Japan isn't taking cybersecurity seriously

Japan is famous for a lot of things, from sakura blossoms in Spring to its unique cuisine to, of course, anime and manga. There is also this perception of the country being a technological superpower, especially in the fields of manufacturing, robotics, and computing. Those perceptions, however, may have been based partly on fantasy and romanticized fiction as the country is slowly proving itself to be lagging behind its peers, especially in the computing industry where cybersecurity has not only become an important topic, it has sometimes become a matter of life or death for both businesses and governments.

Japan's cybersecurity has just made international headlines yesterday in a comical yet tragic way. Japan's month old minister tasked with overseeing the country's cybersecurity strategy has admitted to lawmakers, to the public, and on TV, that he has never used a computer. Perhaps it's not really "never" but Yoshitaka Sakurada words, translated, where that since 25 years of age (he's now 68 years old), he has instructed staff and secretaries to do all the computing tasks for him. In that same session, he was described to have expressed confusion over what a USB flash drive is.

We could try to give the man a break. Other, more powerful governments have also appointed people without the credentials, let alone the capability, to perform their mandated duties. And to be fair, Sakurada was only given the cybersecurity job last month and even then only as deputy. This, however, wasn't the first time the minister publicly demonstrated his ignorance in office. This is also the man who is charge of the Tokyo Olympics 2020.

It might be too easy to laugh at the man without considering that he didn't climb to that post on his own. Whether or not he requested the office, someone higher up put him there and that someone believed that Sakurada has what it takes to push the government's and the country's cybersecurity strategy forward. Despite having never used a computer in the past 43 years, perhaps more. In other words, this seemingly isolated incident is actually representative of the country's attitude towards cybersecurity in general.

Last June, independent US organization Council on Foreign Relations published an article praising the Japanese government's new cybersecurity strategy. That move is really praiseworth only because of how far the country has lagged behind in that matter, both in private and government sectors. A little over half of Japanese companies conduct cybersecurity risk assessments, only 27% have Chief Information Security Officers, and 63% of the country's business leaders saw cybersecurity only as a cost.

The costs of ignoring cybersecurity, however, will be greater than actually adopting best practices. Hacking incidents in the US and Europe prove the financial and human costs of weak cybersecurity. Japan has mostly survived unscathed maybe because some don't think it's worth hacking into. But with its poor cybersecurity record now coming to light, it could very well become a target. An deserved or not, the country does have a far-reaching presence in politics and technology. And it could easily become the weakest link unless it picks up the pace.

The Japanese government's new strategy was supposed to encourage businesses to make cybersecurity a top priority. A few months later, it would put in charge someone who is probably the least qualified to convince anyone of that. The country, both its government and its businesses, can't afford to ignore cybersecurity in this day and age of software, the Internet, and smartphones. Otherwise its perceived technological superiority will be nothing more than the stuff of anime and manga.