An article titled “Incident Responses at Financial Institutions, According to the Types of Cyberattacks” written by Mitsuya Kosaka was published in the March 10, 2025 issue of the Financial Law Journal.

Table of Contents

1. Damage that a cyberattack can cause to a financial institution

2. Examples of major cyberattacks

(1) Denial of Service (DoS) attack, Distributed Denial of Service (DDoS) attack

(2) Website falsification

(3) Malware (Ransomware)

(4) Phishing

3. Initial actions

4. Containment

(1) DoS attack, DDoS attack

(2) Website falsification

(3) Malware (Ransomware)

(4) Phishing

5. Actions required in relation to authorities

(1) Common measures necessary to address all cyberattacks

a. Measures based on the Guidelines for Supervision

b. Measures based on the Action Plan for Cybersecurity of Critical Infrastructure

c. Measures to take as a specified essential infrastructure service provider under the Economic Security Promotion Act

(2) Measures necessary when personal information leakage is suspected

a. Measures based on business laws

b. Measures based on the Personal Information Protect Act, etc.: (i) Leakage from a financial institution

c. Measures based on the Personal Information Protection Act, etc.: (ii) Leakage from a customer

6. Actions required in relation to customers, etc.

(1) Common measures necessary to address all cyberattacks

(2) Measures necessary when personal information leakage is suspected

(3) Measures necessary when illegal remittance occurs or is suspected

7. Actions required in relation to service providers

8. Responding to the attacker

9. Restoration

10. Conclusion – Efforts to establish an effective cybersecurity risk management system

https://store.kinzai.jp/public/item/magazine/A/H/