Sustainability Initiatives | Information Security

Capcom regularly convenes its Security Oversight Committee, an external advisory body, to share various information regarding technologies and trends related to information security and cybersecurity. Based on the committee’s advice, we strive to maintain and strengthen our information security and cybersecurity management framework through the PDCA cycle. Furthermore, we endeavor to raise awareness of information security among the Capcom Group’s officers and employees by conducting regular education and training programs and reporting the results to the Board of Directors.

The Capcom Group appropriately manages various confidential information, such as personal information and trade secrets, based on regulations and guidelines including the General Information Management Rules. Regarding the handling of personal information, based on the Personal Information Protection Policy, we have established and operate a management system to ensure that personal information handling operations are conducted appropriately. This includes compliance with personal information protection laws and regulations, raising awareness and educating executives and employees, and conducting regular inventory checks to confirm basic matters such as the storage locations of personal information. Furthermore, if any areas requiring improvement are identified, corrective measures are implemented. In addition, we similarly protect and utilize the Capcom Group’s information assets—which constitute our competitive strengths—under an appropriate management system. These include data related to the development of game content, programs, development engines, and other intellectual property that collectively form the Capcom Group’s intellectual assets, as well as accumulated know-how and sales data.

Furthermore, to expand game content sales, the Capcom Group is strengthening compliance with laws and regulations being established in various countries, such as those protecting minors. Considering recent technological advancements, we are also developing and disseminating guidelines for generative AI usage. From the perspective of information management accompanying the active use of technology, we are advancing the establishment and strengthening of internal operational systems.

Recognizing that countermeasures against various domestic and international cyber risks are essential, the Capcom Group is working to strengthen its framework while complying with laws and regulations concerning cybersecurity.

We have consistently strived to establish systems for continuous system operation and monitoring, as well as for early response and recovery in the event of emergencies such as the materialization of security risks like cyberattacks.

Specifically, we implement cybersecurity measures, including enhanced permission management, software updates, and system simplification. In addition to EDR^*1 for early detection of unauthorized device activity, we operate a SOC^*3 based on XDR^*2 for continuous monitoring across multiple security domains such as networks, systems, and cloud environments.

This enables centralized investigation and response to cybersecurity threats. We are also striving to ensure security by implementing more rapid and advanced countermeasures, such as introducing generative AI to support efficient threat detection and analysis.

*1 Abbreviation for Endpoint Detection and Response. A system that installs software on user devices such as PCs and servers to detect suspicious behavior and support rapid response.

*2 Abbreviation for Extended Detection and Response. A system that continuously monitors multiple security domains, including networks, systems, and cloud environments.

*3 Abbreviation for Security Operation Center. SOC operation refers to the organizational structure that continuously monitors systems and networks, detecting, analyzing, and responding to attacks.