
At the Dai-ichi Life Group, we are establishing a Group IT governance system by adopting COBIT5*, a global IT governance standard, to reliably support the Group’s global management and enable the sustainable provision of value to customers all over the world.
We established the Group IT Governance Basic Policy, under which we share the direction of the IT governance system to be established based on COBIT5, internally within the Group. Based on our focus on IT governance, we exchange opinions about IT initiatives and share information about them, aiming to create synergy between Group companies inside and outside Japan and utilize IT in a way that contributes to our global management. We also hold an annual conference of people responsible for IT from domestic and overseas life insurance companies of the Group to discuss joint initiatives within the Group and other topics, while respecting the business characteristics of each Group company.
COBIT5: A global standard framework for IT governance that is advocated by the Information Systems Audit and Control Association and the IT Governance Institute of the United States. Every year, we conduct our own conformity assessment in line with the framework, incorporating the views of independent external organizations.
Cyber Security Measures
At the Dai-ichi Life Group, we aim for a further evolution in the areas of people and organizations, processes, and technologies, so as to protect the information assets of the Group from cyberattacks, which grow more sophisticated with each day, and continue to deliver a sense of security, safety, and stability to our customers and other stakeholders.
We established the "Cybersecurity Policy for Dai-ichi Life Group", under which Group companies share specific matters for promoting cyber security. For our information systems, we take action against new threats as needed, such as combining multiple systems to detect unauthorized access, viruses, and other threats to protect from them. In addition, we cooperate closely with external organizations in an effort to share and utilize security information and optimize the cyber security measures for the overall Group, including overseas Group companies engaged in the life insurance business.
We also established the "Rules on Handling of Cyber Incidents" in the Group to strengthen our cyber incident response system. We set up a Computer Security Incident Response Team (CSIRT), which consists mainly of full-time members with a high level of expertise. This team engages in activities for strengthening the cyber security of the Group, such as response training for all officers and employees assuming an attack.