The Group IT Strategy Committee is established at Daiwa Securities Group Inc. as a sub-committee of the Executive Management Committee, and the IT Strategy Committee is created at Daiwa Securities as a subcommittee of the Management Committee. These subcommittees serve to deliberate and decide upon matters for accelerating decision-making involving the integration of management and IT strategies, as well as involving IT investments, and for enhancing the efficiency of IT investments.
Amid a rapidly changing and difficult-to-predict business environment, the Group has established and is strengthening its digital transformation (DX) promotion system. Daiwa Securities is transforming to a "data-driven" business model that aims to increase business efficiency and improve the top line by analyzing, researching, and utilizing data. An example of this is the establishment of the Data-Driven Promotion Council which is chaired by the president and attended by each headquarters. The company is also putting effort into improving digital literacy of all employees by introducing "Digital IT Master Certification System" for developing human resources that can leverage advanced digital technologies to create business innovation as well as the "Daiwa Digital College," the aim of which is to acquire the basic skills for utilizing digital data and practical skills for actual business.

The Group has been investing in IT in order to provide products and services responding to customer needs, realize digital transformation^*1 through digitalization of business processes and analysis, research and utilization of data, develop infrastructure to ensure business efficiency and safety, comply with laws and regulations, and enhance risk management. In FY2022, with the aim of swiftly and efficiently entering into alliances with other financial institutions such as banks and Shinkin banks, we promoted efforts toward constructing a platform on which the internal system of Daiwa Securities may be used by partner companies through the website and API^*2. In addition, as part of investments for advancing and improving efficiency in the businesses of Daiwa Securities, we built an infrastructure for storing and analyzing data so that all Daiwa Securities officers and employees can make data-driven decisions. And as the next phase, we worked on the accumulation of data to be used for analysis, and the introduction of analysis tools. Furthermore, we newly enhanced security systems for internal communication in FY2022 by constructing a zero trust^*3 security infrastructure in addition to the security for external communication enhanced in FY2021.

• *1Digital transformation means a company's initiative to innovate products and services as well as business models based on the needs of customers and society by utilizing data and digital technologies in response to drastic changes in business environment, and to establish competitive advantage by transforming its businesses, organizations, processes, corporate culture and corporate climate.
• *2A specification and mechanism that provides inter-system connection in a standard form.
• *3A security concept of verifying the security of every access to data systems requiring protection, whether internal or external, without trusting them.

Daiwa Securities Group has worked to maintain and enhance the management of systems risk in order to reliably provide high-quality services to customers while protecting information assets from various threats and risks originating from inside or outside the company. Recognizing the importance of cyber security as a group management issue, we are working to strengthen systems for detecting and monitoring cyberattacks. At the same time, we continue to work toward improving our defense and resilience to cyberattacks, collaborating with outside organizations in an effort led by a dedicated organization (Daiwa-CSIRT^*) that works throughout the Group.
In improving our cyber security management systems, we are considering specific measures in light of cyberattack trends, periodic penetration tests and vulnerability assessments by external specialist firms, and risk assessments conducted within the Group based on these results. During the current Medium-term Management Plan, we plan to enhance "technical measures," "operational resilience," and "governance." Specifically, we are putting effort into continuously strengthening technological measures based on the concept of zero trust security, enhancing education and training for officers and employees, implementing training of cyber security for the management team, and strengthening the Group-wide cyber security systems through regular meetings with the major Group companies in Japan and abroad.

• *Computer Security Incident Response Team: The organization that manages cyber security across departments.