Corporate Governance Structure and Initiatives | Information security initiatives

The Capcom Group is committed to leveraging its strengths per our Management Philosophy to achieve stable medium- to long-term growth and enhance corporate value through our business activities. To accomplish this, we are focused on increasing management transparency and soundness, building a system that can adapt to environmental changes, and continuously improving our corporate governance.

In this section, Capcom will explain the corporate governance structure and systems that it has initiated so far based on the key concepts of “effectiveness and visibility” in terms of the results of third-party assessment.

  • Capcom Corporate Governance Guidelines (June 23, 2025)

    PDF

  • Corporate Governance Report (June 23, 2025)

    PDF

Information security

The Company sells game content in more than 220 countries and regions globally and recognizes that information has a significant impact on its corporate activities. To further accelerate the promotion of digital sales worldwide, as well as the diversification and efficiency of sales through the shift to digital in business, we believe that it is crucial to ensure information security, including appropriate safety management measures for personal information and cybersecurity measures.

To this end, we regularly hold meetings of the Security Oversight Committee, an external advisory body, to share various information related to information security and cybersecurity technologies and trends. Based on the advice of this committee, we aim to maintain and strengthen our information security and cybersecurity management system based on the PDCA cycle. Additionally, we strive to raise awareness of information security among our company’s officers and employees by regularly conducting education and training and reporting the results to the Board of Directors.

Strategy

A. Information Management

The Company appropriately manages various confidential information, such as personal information and trade secrets, based on regulations and guidelines, including the Information Management General Rules. Regarding the handling of personal information, based on the Personal Information Protection Policy, we not only comply with personal information protection laws and regulations, but also conduct awareness and education for officers and employees, and regularly carry out inventory checks to ensure visibility over fundamental matters such as the storage locations of personal information. Through these efforts, we verify the appropriateness of personal information handling, and if any issues requiring improvement are identified, we take corrective measures. Furthermore, we protect and utilize information assets that are our company’s strengths, such as game content, programs, development engines, accumulated know-how, and sales data, under an appropriate management system.

In addition, in step with expanding sales of our game content worldwide, the Company is strengthening its response to legislation for the protection of minors being advanced around the world. Considering recent technological advancements, we are also developing and disseminating guidelines related to the use of generative AI and enhancing our internal operational system from the perspective of information management accompanying the active use of technology.

B. Cybersecurity Measures

Recognizing the necessity of countermeasures against various cyber risks both domestically and internationally, the Company is working to strengthen its cybersecurity system while complying with relevant laws and regulations.

We have been striving to build a system that can respond and recover quickly in case of emergencies, such as when unexpected security risks materialize, through continuous system operations and monitoring.

Specifically, we are implementing cybersecurity measures such as strengthening authority management, updating software, simplifying systems, and operating a Security Operation Center (SOC) based on EDR (Endpoint Detection and Response), which provides early detection of unusual activity on devices, and XDR (Extended Detection and Response) to monitor multiple security domains, including networks, systems, and cloud environments. This enables centralized investigation and response to cybersecurity threats; at the same time, we are introducing generative AI to support efficient threat detection and analysis, thereby ensuring security through more rapid and advanced measures.