CASE 27 We supported the establishment of a Japanese subsidiary of SecurityScorecard, Inc, the global leader in cybersecurity risk ratings.

SecurityScorecard Co., Ltd.
Mr. Dai Fujimoto

SecurityScorecard Inc., founded in 2013 and headquartered in New York, USA, is a global leader in cybersecurity risk ratings.
Their patented cybersecurity risk rating technology is currently used by over 16,000 organizations for security risk management, supply chain risk management, executive reporting, cyber due diligence, and cyber insurance premium calculations.

With the advancement of AI and IoT, the risk of economic and social losses due to cyber-attacks continues to increase. In particular, the damage caused by supply-chain attacks is becoming more serious every year. Supply-chain attacks target large corporations through their subsidiaries or business partners with weak security measures.

"SecurityScorecard Ratings" we offer is a revolutionary cyber security risk assessment platform, which instantly scores the risk of such supply-chain attacks and then visualizes the aspects that need to be improved.
The main feature of this service, based on information collected non-intrusively from the Internet without placing a burden on the client systems, is that it allows companies to grasp not only their security status but also that of the entire supply chain. In addition to scoring, it also provides information on the basis of the score and recommended actions for the improvement.

SecurityScorecard's solutions, including cybersecurity risk ratings, are rapidly being adopted globally. They have also been highly evaluated by third-party rating organizations for being distinct from conventional security solutions.
Since the launch of the "SecurityScorecard Ratings" service in 2013, the number of companies that have undergone risk assessments has continued to grow rapidly, surpassing one million in 2018, and reaching approximately 11.68 million as of October 2021.

In June 2021, the company established a Japanese subsidiary, SecurityScorecard Co., Ltd. in Tokyo, to expand its business in Japan.

Support by Business Development Center TOKYO (BDCT)

  • Provision of information and advice on the establishment of the Japanese subsidiary.

Reasons for choosing Tokyo as a new market hub

In today's Internet-based society, cybersecurity measures have become indispensable for any company or organization in any country in the world.
In particular, security measures for supply chains, vulnerable to cyber-attacks, have become an increasingly critical issue.

Japan, of course, is no exception. The security status of companies and their business partners is externally evaluated and quantitatively scored. Then, by improving the highlighted problem areas, their score is raised, ensuring they are less vulnerable to attacks. Although such cybersecurity measures are now becoming mainstream from a global perspective, the number of Japanese companies that have adopted such measures remains low compared to Europe and the United States. One of the reasons is that it is difficult to hire specialists in cybersecurity amidst the current shortage of IT personnel.
In addition, the Ministry of Economy, Trade, and Industry's Cyber Security Management Guideline V2.0 clearly states and warns that security measures should be taken for the entire supply chain.

Our mission is to analyze the weaknesses in the security environment of Japanese companies from an attacker's perspective, and, through a combination with supply chain risk management, provide the best solutions to as many Japanese companies as possible. In other words, we believe that our mission is to contribute to improving the security status of not only large companies but also the entire supply chain.

To achieve this, we thought it was necessary to establish a business base in Tokyo, where many large companies are concentrated, and to develop our security risk rating service, appropriate for the Japanese security environment, to meet the needs of Japanese companies.

Business Development Center Tokyo (BDCT) / Support by the Tokyo Metropolitan Government(TMG)

When deciding whether to enter the Japanese market, we were provided with a research report and analysis of the Japanese market through the support of the Tokyo Metropolitan Government's program "Discover and Attract Foreign Companies" supporting foreign companies entering the Japanese market.

Through the above program, we've got precise and detailed information on the current state of the security risk rating market, potential customers, and potential partners.
Our international team checked and reviewed this information, concluded there was a business opportunity, and then decided to enter the Japanese market. The information we received was very useful in making our decision.

As we began the process of establishing a base in Japan, in May 2020, we commenced communications with BDCT as a replacement to the previous support from the TMG program.
Our initial plan was to establish a "branch" as our base in Japan. In response, BDCT provided us with a comparison of setting up a "branch" and a " corporation". The purpose of this was to determine which would be more appropriate for us when we set up our organization in Japan.
Based on this information, and after discussions with our head office, we finally decided to establish a Japanese subsidiary.

BDCT, through the sharing of various related information and advice, was very supportive in providing us with the fundamentals of establishing a business base in Japan. We also appreciated the fast response to our requests.
Going forward, we would like to continue speaking with BDCT to learn more about the support available regarding the status of our Japanese subsidiary.

Future Business Development

We have two methods for selling our solution. One is sales via resale partners, who provide end-users with direct access to our platform and full functionality. The other is through an alliance partner, where the information provided by us is combined with consulting services provided by the alliance partner. We are making efforts to expand the security risk rating market in Japan with multiple reseller partners and alliance partners.

With a small number of employees, we have just launched our Japanese subsidiary and we are now laying the foundations for our next steps. Many organizations have shown an interest in our security risk rating service, so we have confidence. Shortly, we need to strengthen our Japanese subsidiary's organizational structures. When we do, we may have another opportunity to receive support from BDCT, such as an introduction to a staffing agency when recruiting personnel, an introduction to a real estate agent when considering office expansion, or a request for more information and interviews with a consultant when considering further business development.

With the establishment of our Japanese subsidiary, we are confident that we can contribute more than ever to improving the security status of our clients in Japan.
Our core mission is to create a safer world by helping companies to understand cyber risks and to encourage specific improvements thereby avoiding incidents - such as information leakage through cyber-attacks.

Back to Case Studies