The number of cyber attacks in Japan has increased significantly in the last couple of years, and Japanese organizations are starting to take notice.
In this article, I will go over the latest Japan cybersecurity statistics, including the key cybersecurity incidents around the country, Japanese firms’ reactions to cyberattacks, and the state of the country’s cybersecurity market.
Top 6 Japan Cybersecurity Statistics (Editor’s Pick)
- As of December 2022, 21% of Japanese Internet users have experienced cybercrime.
- 58% of Japanese cybersecurity incidents in 2022 resulted in data loss.
- Japanese police investigated 12,369 cybercrime cases in 2022.
- The Japanese cybersecurity market was valued at $6.4 billion in 2021.
- Japanese corporate InfoSec market was valued at ¥1.07 trillion in 2021.
- 35% of Japanese firms expect major cybersecurity recruitment challenges in 2023-2024.
Japan Cybersecurity Incidents Statistics & Facts
1. The top cybersecurity threat in Japan in 2022 was phishing and whaling.
Unpatched vulnerabilities and flaws in the supply chain were the other two most acute cybersecurity challenges in Japan in 2022.
2. In September-November 2022, 8% of all cyberattacks worldwide targeted Japan.
The overall majority of global cyberattacks (65%) during that period targeted the United States.
3. 95 Japanese Internet users were hurt by stalkerware in 2022.
The Asia-Pacific (APAC) region had 3,187 stalkerware victims in total.
Japan was in eighth place. India led with 1,807 stalkerware victims.
4. As of December 2022, 21% of Japanese Internet users have experienced cybercrime.
The biggest amount of Internet users in APAC who experienced cybercrime came from India – almost 7 out of 10. For Japan, it was 2 out of 10 Internet users.
5. In 2022, 26% of Japanese cybersecurity incidents were caused by malware.
Here is a table illustrating the leading causes of Japanese cybersecurity incidents during that period:
|Type of Incident||Percentage|
6. In Q1-Q2 2022, Japan experienced 87% more ransomware attacks than the year before.
The country experienced 114 ransomware attacks with damaging impacts during that period. 52% hit SMEs, and 4% targeted hospitals.
7. 58% of Japanese cybersecurity incidents in 2022 resulted in data loss.
Here is a breakdown of the impact of cyberattacks on Japanese firms during that time period:
8. 36% of Japanese companies were concerned about ransomware.
Despite over a third of Japanese firms being concerned about ransom payments in Q1 of 2022, only 8% of firms paid ransomware payments.
9. 36.1% of Japanese companies suffered a cybersecurity attack in 2022.
80% of these Japanese companies were hit by cyberattacks in March 2022.
54% of the cyber attacks on Japanese businesses in 2021-Q1 2022 were attacks on small businesses and small-and-medium enterprises.
10. Over 33% of Japanese companies suffered targeted email cyberattacks in September 2020-September 2021.
5.6% of these companies were infected with a computer virus at least once as a result of these cyberattacks.
11. 146 ransomware cyberattacks in Japan were reported to the police in 2021.
Most of these reports (79) came from SMEs. A third (55) of all reported cases came from the manufacturing industry players, and five from hospitals.
12. Japanese police investigated 12,369 cybercrime cases in 2022.
3,304 of these cases were Internet scams. 230 attacks were ransomware attacks – 84 more than in 2021.
Japan Cybersecurity Incidents by Industry
13. In 2021, Japanese government agencies suffered a cyberattack originating from Fujitsu software.
Fujitsu software ProjectWEB, used by different Japanese ministries and the Narita Airport, was attacked by hackers in May 2021. As a result, 76 thousand emails were accessed through the software.
14. Japanese government suffered a series of cyberattacks in September 2022.
20 Japanese government websites and the country’s e-Gov portal were attacked by the Killnet hacking group. The attacks were believed to be of a DDoS nature.
15. Hackers targeted Japanese politicians before the 2022 House of Councillors election.
The MirrorFace hacking group targeted members of a Japanese political party in June-July 2022 through a spearphishing email campaign. The campaign intended to steal politicians’ data and documents and deliver brand-new malware.
16. Japan managed to prevent 450 million cyberattacks during the Tokyo 2020 Olympics.
The Olympics, which took place in the summer of 2021, were a target of many cyberattacks, including phishing and malware. None of the 450 million attacks were successful.
17. A city contractor in Amagasaki lost a USB drive with the personal data of 460 thousand residents.
In June 2022, an employee of a government contractor in the Japanese city of Amagasaki negligently misplaced a USB drive with names, birthdates, addresses, and tax records of the city’s entire population. No data leaks resulted from the incidents.
18. A hospital on Shikoku Island suffered a cyberattack in October 2021.
The Tsurugi Municipal Handa Hospital on the Japanese island of Shikoku was hit by a ransomware attack. The attackers demanded $60,000. The hospital resumed medical care in January 2022.
19. Toyota's supplier suffered a cyberattack in February 2022.
The cyberattack on Kojima Industry Corporation in the winter of 2022 caused Toyota to suspend its production at 14 Japanese plants for a day. The potential impact was a loss of 13 thousand cars that would have otherwise been produced.
20. Panasonic Japan suffered a cyber attack in June-November 2021.
In November 2021, the Japanese tech company disclosed the breach, in which sensitive customer and employee information was accessed on the server.
21. Murata Manufacturing suffered an employee-induced data breach in June 2021.
In June 2021, an employee of the Japanese IBM subcontractor Murata Manufacturing Co., Ltd, downloaded over 72 thousand documents from the company server containing personal data of employees and partners. They then uploaded the documents to an external Chinese cloud service.
22. A Japanese power tools & machinery manufacturer suffered a Babuk ransomware attack in May 2021.
Japanese company Yamabiko was hit by Babuk ransomware.
0.5 TB of company data, including employee and product data, was stolen and leaked as a result.
23. In March 2022, a data breach in a Japanese candy company affected 1.6 million customers.
The third-party breach at the company Morinaga came from unauthorized access. Customer details such as names, addresses, buying histories, and emails were leaked as a result.
24. A Japanese fishing retailer suffered a data breach in 2022.
Atsugishi Fishery Cooperative’s e-commerce store Auroko was infected by Emotet malware in the summer of 2022. As a result, the emails exchanged between the store and the customers, including customers’ personal data, were leaked.
25. Japanese beauty retailer Acra suffered a cyber attack, exposing over 100 thousand payment methods.
The data breach occurred across two Acra e-commerce websites in February 2022.
The records of over 190 thousand cards used to pay for its products between May 2020 and August 2021 were stolen.
26. A Japanese shipping company suffered two cyberattacks in 2021.
The company Kawasaki Kisen Kaisha, or “K”-line, experienced a cyberattack in March 2021 and another in June 2021. Both attacks granted unauthorized access to an overseas subsidiary system of the company, inducing a malware infection.
27. A Japanese transport company was hit with ransomware in June 2022.
Sumiwa Koun Co., Ltd.’s systems were infected with ransomware.
It was not possible to determine how much data, if any, was leaked as a result.
No ransom was paid.
28. A Japanese airport fuel company suffered a ransomware attack in June 2021.
Japan Airport Refueling was hit by ransomware and received a demand for a ransom payment in cryptocurrency. There was no impact on the company’s operations.
29. Two Japanese insurance companies suffered cyberattacks in January 2023.
Zurich Insurance Co. and Aflac Life Insurance Japan Ltd had a data breach at the start of 2023, caused by a file transfer server vulnerability. The breach resulted in the theft of over 2.6 million customer records. The data was posted on the dark web.
30. Japan’s most popular dating app suffered a cyberattack, exposing 1.7 million accounts.
The dating app Omiai, used by over 6.8 million people, was hacked, exposing customer data, including passports and insurance cards. No payment data was exposed.
Japan Cybersecurity Market & Revenue Statistics
31. The Japanese cybersecurity market was valued at $6.4 billion in 2021.
It is expected to reach $38.9 billion by 2030 with a compound annual growth rate (CAGR) of 22.6%.
32. Japanese corporate InfoSec market was valued at ¥1.07 trillion in 2021.
This market consists of corporate InfoSec tool market and corporate InfoSec services market.
Here is a table illustrating the markets’ projected growth by 2028.
|Market Segment||Value in 2021, ¥||Predicted Value in 2028, ¥|
|Corporate InfoSec Market Overall||1.07 trillion||1.27 trillion|
|Corporate InfoSec Tools Market||545 billion||577 billion|
|Corporate InfoSec Services Market Including SaaS||524 billion||693 billion|
33. Japan’s biggest cybersecurity company made ¥223.8 billion in 2022 in Japanese sales.
Trend Micro – the biggest Japanese cybersecurity company – made ¥21.1 billion (approximately $161.5 million) in Q4 of 2022 from its sales in Japan.
Adoption of Cybersecurity Solutions in Japanese Companies - Statistics & Trends
34. In 2022, Japanese firms had the second-highest percentage of cybersecurity spending in APAC.
12.3% of the technology budget was spent on cybersecurity by Japanese firms.
The Philippines emerged as a leader in cybersecurity spending in the Asia-Pacific (APAC) region, with 13.3% of the technology budget allocated to the issue.
35. Boards of 35% of Japanese companies understood cybersecurity challenges “moderately well” in 2022.
Most of the boards in the region (44%) only understood cybersecurity challenges “a little.” Only 8% of the boards understood them “very well.”
36. As of September 2021, over 98% of Japanese firms installed cybersecurity measures.
Most of them (83%) had antivirus software installed on corporate devices.
61.5% of businesses had antivirus solutions installed on their servers.
37. 69% of Japanese firms invested in cybersecurity hardware and software tools.
Here is an overview of other measures Japanese companies took in 2022 to mitigate cybersecurity risks:
|Migration to the cloud||62%|
|Increased the cybersecurity budget||53%|
|Outsourcing cybersecurity functions||41%|
|Investing in cybersecurity insurance||39%|
|Hiring cybersecurity experts||33%|
|External cybersecurity experts||30%|
38. 35% of Japanese firms expect major cybersecurity recruitment challenges in 2023-2024.
For India, the figure is 29%. The top three skills prioritized by Japanese firms in cybersecurity recruitment are employee training, software vulnerability testing, and staying on top of the latest threats.
39. Operational disruption and reputational damage were the key cybersecurity concern of directors of Japanese firms in Q1 2022.
Here is a breakdown of the Japanese boards of directors’ biggest cybersecurity concerns in Q1 2022, compared with the global statistics.
|Board of Directors’ Primary Concern||Percentage of Japanese Directors for Whom It Was a Primary Cybersecurity Concern||Percentage of Directors Globally for Whom It Was a Primary Cybersecurity Concern|
|Not retaining current customers||36%||35%|
|Effect on company valuation||34%||36%|
22% of Japanese workers received video materials about cybersecurity on the subject of returning to work in 2021. 3% of employees had their employer conduct live workshops on the subject in 2021.
Are Cybersecurity Concerns a Major Issue in Japan?
Cyberattacks seem to be increasing worldwide, and Japan is no exception.
It suffered a lot of attacks in 2021 and 2022, including ransomware, malware, and human negligence nature.
As a result, over 90% of Japanese companies are implementing some sort of cybersecurity measures. And the Japanese cybersecurity market is growing at a high CAGR of 22.6%.