[Survey on Supply Chain Security Assessment System] Over 80% of companies have received security certification requests from business partners; only 19.4% have accurate control over IT assets, while 81.3% plan to increase investment.
SmartHR conducted a survey on the 'Supply Chain Security Assessment System (SCS Assessment System)' targeting companies with over 100 employees. The results show that while 85% of companies have been asked for security certification by partners, only 19.4% have a full grasp of their IT assets. In anticipation of the SCS system, 81.3% of companies plan to increase security investments.
📋 Article Processing Timeline
- 📰 Published: May 28, 2026 at 11:00
- 🔍 Collected: June 1, 2026 at 01:22 (86h 21m after Published)
- 🤖 AI Analyzed: June 1, 2026 at 23:15 (21h 53m after Collected)
SmartHR, Inc. (Headquarters: Minato-ku, Tokyo; CEO: Masato Serizawa) conducted a survey on the 'Supply Chain Security Assessment System' targeting 222 individuals involved in IT asset management and security measures at companies with 100 or more employees.
■ Survey Background
With the sophistication of cyberattacks and the increase in attacks targeting entire supply chains, there is a growing need to strengthen security measures not just for individual companies, but for their business partners as well. In response, the Ministry of Economy, Trade and Industry (METI) plans to launch the 'Security Measures Assessment System for Supply Chain Strengthening (SCS Assessment System)' by the end of fiscal 2026, which will require companies to guarantee objective security standards more than ever before.
Meanwhile, in practice, cases where business partners request proof or reports on security measures are increasing, which may be a burden for some companies. Furthermore, while the spread of convenient SaaS has expanded the use of IT assets and accounts, the need to create mechanisms to centrally grasp and control them has become an urgent issue.
Given this background, this survey was conducted to clarify the actual status and challenges of supply chain security responses in companies, as well as their future intentions.
■ Survey Results Summary
- Over 80% of IT asset/security managers have been asked for security certification/reports by business partners.
- Only 19.4% can 'accurately grasp all' SaaS and IT tools.
- 'Lack of budget' is the top reason for insufficient security measures (49.2%), but 81.3% plan to 'increase' investment in light of the SCS assessment system.
■ Survey Overview
- Survey Name: Survey on Supply Chain Security Assessment System
- Method: Internet survey
- Period: April 15–16, 2026
- Valid Responses: 222 individuals involved in IT/security at companies with 100+ employees.
■ Survey Results (Excerpts)
(1) Over 80% of managers have been asked for security certification by partners.
When asked if they have been requested to provide proof or reports on their security status, 15.3% said 'frequently,' and 33.3% said 'several times.' Including the 36.5% who said 'once,' 85.1% of the total have experienced such requests.
(2) Only 19.4% 'accurately grasp all' SaaS and IT tools.
When asked about their grasp of SaaS and IT tools, only 19.4% said they 'centrally and accurately grasp all services, accounts, and users.' Meanwhile, 32.9% said they 'know the services used but not the number of accounts or users,' revealing that management (inventory) is lagging behind.
(3) 32.0% take 'over a month' to delete accounts of resigned employees; some have no rules.
When asked how long it takes to delete/deactivate SaaS accounts of resigned employees, 32.0% said 'it can take over a month.' Additionally, 7.2% said 'no rules are established,' meaning 39.2% of managers face issues with account processing after resignation.
(4) 'Lack of budget' is the top reason for insufficient security (49.2%), followed by 'lack of dedicated personnel' (47.6%).
For those who answered that their security measures are insufficient, the top reason was 'unable to secure the necessary budget' (49.2%), followed by 'lack of dedicated security personnel' (47.6%) and 'don't know where to start' (39.7%).
(5) 81.3% of those aware of the SCS assessment system plan to increase security investment.
Regarding plans to review security investments due to the SCS system, 13.1% said they plan to 'increase significantly,' and 68.2% said they plan to 'increase somewhat.'
■ Comment from Hiroya Sasaki, IT System Product Unit, SmartHR
This survey shows that requests for security reports from partners are already widespread, and security response across the supply chain is shifting from 'something requested' to 'a prerequisite.'
However, less than 20% of companies can accurately grasp all their SaaS and IT tools, and it takes time to handle accounts of resigned employees. There is a gap between rising external demands and internal management capabilities. While over 80% plan to increase investment, many are unsure where to start. It is important to begin with foundational tasks like inventorying IT assets and accounts to build security measures that can be operated seamlessly in daily work.
■ Survey Background
With the sophistication of cyberattacks and the increase in attacks targeting entire supply chains, there is a growing need to strengthen security measures not just for individual companies, but for their business partners as well. In response, the Ministry of Economy, Trade and Industry (METI) plans to launch the 'Security Measures Assessment System for Supply Chain Strengthening (SCS Assessment System)' by the end of fiscal 2026, which will require companies to guarantee objective security standards more than ever before.
Meanwhile, in practice, cases where business partners request proof or reports on security measures are increasing, which may be a burden for some companies. Furthermore, while the spread of convenient SaaS has expanded the use of IT assets and accounts, the need to create mechanisms to centrally grasp and control them has become an urgent issue.
Given this background, this survey was conducted to clarify the actual status and challenges of supply chain security responses in companies, as well as their future intentions.
■ Survey Results Summary
- Over 80% of IT asset/security managers have been asked for security certification/reports by business partners.
- Only 19.4% can 'accurately grasp all' SaaS and IT tools.
- 'Lack of budget' is the top reason for insufficient security measures (49.2%), but 81.3% plan to 'increase' investment in light of the SCS assessment system.
■ Survey Overview
- Survey Name: Survey on Supply Chain Security Assessment System
- Method: Internet survey
- Period: April 15–16, 2026
- Valid Responses: 222 individuals involved in IT/security at companies with 100+ employees.
■ Survey Results (Excerpts)
(1) Over 80% of managers have been asked for security certification by partners.
When asked if they have been requested to provide proof or reports on their security status, 15.3% said 'frequently,' and 33.3% said 'several times.' Including the 36.5% who said 'once,' 85.1% of the total have experienced such requests.
(2) Only 19.4% 'accurately grasp all' SaaS and IT tools.
When asked about their grasp of SaaS and IT tools, only 19.4% said they 'centrally and accurately grasp all services, accounts, and users.' Meanwhile, 32.9% said they 'know the services used but not the number of accounts or users,' revealing that management (inventory) is lagging behind.
(3) 32.0% take 'over a month' to delete accounts of resigned employees; some have no rules.
When asked how long it takes to delete/deactivate SaaS accounts of resigned employees, 32.0% said 'it can take over a month.' Additionally, 7.2% said 'no rules are established,' meaning 39.2% of managers face issues with account processing after resignation.
(4) 'Lack of budget' is the top reason for insufficient security (49.2%), followed by 'lack of dedicated personnel' (47.6%).
For those who answered that their security measures are insufficient, the top reason was 'unable to secure the necessary budget' (49.2%), followed by 'lack of dedicated security personnel' (47.6%) and 'don't know where to start' (39.7%).
(5) 81.3% of those aware of the SCS assessment system plan to increase security investment.
Regarding plans to review security investments due to the SCS system, 13.1% said they plan to 'increase significantly,' and 68.2% said they plan to 'increase somewhat.'
■ Comment from Hiroya Sasaki, IT System Product Unit, SmartHR
This survey shows that requests for security reports from partners are already widespread, and security response across the supply chain is shifting from 'something requested' to 'a prerequisite.'
However, less than 20% of companies can accurately grasp all their SaaS and IT tools, and it takes time to handle accounts of resigned employees. There is a gap between rising external demands and internal management capabilities. While over 80% plan to increase investment, many are unsure where to start. It is important to begin with foundational tasks like inventorying IT assets and accounts to build security measures that can be operated seamlessly in daily work.
FAQ
What should Japanese companies prioritize?
They should start by conducting an inventory of their IT assets and accounts to ensure full visibility.