Information Security and Personal Information Protection
Promotion System
The Yamaha Group recognizes that information security and personal information protection are important management tasks. We therefore take steps to ensure the appropriate management and protection of all personal and other information and information assets in the possession of the Group.
To advance measures to this end, the Working Group for Information Security, which is chaired by an executive officer, has been established under the Risk Management Committee, an advisory body to the president. Also, in accordance with the Group IT Policies & Rules and the Group Personal Data Protection Policies & Rules, the status of compliance with relevant regulations is monitored, reports on incidents are compiled, and potential work improvement measures are examined.
In addition, the Yamaha Group appoints individuals responsible for supervising information security and the handling of personal information on a Groupwide basis, and individuals responsible for managing these tasks are named for specific Group companies. The Group is also promoting the appropriate protection and use of information and has established a system to respond quickly during incidents such as information leaks.
Should an information security incident occur, Yamaha Group rules stipulate that the assigned information management representative of the organization affected by or that detected the incident shall report to the IT Management Division of Yamaha Corporation or the appropriate Group company. Upon receiving such a report, the IT management division in question is to coordinate with the relevant divisions to minimize and prevent the spread of damages and work to quickly resume operations.
In the case of a serious information security incident, the relevant IT management division will promptly report to the appropriate officer, and, if necessitated by the incident, a Risk Countermeasure HQ led by the president will be set up to address the risk. In the event of a serious incident, the IT management division promptly reports the incident to the director in charge, and depending on the nature of the incident, a General Risk Management HQ headed by the president is established to deal with the incident.
Information Security Initiatives
The advancement of information and communications technology is increasing the risk of information leaks and damage. Meanwhile, leaks of important information in the possession of a company are serious incidents that can not only threaten to damage any third parties to which this information may relate but also undermine the trust of said company. As the usage and importance of information systems in business activities increases, greater concern is being directed toward the risk of information security incidents resulted from causes such as cyberattacks and computer viruses.
The Yamaha Group defines its basic IT management policies in the Group IT Policies & Rules, which delineate basic policies and rules pertaining to IT management. Based on these policies and rules, we seek to improve our security management systems to better protect against computer virus infections or damage to data due to unauthorized access to our IT networks. To this end, we monitor the status of our management systems and seek to identify vulnerabilities on websites and provide guidance on addressing such issues.
We are strengthening efforts to enhance awareness of employees through specialized training for divisions handling information assets and personal information. We also provide information security training for standard employees that covers topics such as information asset protection and information leak prevention. In 2020, we launched an information security e-learning program, which is now provided to all Yamaha Group employees worldwide. This program is regularly implemented to provide knowledge on information security threats, most notably email scams and virus attacks, as well as other cybersecurity information and information on response methods toward these threats.
Cybersecurity Initiatives
The usage and importance of information systems in business activities is constantly increasing. Should a cyberattack, computer virus infection, or other information security incident occur, the Yamaha Group could suffer more than damage to its information systems or alteration of its data; it could be subject to severe economic losses as a product of the resulting damages to its social reputation and brand value. Accordingly, such incidents have the potential to adversely impact the Group’s performance and financial position.
The Group IT Policies & Rules define basic policies and rules for IT management. These policies and rules guide the Working Group for Information Security in its efforts to improve our security management systems to better protect against virus infections or damage to data due to unauthorized access to our IT networks. Measures to this end include monitoring the status of our management systems and identifying vulnerabilities on websites and providing guidance on addressing such issues.
In 2024, members of Yamaha Corporation’s IT Management Division began visiting Group companies to conduct on-site monitoring to ensure that their security and IT management practices were in line with the Group IT Policies & Rules. These efforts are anticipated to facilitate the quick detection of and response to security and IT management deficiencies.
Information Security Incidents
In fiscal 2025, no serious information security incidents took place within the Yamaha Group. There were, however, numerous cases of security incidents involving loss or theft of personal computers, mobile phones, tablets, USB memory devices, or other IT equipment. To combat such incidents, the Group took steps to raise employees’ security awareness while sharing examples of incidents in hopes of preventing their recurrence and spreading awareness with regard to countermeasures and response methods.
Personal Information Protection Initiatives
The Yamaha Group possesses important information related to its management and businesses as well as personal information, such as that pertaining to its many customers. In the unlikely event that information is mistakenly leaked outside of the Group, it could not only damage any third parties to which this information may relate but also diminish the social reputation of the Group in a manner that could seriously impact its operations.
The Group IT Policies & Rules and the Group Personal Data Protection Policies & Rules define our basic policies for information management. Based on these provisions, the Working Group for Information Security endeavors to improve organization-wide security management systems. Specific initiatives to this end include efforts to identify weaknesses that may make websites susceptible to information leaks as a result of external attacks and provide guidance for addressing these weaknesses, monitor the status of management systems for preventing leaks from inside the organization, and conduct systematic training for improving employees’ security awareness.
Personal Information Customer Service Organization and Responses
Based on the personal information protection laws and regulations of the countries it serves, the Yamaha Group has set up a service organization regarding the personal information collected from its customers. The Group will respond to requests from customers or their proxies to disclose, change, delete, or stop usage of customer personal data held by the Group.
Customer Information Management Initiatives
The Yamaha Group manages personal information on a practical level out of consideration of information security based on the Group IT Management Standards, which detail policies regarding IT management as well as IT systems provisions for protecting personal information. Personal information is stored in a system with an auto-encryption feature. In the unlikely event of an information leak, the system is structured so that only authorized personnel can view or use the personal information for an added degree of security.
Incidents of Personal Information Leaks
In fiscal 2025, no serious incidents pertaining to personal information occurred within the Yamaha Group.