[Risk of business review] About 70% aim for '★3' or higher in the 'Security Measure Evaluation System for Strengthening Supply Chains' scheduled to start at the end of FY2026. May become a new 'transaction condition'.
ISO Pro Co., Ltd. announced survey results for corporate cybersecurity and supply chain management personnel. Approximately 70% of companies are targeting '★3' or higher in the "Security Measure Evaluation System for Strengthening Supply Chains (SCS Evaluation System)" scheduled to start at the end of FY2026, suggesting that this system may become a new transaction condition.
📋 Article Processing Timeline
- 📰 Published: April 28, 2026 at 19:00
- 🔍 Collected: April 28, 2026 at 10:32
- 🤖 AI Analyzed: April 28, 2026 at 15:23 (4h 51m after Collected)
ISO Pro Co., Ltd. (Headquarters: Shinjuku-ku, Tokyo; Representative Director: Taizo Yoneda) conducted a survey on "Response to the 'Security Measure Evaluation System for Strengthening Supply Chains' Starting in FY2026 and Supplier Management" targeting management and personnel involved in corporate cybersecurity and supply chain management.
In recent years, cyberattack methods have become increasingly sophisticated and cunning. "Supply chain attacks," which involve invading major companies not directly but by using outsourced business partners or affiliated companies with weak security measures as "stepping stones," are rampant.
Recently, there have been a series of incidents where systems and cloud services of outsourced partners were infected with ransomware, and the damage spread sequentially to the client major financial institutions and educational institutions, highlighting this as a societal threat once again.
Currently, self-protection measures alone are insufficient. The risk of one's own company suffering severe damage via a business partner, or the risk of one's own company becoming a "stepping stone" to spread damage to business partners, is beginning to be recognized as a management risk directly linked to business suspension or loss of credibility.
Against this background, the "Security Measure Evaluation System for Strengthening Supply Chains (Commonly known as: SCS Evaluation System)" promoted by the Ministry of Economy, Trade and Industry is scheduled to start at the end of FY2026, with the aim of objectively evaluating and improving the security level of the entire supply chain.
So, how are companies actually moving towards this new system, and what kind of responses are they planning to ask of their business partners?
Therefore, ISO Pro Co., Ltd. (https://iso-pro.co.jp/), which operates "ISO Pro" (https://activation-service.jp/iso/), a support site for new acquisition and operation of various ISOs, conducted a survey on "Response to the 'Security Measure Evaluation System for Strengthening Supply Chains' Starting in FY2026 and Supplier Management" targeting management and personnel involved in corporate cybersecurity and supply chain management.
Survey Outline: Survey on "Response to the 'Security Measure Evaluation System for Strengthening Supply Chains' Starting in FY2026 and Supplier Management"
[Survey Period] April 16 (Thu) - April 17 (Fri), 2026
[Survey Method] Internet survey by PRIZMA (https://www.prizma-link.com/press)
[Number of Respondents] 1,015 people
[Target Respondents] Monitors who answered that they are management or personnel involved in corporate cybersecurity and supply chain management (information systems, security, risk management, procurement departments) at the time of the survey.
[Survey Source] ISO Pro Co., Ltd. (https://iso-pro.co.jp/)
[Monitor Provider] Sacrisa
**Approximately 90% recognize the risk, but only about 40% have taken countermeasures. Supply chain attacks lead to "loss of credibility" and "suspension of transactions" as a "management risk."**
First, when asked, "To what extent do you feel the risk of your company being a victim (or a stepping stone) of increasing supply chain attacks in recent years?", the following results were obtained.
Approximately 90% of the total seem to recognize the risk of supply chain attacks as a reality, but only about 40% answered that they "have already strengthened countermeasures," meaning about half of the companies have not yet taken concrete steps.
Although a sense of crisis is widely shared, the situation indicates that it has not yet led to concrete countermeasures.
Amidst many companies feeling risk, what kind of situations are concerned when a security incident actually occurs?
When asked about "the impact of a security incident on your company if it occurs in your supply chain," the most common answer was "loss of social credibility/degradation of brand image (39.9%)," followed by "contract cancellation/suspension of transactions with business partners (35.4%)" and "company system downtime/long-term business suspension (33.6%)."
The top items relate to "fatal damage affecting business continuity," indicating that companies are more concerned about losing social credibility or having contracts with business partners terminated than about their own operations stopping.
Security incidents can no longer be seen as merely an IT department issue, but rather as a management challenge that affects the very credibility of a company.
**Approximately 90% answered, "The SCS Evaluation System will affect our company." Obtaining '★' (star) may become a "transaction condition."**
Amidst the growing sense of crisis regarding these serious risks, the "Security Measure Evaluation System for Strengthening Supply Chains" is scheduled to start at the end of FY2026.
*Reference (Ministry of Economy, Trade and Industry: https://
In recent years, cyberattack methods have become increasingly sophisticated and cunning. "Supply chain attacks," which involve invading major companies not directly but by using outsourced business partners or affiliated companies with weak security measures as "stepping stones," are rampant.
Recently, there have been a series of incidents where systems and cloud services of outsourced partners were infected with ransomware, and the damage spread sequentially to the client major financial institutions and educational institutions, highlighting this as a societal threat once again.
Currently, self-protection measures alone are insufficient. The risk of one's own company suffering severe damage via a business partner, or the risk of one's own company becoming a "stepping stone" to spread damage to business partners, is beginning to be recognized as a management risk directly linked to business suspension or loss of credibility.
Against this background, the "Security Measure Evaluation System for Strengthening Supply Chains (Commonly known as: SCS Evaluation System)" promoted by the Ministry of Economy, Trade and Industry is scheduled to start at the end of FY2026, with the aim of objectively evaluating and improving the security level of the entire supply chain.
So, how are companies actually moving towards this new system, and what kind of responses are they planning to ask of their business partners?
Therefore, ISO Pro Co., Ltd. (https://iso-pro.co.jp/), which operates "ISO Pro" (https://activation-service.jp/iso/), a support site for new acquisition and operation of various ISOs, conducted a survey on "Response to the 'Security Measure Evaluation System for Strengthening Supply Chains' Starting in FY2026 and Supplier Management" targeting management and personnel involved in corporate cybersecurity and supply chain management.
Survey Outline: Survey on "Response to the 'Security Measure Evaluation System for Strengthening Supply Chains' Starting in FY2026 and Supplier Management"
[Survey Period] April 16 (Thu) - April 17 (Fri), 2026
[Survey Method] Internet survey by PRIZMA (https://www.prizma-link.com/press)
[Number of Respondents] 1,015 people
[Target Respondents] Monitors who answered that they are management or personnel involved in corporate cybersecurity and supply chain management (information systems, security, risk management, procurement departments) at the time of the survey.
[Survey Source] ISO Pro Co., Ltd. (https://iso-pro.co.jp/)
[Monitor Provider] Sacrisa
**Approximately 90% recognize the risk, but only about 40% have taken countermeasures. Supply chain attacks lead to "loss of credibility" and "suspension of transactions" as a "management risk."**
First, when asked, "To what extent do you feel the risk of your company being a victim (or a stepping stone) of increasing supply chain attacks in recent years?", the following results were obtained.
Approximately 90% of the total seem to recognize the risk of supply chain attacks as a reality, but only about 40% answered that they "have already strengthened countermeasures," meaning about half of the companies have not yet taken concrete steps.
Although a sense of crisis is widely shared, the situation indicates that it has not yet led to concrete countermeasures.
Amidst many companies feeling risk, what kind of situations are concerned when a security incident actually occurs?
When asked about "the impact of a security incident on your company if it occurs in your supply chain," the most common answer was "loss of social credibility/degradation of brand image (39.9%)," followed by "contract cancellation/suspension of transactions with business partners (35.4%)" and "company system downtime/long-term business suspension (33.6%)."
The top items relate to "fatal damage affecting business continuity," indicating that companies are more concerned about losing social credibility or having contracts with business partners terminated than about their own operations stopping.
Security incidents can no longer be seen as merely an IT department issue, but rather as a management challenge that affects the very credibility of a company.
**Approximately 90% answered, "The SCS Evaluation System will affect our company." Obtaining '★' (star) may become a "transaction condition."**
Amidst the growing sense of crisis regarding these serious risks, the "Security Measure Evaluation System for Strengthening Supply Chains" is scheduled to start at the end of FY2026.
*Reference (Ministry of Economy, Trade and Industry: https://