The MS&AD Insurance Group will observe the laws and regulations for information security, and will continuously implement measures to strengthen information management. These measures include setting internal rules, upgrading system security, conducting thorough information management training for staff and agents, and taking steps to mitigate the risk of information leakage.
In order to proactively strengthen information security management to the entire group, we have established the "MS&AD Insurance Group Information Security Management Basic Policy."
In light of the importance of protection for personal information, and in the interest of compliance with related laws and regulations as well as proper handling of customer information, we have formulated the "MS&AD Insurance Group Basic Policy for Management of Customer Information" and the "MS&AD Insurance Group Basic Policy for Shared Use of Customer Information".
The holding company appoints the Group Chief Information Security Officer (CISO) to build a framework and enhance information security management. The MS&AD Group maintains a framework to detect threats to information assets and always understands changes in the external environment, such as those related to cybersecurity, to ensure information security and respond to emergencies quickly.
In accordance with the "MS&AD Insurance Group Basic Policy for Management of Customer Information", the domestic insurance companies in the Group determine guidelines and internal rules related to information management, and instate security initiatives. They also plan and operate programs for the education of employees and agents, and perform related checks and monitoring. In addition, they make arrangements for response in the event of incidents such as information leaks, take steps for prompt post-incident correction and recurrence prevention, and otherwise work for appropriate handling in this respect.
The holding company monitors the status as regards arrangements for information security management at domestic insurance companies in the Group, and reports of its findings to management. In addition, it applies the findings of its monitoring activities in its efforts to reinforce arrangements for information security management in the entire Group, through steps such as sharing of know-how with and provision of requisite support to domestic insurance companies in the Group.