Over 80% of Large Companies Have Started or Are Considering Responding to the 'SCS Evaluation System'; Demand for '3-Star Equivalent' Level from Business Partners, with Expectations for '4-Star Equivalent' in the Future

MOTEX Inc. (Headquarters: Yodogawa-ku, Osaka; President and CEO: Hiroyuki Tokumo; hereinafter MOTEX) conducted a fact-finding survey on the 'SCS Evaluation System' promoted by the Ministry of Economy, Trade and Industry (METI), targeting 1,000 information systems and security personnel working at companies with 1,000 or more employees.

*The 'SCS Evaluation System' is an abbreviation for the 'Security Measures Evaluation System for Supply Chain Strengthening.' (Based on the 'Policy for Building a System for Evaluating Security Measures for Supply Chain Strengthening' published by METI in March 2026.)

Download the materials here (free)

In recent years, cyberattacks targeting supply chains have increased, raising the risk of damage spreading through business partners with weak security measures. Against this backdrop, companies are required to implement security measures not only for themselves but across the entire supply chain, including their business partners.

This survey revealed that 83.5% of large companies are gathering information or preparing to respond to the SCS Evaluation System. Furthermore, while many respondents indicated they would require a '3-star equivalent' level of measures from business partners in the first year of the system, a trend towards expecting a '4-star equivalent' level in 2 to 3 years was also observed.

■ Survey Results Summary

- Over 80% of large companies have started or are considering responding to the SCS Evaluation System.
- Approximately half have received instructions from management to strengthen security, and there is a move to require confirmation and improvement at a certain level from business partners.
- A trend of expecting a '3-star equivalent' in the first year and a '4-star equivalent' in 2-3 years.

■ Survey Background

METI is advancing discussions on the 'SCS Evaluation System,' which evaluates and visualizes corporate security measures based on common standards, and preparations for its launch at the end of fiscal year 2026 are intensifying. Meanwhile, challenges exist for ordering companies in objectively understanding the security status of their business partners, and for receiving companies in dealing with varying demands from different clients. Therefore, MOTEX conducted this survey to understand the response status of large companies to the SCS Evaluation System and the actual security levels they demand from their business partners.

■ Overview of the 'Fact-Finding Survey on the SCS Evaluation System'

[Survey Content]
- Response status to the SCS Evaluation System
- Security level required from business partners
- Presence or absence of instructions from management to strengthen security
- Target companies for star acquisition requests
- Awareness of consideration for transaction conditions, etc.

[Survey Method]
- Survey Period: March 3, 2026 (Tuesday) to March 10, 2026 (Tuesday)
- Survey Method: Internet survey
- Number of Respondents: 1,002
(Employee size: 1,000-1,999: 278 / 2,000-4,999: 264 / 5,000-9,999: 160 / 10,000 or more: 300)
- Survey Target: Information systems and security personnel belonging to companies with 1,000 or more employees (from the ordering company's perspective)
- Monitor Provider: PRIZMA Research Inc.
- Survey Organization: PRIZMA Inc.

■ TOPICS 1: Over 80% of Large Companies Have Started or Are Considering Responding to the SCS Evaluation System

First, when asked, 'Which of the following best describes your company's current situation regarding responding to the SCS Evaluation System?', 37.6% responded 'Already implementing or preparing,' and 45.9% responded 'In the information gathering/consideration stage,' totaling 83.5% of companies gathering information or preparing.

Additionally, when asked, 'Do you feel that your business partners (contractors/subcontractors) being victims of cyberattacks poses a business risk to your company?', 47.0% responded 'Strongly feel,' and 44.8% responded 'Feel to some extent,' totaling 91.8% recognizing it as a risk.

These results indicate that over 80% of organizations are gathering information or preparing for the SCS Evaluation System, and awareness of responding to the system is increasing.

*Figures in the charts are rounded down to the nearest whole number, so totals may not always equal 100%.

■ TOPICS 2: Approximately Half Received Instructions from Management to Strengthen Security; Moves to Demand a Certain Level from Business Partners

When asked, 'Did you receive instructions from management to strengthen security measures to acquire stars in the SCS Evaluation System?', 48.4% responded 'Yes, there were instructions to strengthen security,' accounting for approximately half of the respondents.

*Figures in the charts are rounded down to the nearest whole number, so totals may not always equal 100%.

Furthermore, when asked, 'What level of security measures do you feel you will need to require from your business partners (contractors/subcontractors) in the future?', the most common response was 'Request improvement if there are problems' at 52.5%.

*Figures in the charts are rounded down to the nearest whole number, so totals may not always equal 100%.

■ TOPICS 3: Trend of Expecting '3-Star Equivalent' in the First Year and '4-Star Equivalent' in 2-3 Years

When asked about the 'minimum level of measures required from business partners in the first year after the SCS Evaluation System starts' by business partner attribute, many respondents indicated a 3-star equivalent level for each attribute.

For example, for business partners with a significant impact on business continuity, 35.6% required a 3-star equivalent and 16.3% required a 4-star equivalent. For systemically connected business partners, 36.4% required a 3-star equivalent and 16.4% required a 4-star equivalent.

On the other hand, regarding the 'level of measures expected 2-3 years after the start,' the percentage expecting a 4-star equivalent increased.

For business partners with a significant impact on business continuity, 22.3% expected a 4-star equivalent, and for systemically connected business partners, 22.6% expected a 4-star equivalent.

■ Summary

This survey revealed that many large companies are already responding to or considering the SCS Evaluation System, which is scheduled to launch at the end of fiscal year 2026. Additionally, many companies view the security risks of their business partners as their own business risks, suggesting that the impact of responding to the system will spread across the entire supply chain.

Download the materials here (free)

■ About MOTEX (Survey Publisher)

As a domestic security manufacturer, MOTEX's mission is 'Secure Productivity' (balancing safety and productivity). Through its LANSCOPE brand products and services, it aims to 'liberate people and society from digital security challenges.'

▷ MOTEX Corporate Site: https://www.motex.co.jp/
▷ Company Information: https://www.motex.co.jp/company/overview/

LANSCOPE products and services cover everything from IT asset management, information leak prevention, and malware protection centered on 'devices' to ID and access management (IAM) centered on 'people.' Furthermore, through diagnostics and consulting that optimize these, MOTEX provides total support for solving customers' cybersecurity challenges.

▷ LANSCOPE Comprehensive Site: https://www.lanscope.jp/

▶ About MOTEX's 'Guideline Compliance Support Academy'

MOTEX's 'Guideline Compliance Support Academy' aims to improve the security level of all companies and organizations through an 'Academy' format.