Risk Management
Risk Management
Basic Approach
The business environment surrounding the Casio Group is changing rapidly. In order to respond quickly to these changes amid increasing uncertainty, Casio must identify signs of risks that may affect the Group’s business on a global scale and take the necessary measures quickly.
Casio pursues risk management under the basic policy to predict risks, implements preventative measures to minimize potential losses, and, if losses are incurred, takes effective follow-up measures to ensure business continuity. In addition, Casio has established the Casio Business Conduct Guidelines, which specifically outline important codes of conduct for executives and employees of the Casio Group in implementing the Casio corporate creed of “Creativity and Contribution” across the company’s businesses. Casio works to ensure that executives and employees comply with laws and regulations and engage in appropriate conduct from an ethical perspective based on the guidelines and strives to foster a culture of integrity.
Internal Control Committee
The Internal Control Committee carries out groupwide management of functions related to internal control, including risk and crisis management, compliance, and information security, to establish and operate the mechanisms and management structure for specific purposes needed to achieve management objectives.
At the global level, the Committee takes stock of all types of risks, confirms and supervises the response policies and operational systems related to the Group’s overall internal controls, and deliberates and decides on specific responses to issues that need to be addressed.
In addition, the Committee reports on the status of internal controls to the Board of Directors on a regular basis, and if it discovers any significant deficiencies during its activities, it reports to the president and the Board of Directors as needed and discusses responses.
The Internal Control Committee is positioned within the business execution system in order to vigorously promote the purpose of internal controls, which is “appropriate, sound, and efficient management.” By making business operations visible and checking them in terms of appropriateness, soundness, and efficiency in collaboration with the Management Committee, the committee has established a system that can respond to various risks, including compliance-related risks.
Risk Management Structure
For risk prevention, the Group ensures that all organizations proactively recognize and assess risks and take risk mitigation activities on a daily basis in accordance with the Basic Risk Management Policy/Risk Management Regulations. Under the supervision of the Internal Control Committee, Casio works to visualize and centrally manage the status of group-wide risks and to minimize the impact on the Group’s business, with continuous monitoring by the Board of Directors.
Responding to Important Risks
In order to effectively conduct risk management, we predict various risks that may involve the Casio Group, and conduct global risk surveys to identify the frequency and impact of risks occurring and assess if appropriate measures are taken. In particular, Casio has identified risks including geopolitical risk and information security that affect the Group’s business as important risks, and it is implementing countermeasures.
1) Geopolitical Risk
In the course of engaging in business activities on a global basis, various risks are expected to arise due to the political and economic conditions in each region. Casio prepares appropriate measures to secure the supply chain and ensure the safety of employees after analyzing the level of impact when a risk arises in each aspect of business activities, including procurement, production, logistics, and sales.
2) Information Security
In addition to responding appropriately to the increasing number of information security incidents, Casio is continuously strengthening its information security management level, both in normal times (proactive measures) and in emergency situations (post-incident measures). We have established the Computer Security Incident Response Team (CSIRT) so that take rapid action in the case of an incident. While implementing technical measures within the Group backed mainly by the Information Technology & Engineering Department, we are working on defining rules and conducting education among employees.
Business Continuity Plan (BCP)
In order to respond to emergencies with the resources of the company organization, Casio has created a Crisis Management Manual for securing the safety of all employees, executives, and their families, preserving corporate assets.
Casio is also working to strengthen its business continuity plan (BCP). In the event of a major disaster, Casio establishes a Business Continuity Task Force and conducts an emergency response based on the Business Continuity Manual to continue providing products and services to countries around the world. In doing so, we aim to live up to the trust of our business partners and customers by minimizing damage and quickly restoring business operations.
From the standpoint of corporate responsibility to society and local communities, we also consider contributing to disaster response and recovery efforts, as well as cooperating with national and local government disaster prevention and mitigation measures.
Information System Disaster Response Measures
Casio expanded its remote work system as a measure to control the spread of COVID-19. Meanwhile, it is more important than ever to build system infrastructure for supporting business continuity in natural disasters such as earthquakes, typhoons, and torrential rain. In addition, the stable operation of IT systems for business continuity is also becoming increasingly important with the digital transformation (DX) of business.
In this context, Casio employs a cloud environment and robust external data centers with quake-absorbing structures and in-house power generation as measures for ensuring business continuity. These measures ensure construction and operation of systems that can flexibly and quickly respond to business changes while ensuring the safety and availability of important servers.
Moreover, while ensuring information security, particularly in the communication environment (portal site for employees, e-mail, online meetings, etc.), the company uses external services for BCP measures.
Information Security
Casio strives to appropriately manage and handle all of its information assets, including information that it collects from customers and suppliers. Casio has articulated information protection rules along with its Information Security Rules and implements regular education for employees to continuously raise awareness of information security and ensure the implementation of safety measures. Additionally, Casio has established an organizational structure to ensure compliance with laws and regulations on privacy protection outside Japan, including the EU’s General Data Protection Regulation (GDPR), which covers the handling of personal information of European users. We are also strengthening measures to respond to the increase in cyber-attacks due to recent changes in international circumstances.
Management System
Casio has established “strengthening information security” as one of its material issues and is taking various measures to address it under an implementation system headed by the president. The Information Security Committee, chaired by the general manager of the Digital Innovation Headquarters and composed of members selected from each department, ensures the consistency and effectiveness of group-wide information security measures.
The Internal Control Committee, in which the representative director and general managers of business headquarters participate, regularly deliberates on the progress of initiatives, and important matters are reported to the Board of Directors after being discussed and decided at the Management Meeting.
Initiatives to Protect Personal Information
Casio regards protecting the personal information of all stakeholders as a crucial responsibility. We have established a Privacy Policy and work to ensure the awareness and education of executives and employees. In light of the large-scale cyber-attack we suffered in 2024, we have strengthened our measures both in terms of technology and organization, including the introduction of a 24-hour monitoring system, zero trust security (a security model that always verifies every person and device seeking access), and endpoint and extended detection and response. We continue working to strengthen the protection of personal information through regular education and audits, including at group companies.
Education and Awareness Raising
For information security, in addition to technical measures, it is important that each and every person who handles information has knowledge about the safety measures required and remains constantly aware of these measures in their actions. Every year, Casio conducts regular training using e-learning for all executives and employees. We structure the content of training to cover information security in general, protection of personal information, and other compliance-related issues in a timely manner in light of changes in the social environment and Casio’s business, thereby enhancing the training effectiveness.
Initiatives to Prevent Information Leakage
In view of the serious incident that occurred in fiscal 2025, Casio fundamentally reconstructed its global security systems to prevent recurrence. As the key measure, we newly established the Global Security Operations Center (GSOC) to monitor and respond immediately to threats globally 24 hours a day, 365 days a year. We are also ensuring that we prevent recurrence by continuing targeted attack email training and education for system managers and raising the security awareness and response capabilities of each and every employee. In addition, we have taken strict organizational measures, which include a pledge not to remove information devices from company premises, restrictions on sending email outside of the company, and the creation of rules on how to dispose of information.
We have worked to further strengthen technical security measures by having the GSOC monitor unauthorized access to websites and suspicious communications on internal networks, thereby upgrading our measures against external attacks, including malware infection via targeted attack emails or phishing emails, which have occurred in recent years. In addition, considering the diversification of workstyles, such as working from home and the growing use of cloud services, as well as changes in the IT environment, we are deploying multi-layered defenses. This includes implementing a zero trust network architecture, with security measures for PCs and other devices used by employees and prohibitions on the use of password-protected compressed files, which can be a hotbed for malware infection.
Targets and Action Plan
Casio takes the security incident which occurred in the previous fiscal year seriously. We have revised our targets and KPIs for fiscal 2026, and we will continue working to enhance our information security system and its transparency.
Evaluation ◎: All targets met, ○ : Most targets met, △ : Remaining issues outweigh results, × : No progress made
| FY2025 Targets and KPIs | FY2025 Performance | Evaluation | FY2026 Targets and KPIs |
|---|---|---|---|
Maintain ISMS certification*1 |
Maintained ISMS certification |
◎ | ・Introduction rate of Security Operation Center (SOC): 100% ・Implementation of third-party audits: 100% ・Participation rate of employees in cybersecurity training: 100% ・Participation rate of system managers in security training: 100% ・Number of phishing email drills: At least four times ・Number of annual security exercises: At least once |
| Introduction rate of zero trust networks at group companies: 60% | 68% | ◎ | |
| Participation rate of domestic and overseas employees in basic security training: 100% | 100% | ◎ | |
| Participation rate of system managers in specialist security training: 100% | 90% *100% as of April 2025 |
〇 | |
| Implementation of cybersecurity drills*1: At least once | Once | ◎ |
*1 Non-consolidated target for Casio Computer Co., Ltd.
Information Security Certification and Initiatives
Casio has focused on established a system for prioritizing the protection of personal information, publicly disclosed its Privacy Policy on its website, and remains committed to the safe and appropriate handling of personal information. In December 2005, Casio Computer Co., Ltd. obtained Privacy Mark*1 certification and has maintained it since.
Casio’s Information Systems Department obtained information security management system (ISO 27001)*2 certification in November 2007. In February 2023, the certification was renewed, with the scope of certification expanded to include the entire Digital Division (current name: Digital Innovation Headquarters) in response to the further advancement of digitalization.
In March 2025, Casio completed the audit to transition from ISO 27001: 2013 to ISO 27001: 2022.
JQA-IM0536
Scope of application/operations for ISO27001 certification
Digital Division (current name: Digital Innovation Headquarters), Casio Computer Co., Ltd.
Planning, development, maintenance and operation of internal information systems supporting the manufacture, sale and service operations for electronic devices at Casio Computer Co., Ltd. and each group company, and the development, maintenance and operation of network infrastructure for the Casio Group
*1 Privacy Mark: A program where the Japan Information Processing Development Corporation, a public-service foundation, evaluates the adequacy of corporate protective measures related to the handling of personal data. Companies that are found to have adequate protective measures in place are certified and permitted to display the Privacy Mark.
*2 A program whereby a company establishes a system for using, maintaining, and protecting information within the applicable scope (e.g., business, locations) based on international standards for information security management systems, and a certification body conducts audits of the system and issues certifications.
Stable Supply of Products
Approach to Stable Product Supply
Approach to Stable Product Supply Delivering a stable supply of products is one of the most important responsibilities of a manufacturer and is essential to ensuring customer satisfaction and loyalty.
Casio aims to optimize the innovation process by leveraging its robust platforms for purchasing and manufacturing technologies. This enables Casio to strengthen resilience for the stable supply of high-quality products and to provide the market with products at reasonable prices, thereby improving customer satisfaction.
Policy on Provision of a Stable Supply of Products
Plan and implement strategies to ensure optimized production
We plan and implement “site strategy,” “technology strategy,” and “investment strategy” to build an optimal and stable supply chain.
Pursue improvements in speed and efficiency in the production and sales processes
We take an overall view of the entire supply chain linked with the engineering chain and pursue improvements in speed and efficiency daily to constantly optimize production, sales, and inventory from the customer’s perspective.
Supply Network Is Highly Responsive to Changes in Demand
During the current fiscal year, the demand and procurement environments are undergoing dramatic change amid the U.S. reciprocal tariffs issue and escalating geopolitical risks.
Casio aims to optimize production, sales, and inventory without being constrained by conventional role divisions and systems. Specific initiatives include supply chain and engineering reforms for the post-COVID era.
- Supply chain reform (Optimize production, sales and inventory with the minimum amount of resources and staff)
- Promote automation of operations (reduce steady-state operations)
- Introduce production linked to real demand (PSI linked, inventory reductions)
- Optimize/introduce IT for functions of production and management sites (procurement, manufacturing, logistics)
- Engineering reforms (Raise product value and achieve competitive advantages in QCD)
- Make costs and processes for product planning/development through manufacturing visible and seamless
- Strengthen PLM (raise profitability after commercialization)
- Achieve zero-defect, ultra-low-cost design and manufacture
- Sustainable supply of products
Casio seeks to increase the value of its products by actively adopting components and materials intended to contribute to a sustainable society, such as solar-powered components, renewable materials, and biomass plastics.
Diversifying Production Risk and Producing Core Components In-house
Casio maintains a stable supply of products by having each production site manufacture multiple product items, and by ensuring that two different sites can produce any given Casio product.
The company is also increasing the internal production of components in order to protect newly created technologies and to reduce parts procurement risk.
Production sites for individual products
*Updated on January 7, 2026