Security

From before, the LY Corporation Group has made utmost efforts against information security threats in accordance with its information security policy of: protecting its users from information leaks (confidentiality), providing round-the-clock service (availability), and securely protecting the service contents from destruction or fabrication (integrity).

CISO Message

Shigeo Suzuki, CISO

At LY Corporation, we place the highest priority on protecting our customers’ trust and safety in providing our services. Cyberattacks are becoming increasingly sophisticated, and the importance of security is continuing to rise. To prepare for this threat, we will address cybersecurity measures as a key management priority.
The services our customers use every day have become part of the social infrastructure. As our business continues to grow, we will fulfill our responsibilities in delivering our services.

Shigeo Suzuki, CISO
Shigeo Suzuki joined Yahoo Japan Corporation in 2016, and served as Vice President of the CISO-Board, Security Unit Senior Manager, and Vice President of the Security Direction Department.
After serving as General Manager of the CISO Office Division at LY Corporation from October 2023, he has assumed the position of Corporate Officer, CISO in April 2026.

Cybersecurity Policy

From before, the LY Corporation Group has made utmost efforts against information security threats in accordance with its information security policy of: protecting its users from information leaks (confidentiality), providing round-the-clock service (availability), and securely protecting the service contents from destruction or fabrication (integrity).
In addition to these ongoing efforts, the LY Corporation Group, with a view to detecting and countering increasingly sophisticated cyberattacks, works to build information systems and provide services in compliance with the cybersecurity framework of U.S. National Institute of Standards and Technology (NIST).
LY Corporation (the "Company") has put together and declared these views as LY Corporation Group's Cybersecurity Policy.
Based on these basic approaches, the Company has established internal regulations to clarify employee compliance requirements for handling information and conducts regular training. The internal regulations define prohibited actions and penalties. In addition, network monitoring and appropriate technical safety management measures are implemented to prevent unauthorized information leaks. Furthermore, employees are required to submit a pledge to understand the importance of personal information and to protect it appropriately. Through these measures, the Company aims for each employee to maintain a high level of information security awareness and ensure the protection of its customers' information.

Related link

Security Governance Framework

LY Corporation has established a security supervisory organization under the Board of Directors, headed by the CISO appointed and delegated authority by the President and Representative Director (CEO).
This body sets rules and provides guidance and support to Group companies. To ensure security governance, we have also established a Security Governance Committee that reports directly to the CEO. In addition, the Group CISO Board, comprising our CISO and CISOs from key Group companies relevant to our business, strengthens governance across the Group.

This diagram illustrates the security governance framework. At the top is the Board of Directors, which is responsible for decision-making and oversight. Directly below is the President and Representative Director, who oversees the entire company as the executive body. Reporting to the President is the Security Governance Committee, chaired by the President and comprising executive officers involved in security, such as the CISO and CTO. This committee reports to the Management Committee and coordinates policies with the Group CISO Board. The Group CISO Board is composed of CISOs from major group companies and is responsible for policy sharing and coordination. At the center of the organizational structure are the CISO and the Security Supervisory Organization, which report to the Security Governance Committee and oversee and support group companies. At the lower levels are group companies, subsidiaries, affiliates, and their respective CISOs, who respond to incident reports and inquiries from employees. Each company has a “CISO or equivalent head of the security division” and a CSIRT, which work together to ensure a comprehensive security structure through reporting, management, and guidance.

• CISO: Chief Information Security Officer
• CSIRT: Computer Security Incident Response Team

Security initiatives in the whole Group

As part of the vertical governance over the Group's security, LY Corporation regularly monitors the status of security initiatives implemented at each Group company, based on the NIST cybersecurity framework, and continuously makes improvements in accordance with the results of the monitoring.

At the request of each Group company, LY Corporation also provides proactive support to improve the security level of the entire Group, including support for conducting vulnerability assessments and incident response training, as well as support for the introduction of security educational materials, security assessment services, incident response support services, and a variety of security solutions.

Page top