We interviewed Daifuku Co., Ltd. to understand their use of the Panorays third-party cyber risk platform.
Daifuku Co., Ltd. a leading manufacturer and globally growing business, was interviewed about the adoption of the supply chain risk assessment platform, Panorays, at its brand-new headquarters building in Osaka City. The actual operation of the service is still in its early stages, so we interviewed to find out the background and reasons for its adoption.
We interviewed Mr. Yasunori Kawase, Group Manager of IT Security Group, Digital Department, DX Division, Daifuku Corporation, who started using Panorays as an evaluator to respond to a customer’s request. He first worked on improving his own score, and is now in the process of using Panorays as an evaluator for his own supply chain risk management. We interviewed Mr. Yasunori Kawase, Group Manager, IT Security Group, Digital Department, DX Division, Ms. Mami Mizutani and Mr. Hideto Yano, also from the IT Security Group.
*The interview was conducted in January 2024.
Continue reading to learn more about risk management in the supply chain, including contractors and collaborators. Here is some background that led to the adoption of Panorays, as told to us during the interview.
Introduction of Daifuku Co., Ltd.
Since its establishment in 1937, the Daifuku Group has continued to grow by utilizing its core competence of material handling technology. Daifuku currently has affiliate companies and offices in 24 countries and regions has been ranked the world’s number one in the material handling industry in terms of sales for nine consecutive years (source: survey by U.S.-based industry magazine, Modern Material Handling). Daifuku is a comprehensive manufacturer that combines storage, conveying, sorting, picking, and information systems to provide optimal solutions, and total support encompassing consulting through to after-sales service.
Background and Challenges
1. How has the environment surrounding your company changed over the past 10 years?
Mr. Yano: Changes in the external environment are continuous and data breaches at various companies in the manufacturing industry are growing. I believe that interest in information security is rapidly increasing. In terms of the digital supply chain, attacks that exploit the weaknesses in third parties are listed second in the IPA list of the TOP 10 Threats to Information Security. The Ministry of Economy, Trade and Industry’s cyber security management guidelines in Japan also include a section on supply chains.
Regarding the internal environment, we have many overseas group companies, and the number has been increasing over the past few years, so the need for strong security measures and controls are required. In order to respond to the changing digital landscape, there have been organizational changes to optimize the structure within the Digital Department as well as the internal Information Security Committee is being strengthened with a top-down approach.
We have an initiative to raise awareness in order to strengthen information security, which is led by CEO of Daifuku. We also have overseas group companies and transactions with overseas companies, so we need to meet global standards and comply with international governance. Since members of overseas group companies also participate in the committee, the environment is relatively easy to promote. Therefore, from an internal environment perspective, we can work on security measures from both the top-down and bottom-up.
We have an initiative to raise awareness in order to strengthen information security, which is led by CEO of Daifuku. We also have overseas group companies and transactions with overseas companies, so we need to meet global standards and comply with international governance. Since members of overseas group companies also participate in the committee, the environment is relatively easy to promote. Therefore, from an internal environment perspective, we can work on security measures from both the top-down and bottom-up.
2. What is the impact of the environmental changes on your day-to-day operations?
Ms. Mizutani: The change in the environment has resulted in a high level of requests for management measures from both internal and external sources. These include assessments, audits, and customer surveys. In fact, it was a request from a loyal overseas customer that prompted us to implement Panorays. They used Panorays to assess our security posture and requested us to improve the score and it was initially very challenging. We started using Panorays as a supplier (evaluatee) at the customer’s request in June 2022.
Mr. Kawase: We received a request to fix the high risk findings within a few months and within six months to improve our overall evaluation. Since the request came from a loyal customer, the customer service department consulted us stressing the importance, and that was the beginning. Ms. Mizutani took the lead in responding to the request, but there was a hard deadline and it was a challenging request. Today there are FAQs but at that time we could not completely understand what were required, so we asked various questions via SOMPO Risk Management (hereafter SRM), our general agent in Japan, and NSD, our distributor, and slowly but surely made improvements.
As a result, we were able to reach our goal by December. Once we reached that, we felt like achieving even higher and it gave us more motivation. Now we are very happy that we did it. This affects the company’s overall rating and I realized that if we scored well in Panorays, it would be considered a contribution to the company via security.
Now we are in the position of being the evaluator and asking suppliers to cooperate. You may find it challenging in the beginning, but we are sure that someday they will be glad they did it. As we have made improvements as a supplier, our management has decided that we must do the same as a evaluator as well for the sake of our valued customers, despite the costs.
Background and Reasons for Introduction
Ms. Mizutani: I think it’s great that the scores are displayed, and it is also handy that we can use the score as a reason and a proof to get cooperation and support from the colleagues. We can say that the improvement request does not come from individuals, but from the tool, “We received a suggestion from Panorays.” What Panorays requires from us equals what the royal customer requires from us. When we were evaluated, we had to contact Panorays support directly in English, but now that we are an evaluator, it is reassuring to know that SRM provides support in Japanese.
Mr. Kawase: As I mentioned earlier, we used the tool as a supplier (evaluatee) and are familiar with it, so now as an evaluator we can answer inquiries from suppliers and had no reason to choose any other tools. It is also very comprehensive and points out elements we didn’t understand before using the tool. We later learned that another loyal customer of ours, a major Japanese manufacturing company, also uses Panorays.
Assuming that the request from the loyal overseas customer came in June 2022, we had already begun reviewing and screening about three solutions that would compete with Panorays before that date. Some of them had false positives or poor coverage, while others were very comprehensive and accurate. At that time, we didn’t know about Panorays. Just as we were talking about the budget, we received a request from the royal customer to use Panorays. We decided to investigate it, giving priority to responding to the customers’ requests and improving our own reputation.
As a result of using Panorays to improve our own evaluation, we were able to increase our security score and strengthen our supply chain. When it came time for the supplier risk management, we chose Panorays because we had used it for six months and we were already familiar with the platform.
I appreciate that Panorays can detect related assets from a primary domain. If it were my company, I would be able to know what assets we have, but we cannot tell much about our suppliers’ assets, so it is important to be able to detect and have a good understanding of the risk.
Contact Panorays today to unlock real-time insights into your supply chain, mitigate risks, and streamline compliance and reporting. Contact Sales.