Risk Management

Governance

In the NYK Group's Liner Trade Business, Air Cargo Transportation Business, Logistics Business, Automobile Business, Dry Bulk Business, Energy Business, and other businesses, a wide variety of social factors such as economic and political conditions, environmental regulations, safety and security systems, natural disasters, and technological innovation in various parts of the world have the potential to impact on the Group's business and business performance.
The Group defines risks as "uncertainties that could affect its achieverment of continuous growth." The Group strives to prevent the occurrence of risk by establishing a risk management system based on the Risk Management Policy and Risk Management Rules to identify, evaluate, and formulate policies to deal with risk. In the unlikely event that a risk should occur, we will strive to avoid or reduce the risk by addressing matters that may affect human life first, while at the same time obtaining information on all risks in a timely and appropriate manner, preventing the spread of damage, and promptly restoring operations.

Enterprise Risk Management (ERM)

In accordance with its risk management policy and rules, the Group convenes twice yearly meetings of the Risk Management Committee, which assesses and receives reports regarding progress in managing critical risks that could have a significant impact on the Group's business management and reports findings to the Board of Directors. Chaired by the president and comprising chief executives and the deputy chief executive of the ESG Strategy Headquarters, the Risk Management Committee identifies critical risks based on qualitative and quantitative evaluations of the business divisions, which have the best understanding of the essential nature of the business, and reports from each headquarters, determines the headquarters responsible for advancing countermeasures for each critical risk, and promotes risk reduction activities for the entire Group.

Risk Management System

Most Critical Risks and Critical Risks

Each year, the Risk Management Committee identifies the most critical risks among the critical risks as risks that could have a significant impact on the continuity of the Group's businesses. These include compliance risks, major accidents and other operational risks, cyber risks, and risks related to damages caused by natural disasters and measures to mitigate climate change. In addition, critical risks that could significantly affect the Group's business management include strategic risks, market fluctuation risks, operational risks, financial and accounting risks, and human rights risks, as well as risks from infectious diseases such as COVID-19.

Risk Map

Information Security

The NYK Group continuously reinforces multilayered defenses in readiness for cyberattacks, which are becoming more sophisticated and diverse. However, given that the perfect defense is infeasible, the Group is also developing countermeasures focused on cyber resilience, thereby enabling rapid recovery from damages. Moreover, the Group is putting in place "zero trust" countermeasures, which are not reliant upon the boundary defenses of the networks used when introducing cloud computing or telecommuting.
Specifically, the Group will introduce security functions such as a multi-factor authentication (MFA) system and an endpoint detection and response (EDR) system to the entire Group, while introducing cloud systems to reduce risks caused by malfunctions or disasters as well as a global security operation center (GSOC) to monitor IT equipment on land and at sea worldwide around the clock 365 days of the year. These systems are designed to minimize damages by rapidly detecting and countering hacks.
Further, in regions worldwide the Group has established computer security incident response teams (CSIRTs) that coordinate with each other globally. By promptly sharing and managing information not only with IT departments but also with other departments when an incident occurs, the teams underpin a system that enables the members of senior management to make decisions appropriately. On the governance front, the Group regularly updates its information security regulations to respond to new technologies such as AI and works to ensure security by sharing said regulations throughout the Group.
All of these initiatives rest upon the foundation of Group employees' security literacy. To increase this literacy generally, for Group companies in Japan and overseas, we are regularly conducting (1) e-learning using an education platform, (2) cyberattack countermeasure drills, and (3) global security assessments.

Emergency Response

To fulfill its social role in supporting the supply chain, even in the event of a natural disaster (earthquake, flood, infectious disease, volcanic eruption of Mount Fuji etc.), the NYK Group has established a business continuity plan, or BCP.
In response to diversifying work styles in the wake of the novel coronavirus pandemic, we are building a system that enables employees to work from remote environments through the provision of IT equipment and other measures. We have also developed and distributed our own cell phone application for disaster preparedness to facilitate communication and speed up initial response in the event of an emergency, and have put in place systems and mechanisms to ensure a certain level of business continuity.
Since the establishment of the BCP document in 2006, we have been improving and expanding the content of the document every year, and will continue to improve the effectiveness of the BCP by regularly checking and revising its content, etc. We will also continue to conduct employee-participation drills and BCP lectures at training sessions for new employees in preparation for emergencies to ensure that all employees have a common understanding of the BCP and are able to implement a highly effective BCP.

Continuing Serious Emergency Response Drills

NYK conducts serious accident response drills on vessels every year. The type and size of vessel, accidents, and troubles are changed during each drill so that we can take appropriate action in the event of an actual accident. The drills are conducted with the cooperation of various stakeholders, including government agencies and customers, and include practical measures such as setting up a crisis management headquarters after an accident, notifying relevant parties, rescuing injured persons, and disclosing information through press releases as the situation develops. Through the drills, we reaffirm the importance of prompt and accurate information disclosure to society.