Canon IT Solutions Survey Finds Over Half of Ordering Companies Intend to Require "★4 or Higher" Security Rating from Suppliers

Canon IT Solutions Inc. (hereafter Canon ITS), part of the Canon Marketing Japan Group, conducted two surveys aimed at understanding the practical situation regarding the "Security Measures Evaluation System for Supply Chain Reinforcement (SCS Evaluation System)," which is scheduled to be launched by the Ministry of Economy, Trade and Industry (METI) and the National center of Incident readiness and Strategy for Cybersecurity (NISC). The surveys targeted ordering companies (109 respondents from companies with 1,000 or more employees) and supplier companies (111 respondents from manufacturing and logistics companies with 300 to 1,000 employees). ■ Survey Background and Analysis With the upcoming launch of the security evaluation system by METI and NISC, ordering companies are required to grasp the security response status of their business partners and manage risks based on objective judgment. This survey was conducted to understand the response status and challenges for both ordering and supplier companies. While 84.4% of ordering companies check their suppliers' security measures, only 16.5% responded that they have a "sufficient understanding," indicating practical burdens and difficulties in evaluation. Against this backdrop, it is believed that the movement to reflect the security measure evaluation (★ rating) as a common standard in transaction conditions is progressing. Notably, among ordering companies intending to make it a transaction condition, 52.6% plan to demand "★4 or higher" from their suppliers, suggesting that transactions based on supply chain response levels are becoming a reality. On the other hand, although awareness (77.5%) and preparation (90.7% of those aware) are advancing among supplier companies, challenges such as "shortage of specialized personnel" (54.1%) and "budget constraints" (44.1%) were raised. There is a gap between the standards envisioned by ordering companies and the resource constraints of supplier companies, making phased implementation and support design crucial. ■ Outlook The security evaluation system is increasingly positioned as an indicator that can influence practical business judgments in transactions. Moving forward, ordering companies will need to establish the rationale, scope, and communication design for their requests, while supplier companies will need to proceed with effective measures using limited resources by grasping their current situation and prioritizing actions. Canon ITS will contribute to improving the security level of the entire supply chain through services like its "Security Measures Diagnosis Service," which supports visualization of the current state and problem-solving based on ★3/★4 standards. ■ Key Survey Results ◎ Ordering Companies (1,000+ employees, 109 respondents) - 84.4% check suppliers' security measures, indicating progress in management enhancement. - 71.6% intend to incorporate the ★ rating into transaction conditions, with 52.6% of them planning for "★4 or higher." - However, 94.8% feel difficulty in requesting ★ certification, citing concerns about relationships with business partners. ◎ Supplier Companies (Manufacturing/Logistics, 300-1,000 employees, 111 respondents) - 77.5% are aware of the system, and 90.7% of those aware have started preparing for ★3/★4 certification. - Challenges include a shortage of specialized personnel (54.1%) and budget constraints (44.1%). - 82.9% are positive about utilizing external experts and services. ■ Survey Overview ◎ Ordering Company Survey - Name: Awareness Survey on Supply Chain Security Management for Ordering Companies - Method: Internet survey via IDEATECH's "Reseap®" - Period: March 23-24, 2026 - Respondents: 109 individuals in supply chain management, procurement, or security promotion at companies with 1,000+ employees. ◎ Supplier Company Survey - Name: Survey on Preparation Status for Supply Chain Security Measures Evaluation System in Supplier Companies - Method: Same as above - Period: March 23-24, 2026 - Respondents: 111 individuals in security measures/promotion at manufacturing/logistics companies with 300-1,000 employees. *Percentages are rounded to the first decimal place, so totals may not equal 100%. *Detailed survey results can be downloaded from the Security Measures Diagnosis Service webpage. ■ Related Webinar (Free/Pre-registration required) Title: Security Measures Evaluation System: How to Prepare Proactively - Visualize the Current State with a Diagnosis Service and Organize Priority Measures - Date: May 22, 2026 (Fri) - Host: Canon IT Solutions Inc. - Registration: https://majisemi.com/e/c/canon-its-20260522/M2A ■ "Security Measures Diagnosis Service" for the Security Evaluation System The "Security Measures Diagnosis Service" is a solution where dedicated engineers conduct detailed interviews about a customer's security measures to visualize potential risks. It diagnoses the customer's security status based on the requirements and evaluation criteria (★3/★4) of the security evaluation system, visualizes the current state, and proposes enhancements and additional measures according to the identified issues. https://www.canon-its.co.jp/solution/industry/cross-industry/sec/sec-diag/meti