Risk Management

Basic Approach

Because our response to risk could profoundly affect the MinebeaMitsumi group's business fundamentals, we believe that risk management is vital to the management of the company. We are prepared for a variety of anticipated risks based on the MinebeaMitsumi Group Basic Regulations for Risk Management, which stipulate our risk management system, preventive measures, and responses in the event of an emergency.

Risk Management Structure

The Representative Director, Chairman CEO of the MinebeaMitsumi group, is ultimately responsible for risk management. The Risk Management Committee reports directly to the President, and makes important decisions on risk management in consultation with the President. As a precautionary measure, MinebeaMitsumi assesses and classifies tangible risks in advance, and remains vigilant against such risks. In the unlikely event that an incident occurs, we will set up an emergency response headquarters or an on-site response headquarters in accordance with the emergency response classification set out in the regulations, and respond to the situation promptly and appropriately. MinebeaMitsumi has established a system under which, depending on the nature of the risk, a supervisory division can be appointed to handle a situation and to draft and implement risk prevention measures.

(From Integrated Report FY3/2025)

Method of Identification of and Response to Risks

(From Integrated Report FY3/2025)

Risk Management Example 1: BCP and Disaster Risk Mitigation Initiatives

As our business expands, the number of bases within the group continues to grow worldwide. Consequently, the risk of encountering unforeseen events, such as natural disasters and geopolitical issues in various regions, is increasing year by year. In the event of a large-scale disaster, infectious disease, terrorist attack, or other emergency, the group will prioritize ensuring the safety of its employees and their families. In addition, as a parts manufacturer with world leading market share, we believe that it is our social responsibility to continue to supply our customers and minimize the impact to our and their business. To this end, we have formulated business continuity plans (BCPs) and are conducting various disaster prevention and mitigation activities at our major sites both in Japan and overseas.

First, regarding BCP, in Thailand, which has the MinebeaMitsumi group's core plants, we acquired certification to the international standard ISO 22301 for our Business Continuity Management System (BCMS) at the Bang Pa-in Plant, Lop Buri Plant, Ayutthaya Plant, Rojana Plant, Navanakorn Plant, and Ban Wa Plant in an effort to further enhance reliability and establish a competitive advantage. Additionally, for sites and offices newly added to the group through M&A, we verify their BCP status and share expertise, good practices, and best practices to raise the overall level of BCP across the entire group.

BCM ISO Certification Activities

Photographed in Thailand at the time of initial ISO Certification

Regarding disaster prevention and mitigation, we have introduced a base risk management system to facilitate early response and prevention of damage. This system enables us to globally monitor weather conditions and socio-political situations in areas where our bases are located, allowing for prompt status checks and support to each site as needed.

Base Risk Management System Screen

©Mapbox ©OpenStreetMap

At each site, identifying risks that could impact business activities and implementing countermeasures are treated as key issues, and continuous improvement is pursued on a daily basis. Specifically, we are working to maintain and strengthen stable production systems through various means and measures, including the planned implementation of disaster countermeasures based on analysis of surrounding environments and weather, repair and improvement work based on risk surveys by external experts, and regular training by teams responsible for disaster prevention and mitigation.

Example of Disaster Prevention and Mitigation Structure for Greater Resilience (Thailand)

Flood Barrier Installation Training at Plants

In-House Fire Trucks/Fire Brigades at Plants

Furthermore, in addition to the increase in the number of sites due to M&A, factors such as aging buildings and equipment and shared use of facilities by multiple businesses are expected to increase and complicate fire risks. As such, we have begun establishing and operating a unified fire prevention management system, particularly focused on large-scale plants overseas. By incorporating external expert knowledge, we will strengthen and maintain company-wide fire prevention activities, aiming to prevent disasters before they occur, achieve continuous improvement, and enhance resilience.

Risk Management Example 2: Security and Trade Management

Against the backdrop of the increasingly complex international situation and military tensions, economic sanctions and export control regulations are being strengthened by each country. In these circumstances, the group, which has a global production system, will need to engage in strategic business development, and remain focused on the economic and political situation in each country. This will allow us to fulfill our social responsibilities as a company, and maintain an international competitive advantage.

As a global group, we implement thorough security trade control in accordance with the laws and regulations of each country at each of our bases. In addition to legally mandated export control education, we have established an internal certification system called the "Security Trade Control Master Certification System" to further strengthen our security trade control system.

Moreover, to centrally manage risks related to economic security for the entire group, we have established the "Group Company Policy on Economic Security (Export Control)" and the "Economic Security Risk Management Manual (Export Control)." In accordance with this policy, we obtain written documents confirming the product applications from each partner, and have established a "Transaction Appropriateness Subcommittee" under the Risk Management Committee to establish a system for appropriately and promptly determining the appropriateness of transactions, taking into account the risks associated with transactions of concern in relation to economic security.

Information Security

Our Approach to Information Security

In recent years, reports of damage caused by cyberattacks in the manufacturing industry have markedly increased, and the importance of information security has risen to unprecedented levels. We have designated enhancing response capabilities to information security risks as one of the material issues (materiality) for fortifying our management framework, and we are working to reinforce countermeasures against network device vulnerabilities which can be exploited as entry points for cyberattacks and to shorten detection time in the event of an attack.

Materiality

Information Security Enhancement Measures

To date, we have established a system monitoring PCs and servers used internally 24 hours a day, 365 days a year, and continuously detects unusual behavior. In addition, to enhance our cyber resilience—our ability to quickly recover and continue operations even in the event of damage caused by an attack—we are implementing multilayered measures. Below are the information security enhancement measures we are implementing to counter cyberattacks.

1. Prevention of Attacks

• We continuously collect and analyze threat intelligence regarding the latest trends in cyberattacks and their countermeasures, in order to prepare not only for known risks but also for those not yet recognized.
• Based on collected threat intelligence, we continuously update our security measures to establish a preventive framework against attacks.

2. Detection and Response Measures to Attacks

(From Integrated Report FY3/2025)

• Across all 129 production and research & development sites in 23 countries where the group operates, we have established a 24/7 security monitoring and response system. Monitoring system details are as follows:
  1. All PCs used by employees, file servers shared internally, business servers, and network control devices are constantly monitored for abnormal activity.
  2. If abnormal activity is detected, the device is immediately isolated from the network to eliminate threats. Reports are made to administrators and internal expert teams.
  3. Internal expert teams analyze based on logs of reported content and device behavior. If determined to be a cyberattack or unauthorized access, they investigate the scope and impact, work to prevent further damage, identify causes, and carry out restoration.
• Regular incident response drills are conducted to strengthen proficiency in monitoring and response processes. They also help improve coordination among relevant parties.

3. Employee Awareness of Security

• We recognize that in addition to prevention and detection/response, each employee's awareness plays a vital role in information security. We regularly provide all employees with information security training and phishing email drills to raise awareness and equip them with proper response skills.

Strengthening Self-Management Capabilities via Security Dashboard

To enable employees of the group to confirm the safety of their working environments, we have developed and released an internal security dashboard which visualizes our information security status. By using the security dashboard, each site can keep track of the progress of their information security measures and related safety information in real time.

Handling of Personal Information

We have established internal rules for handling personal information, and we operate in a manner that ensures appropriate use within the scope of specified purposes. However, it was discovered that during the spring of 2025, there was unauthorized external access to our network, and we publicly disclosed the possibility that some personal information may have been leaked. We reported to the relevant authorities and provided apologies and explanations of the situation to individuals and corporations potentially affected.
We take this matter seriously and are reinforcing our recurrence prevention measures through continued cooperation with specialized security institutions. We will also continue to manage personal information appropriately and strictly in accordance with applicable laws and regulations.

As cyberattack threats continue to intensify daily, there is no final goal when it comes to information security measures. We will continue to monitor the latest threat trends and conduct regular assessments of our security status to ensure continuous improvement. MinebeaMitsumi will continue to work company-wide to ensure security so that we can earn the trust of our partners and customers. We will protect our customers' businesses from cyber threats and work together to achieve sustainable growth.

Related links

Risk Management (move to Investors site)

Materiality "Materiality/Risk/Opportunity"

It ends about main text.