The Group Digital Strategy Committee is established at Daiwa Securities Group Inc. as a sub-committee of the Executive Management Committee, and the Digital Strategy Committee is created at Daiwa Securities as a subcommittee of the Management Committee. These subcommittees serve to deliberate and decide upon matters for accelerating decision-making involving the integration of management and IT strategies, as well as involving IT investments, and for enhancing the efficiency of IT investments. Furthermore, amid a rapidly changing and difficult-to-predict business environment, the Group has integrated the Data-Driven Promotion Council to foster the implementation of digital projects, thereby strengthening its digital transformation (DX) promotion system. The company is also putting effort into improving digital literacy of all employees by introducing "Digital IT Master Certification System" for developing human resources that can leverage advanced digital technologies to create business innovation as well as the "Daiwa Digital College," the aim of which is to acquire the basic skills for utilizing digital data and practical skills for actual business.

The Group has been investing in IT in order to provide products and services responding to customer needs, realize digital transformation^*1 through digitalization of business processes and analysis, research and utilization of data, develop infrastructure to ensure business efficiency and safety, comply with laws and regulations, and enhance risk management. In FY2023, for Daiwa's online trading service, we established a system that enables real-time entrusted trading of US stocks during US market trading hours and have launched the "US Stock Real Market Price Information" service, which provides real-time market price information on US stocks. We also introduced functions such as the timely notification of stock prices and trade results. Additionally, as an investment in cutting-edge technology, we developed a highly scalable security token wallet^*2 in preparation for a future expansion of the security token market. Furthermore, we implemented system development to respond to the market system reforms undertaken in Japan, including the launch of the new NISA in January 2024 and the inclusion of Roman alphabet characters in securities codes. For the zero trust^*3 security infrastructure that we built in the previous fiscal year, we proceeded with technical verification to enable our collaborators and partners to use our systems with safety and speed.

• *1Digital transformation means a company's initiative to innovate products and services as well as business models based on the needs of customers and society by utilizing data and digital technologies in response to drastic changes in business environment, and to establish competitive advantage by transforming its businesses, organizations, processes, corporate culture and corporate climate.
• *2A system for managing the private keys of security tokens, which are digitized securities whose rights are transferred and recorded using blockchain technology, and for processing the transfer of rights on the blockchain.
• *3A security concept of verifying the security of every access to data systems requiring protection, whether internal or external, without trusting them.

Daiwa Securities Group has worked to maintain and enhance the management of systems risk in order to reliably provide high-quality services to customers while protecting information assets from various threats and risks originating from inside or outside the company. Recognizing the importance of cyber security as a group management issue, we are working to strengthen systems for detecting and monitoring cyberattacks. At the same time, we continue to work toward improving our defense and resilience to cyberattacks, collaborating with outside organizations in an effort led by a dedicated organization (Daiwa-CSIRT^*) that works throughout the Group.
In improving our cyber security management systems, we are considering specific measures in light of cyberattack trends, periodic penetration tests and vulnerability assessments by external specialist firms, and risk assessments conducted within the Group based on these results. During the current Medium-term Management Plan, we will continue to enhance "technical measures," "operational resilience," and "governance" as in the previous fiscal year. Specifically, we are putting effort into managing Group companies appropriately based on their respective cyber risks; optimizing our cyber measures and the related costs; advancing and increasing the efficiency of AI-based security measures; and enhancing education and training for officers and employees.

• *Computer Security Incident Response Team: The organization that manages cyber security across departments.