JP

TOP
Service & Solution
News & Blog
About Us
Contact Us
Service & Solution

News & Blog

Secure SketCH’s cyber rating is a new indicator of risk communication based on facts and benchmarks.

2025.10.10

NRI Secure NRI Secure

CASE

Agenda

    keyvisual

    Mitsubishi UFJ Financial Group (MUFG), a leading comprehensive financial group in Japan, is known for its global operations, which include a wide range of subsidiaries, such as banks, trust banks, and securities companies. MUFG is committed to enhancing its risk and governance practices and continues to pursue better management of IT-related risks, especially cyberattacks. To improve security awareness and communication across its global network, MUFG adopted SecureSketCH to better understand the security posture of its affiliates and third-party vendors.

    MUFG has set its corporate purpose as "Becoming the power that moves the world forward," and focuses on providing digital solutions in the financial sector. Cybersecurity, especially in the form of IT risks such as cyberattacks, is considered one of their top priorities. SecureSketCH, integrated with the globally recognized security rating system SecurityScorecard, helps the company evaluate cybersecurity risks in its supply chain quickly and automatically. By doing so, it also identifies areas for improvement related to the company’s domain and its security posture.

    • CHALLENGE
      • MUFG needed a tool to understand its security posture objectively and improve risk communication.
    • SOLUTION
      • In addition to the traditional security checklists used for selfassessment, MUFG adopted Secure SketCH’s automated diagnosis, which supports Japanese language and provides cyber ratings.
    • RESULTS
      • Enabled objective understanding of vulnerabilities, patch application frequencies, and security risks based on publicly available data
      • Facilitated clear communication of security risks within the company, using a standardized scoring system and benchmarking against industry standards

    Background of the Implementation - 
    MUFG’s Search for Objective Risk Communication Tools

    Previously, MUFG had in security management. Takahiro Tsuruta, Head of the Risk Management Department, shares:

    _DSC5427Risk Management Department: Takahiro Tsuruta 

    "As MUFG expands its business as a ‘financial and digital platformer,’ the number and variety of connections with partner organizations are increasing. In this environment, it is crucial to monitor our security posture and that of our partners to support business growth while protecting our customers."

    "We have been conducting self-assessments using proprietary checklists, but we wanted to achieve a more objective understanding by integrating facts and third-party evaluations."

    "In risk communication, achieving mutual understanding between stakeholders with different perspectives and roles is often difficult. Therefore, we sought a tool that could create a common understanding across various domestic and international stakeholders."

    Selection Criteria - 
    NRI Secure’s Expertise and Ease of Use Sealed the Deal

    To address these challenges, MUFG began evaluating security rating services to assess cyber defense capabilities. After gathering information on various providers and their track records, MUFG chose SecureSketCH. Takahiro Tsuruta highlights the reasons for this choice:

    "NRI Secure’s extensive knowledge of security ratings and attack surface management (ASM) was invaluable, and their continuous support in interpreting diagnostic results played a key role in our decision."

    "Moreover, SecureSketCH was easy to implement because it requires no installation and supports multiple languages, making it ideal for use across our network of affiliates and third parties."

    MUFG also conducted a Proof of Concept (PoC) to evaluate the tool’s usability, including its interface and dashboard. Reflecting on the results, Tsuruta says:

    "Secure SketCH is intuitive and easy to use, with clear and structured guides that make it accessible not just internally but also for our partner organizations. Given the global shortage of cybersecurity talent, it’s essential that any tool we adopt is user-friendly and has broad applicability across teams."

    "The fact that Secure SketCH supports Japanese and provides expert interpretations of SecurityScorecard results makes it a thoughtful service that addresses users’ needs."

    Additionally, when adopting Secure SketCH’s automated assessments, the Risk Management Division appears to have moved cautiously to ensure organizational alignment. Takahiro Tsuruta explains:

    "Regarding SecurityScorecard, there were very few publicly available examples of its implementation within Japan, which made it challenging for stakeholders to establish a shared understanding of how to interpret the automated cyber rating (third-party evaluation) results and recognize their value."

    "By referencing diagnostic reports released by SecurityScorecard for Nikkei 225 companies, we were able to benchmark our organization’s position and trends relative to others, effectively communicating the benefits of automated assessments within our risk management discussions."

    fig_001In collaboration with SecurityScorecard, we continuously collect and analyze publicly available data, such as internet-facing servers and DNS records tied to domains, enabling objective assessments from a cyber attacker’s viewpoint.

    Benefit 1 - 
    Objective Risk Assessment and Communication

    Since implementing Secure SketCH, the company has been performing automated security risk assessments on over 100 organizations, including MUFG Group companies and third-party vendors. Takahiro Tsuruta described the impact of this as follows:

    "By supplementing traditional self-assessments with automated diagnostics from Secure SketCH, we can now accurately detect vulnerabilities and configuration errors, gaining a clear understanding of our actual security posture.

    Furthermore, the visibility provided by third-party evaluations in the form of scores and ratings offers an objective perspective. Having this fact-based information greatly facilitates reporting to management and discussions with stakeholders, significantly improving our risk communication."

     

    The Risk Management Division presented benchmarks from SecureSketCH’s automated assessments to company presidents, bank executives, and C-suite members. Reika Sakakibara from the division summarized their feedback.

    _DSC5470Risk Management Department: Reika Sakakibara

    "Previously, credit ratings were the most common method, but recently we’ve seen rating agencies investing in or partnering with cyber rating services. This trend has captured significant interest from executives.

    SecureSketCH’s automated assessments clearly and quantitatively visualize security management conditions, prompting more active discussions than ever on how to leverage these benchmarks effectively.
    Moving forward, we will continue monitoring developments in cyber ratings, alongside traditional credit ratings."

    Benefit 2 - 
    Benchmarking Against Industry Standards

    As a platform provider in the financial industry, the company faces high expectations from customers and society for maintaining robust risk management standards. Takahiro Tsuruta explained further:

    "With Secure SketCH’s automated assessments, we can easily benchmark ourselves against industry-average security scores and peer institutions. This capability provides a clear overview of our company’s standing.

    Financial institutions must carefully consider whether their risk management meets customers’ and society’s high expectations. I’ve become increasingly aware of the necessity for continuous monitoring, not just from a cybersecurity perspective but also from a reputational viewpoint.

    Moreover, Secure SketCH supports multiple languages, including English and Chinese, making it a valuable tool for assessing overseas offices and facilitating global communication in the future.

    When we’ve had questions about product specifications or assessment results, NRI Secure has provided ongoing, detailed support, which has been incredibly helpful. When selecting security solutions, we look for vendors with deep security expertise and the ability to simplify complex technical concepts. NRI Secure has fully met our expectations, and we’re grateful for their support."

    Future Outlook - 
    Driving Ongoing Governance Improvements

    Lastly, the duo shared their perspectives on the future utilization of Secure SketCH and their expectations for NRI Secure:

    Sakakibara:

    "I expect the importance of services that quantify cyber-defense capabilities to continue growing. Implementing SecureSketCH has enabled us to visualize SecurityScorecard results numerically, greatly facilitating information sharing within the group, which is crucial for managing operational risks. However, we still need internal discussions to convert assessment results into actionable feedback and recommendations for related departments and organizations. We plan to actively use SecureSketCH to further these discussions and enhance our internal control mechanisms."

    Tsuruta:

    "Following the G7 Fundamental Elements for Third-Party Cyber Risk Management in the Financial Sector, MUFG reviews control measures for monitoring third-party cyber risks. In the future, we envision leveraging Secure ketCH’s automated assessments and SecurityScorecard for cyber-risk monitoring of critical third-party service providers. To realize this, we hope NRI Secure will continue providing advanced cybersecurity expertise, insights from other client engagements, and ongoing support related to security rating services."
    NRI Secure NRI Secure

    Related Articles

    A Guide to U.S. Cybersecurity Laws and Compliance

    The Strategic Benefits of Cybersecurity Compliance
    NIST Cybersecurity Framework 2.0 NIST Cybersecurity Framework 2.0

    NIST CSF 2.0: What’s New and Why It Matters

    How to Implement the CIS Controls Framework: A Beginner-Friendly Guide
    X facebook linked-in hatena bookmark

    Contact Us