Market Intelligence
Information and Communication Technology Cybersecurity Japan Trade Development

Japan Cybersecurity

Japan’s 2025 cybersecurity threat assessment underscores rising demand for advanced threat intelligence, supply chain security, and resilience solutions—areas where U.S. firms hold strong competitive advantages. As Japanese government and industry increasingly prioritize defenses against state-sponsored attacks, ransomware, and supply chain vulnerabilities, U.S. cybersecurity companies have opportunities to expand partnerships, provide technical solutions, and deliver services tailored to Japan’s evolving cyber threat environment.

On January 30, 2025, Japan’s Information-technology Promotion Agency (IPA) released its Ten Major Threats 2025 report. IPA, an independent agency founded in 1970 (now situated within Japan’s Ministry for Economy, Trade and Industry), analyzes technology trends across IT sectors and on an annual basis selects threat types from cybersecurity incidents considered to have the most significant impact. To select its ten major threats, approximately 200 IPA committee members—including information security researchers and IT business professionals—convene to discuss threats and cyberattacks that have occurred in Japan and overseas. IPA’s findings are considered by Japanese government and industry to be a key indicator of information security threats that must be addressed with priority.

IPA’s top threats for 2025 include ransomware, attacks exploiting supply chain weaknesses and system vulnerabilities, information leakage by internal fraudulent acts, and attacks targeting the environment and remote workers. Most notably, IPA listed attacks stemming from geopolitical risks in its Ten Major Threats 2025 report for the very first time.  Recent examples include the June 2024 MirrorFace attacks targeting Japanese universities, think tanks, and media, as well as the October 2024 attacks on local Japanese governments and transportation systems to protest U.S.-Japan military cooperation.  Both of these incidents are believed to be nation state-sponsored or sanctioned.

As the number of sophisticated state-sponsored attacks continues to increase, IPA’s report urges Japanese organizations to review their security measures and implement more robust defenses. Given IPA’s influence and the emphasis place on its annual threat report, CS Japan expects that Japanese government and industry will pay greater attention to threat intelligence over the coming year, highlighting increased opportunities for U.S. cybersecurity companies providing these services.

Providers of threat intelligence and related cybersecurity services are encouraged to contact the U.S. Commercial Service in Japan at Office.Tokyo@trade.gov for more information.