Cybersecurity Annual Report
Cybersecurity Annual Report2025 (Publication Date: March 16, 2026)
The Cyber Security Annual Report was created with the aim of introducing the KDDI Group's information security initiatives to a wide range of stakeholders, including investors, and enhancing confidence in the reliability of the KDDI Group's business.
In this report, we present the KDDI Group's information security policies, management framework, and governance, as well as security enhancement measures, research and development of advanced technologies, and initiatives in our security business, as part of our responsibility as an operator supporting critical social infrastructure and providing stable communication services at all times.
-
Contents
-
- Contents Message from the Information Security Chairperson
- Cyberattacks / Cyber Threat Trends
- Initiatives for Cybersecurity
- Information Security Policy
- Information Security Management Framework
- Information Security Governance
- Measures for Enhancing Security
- Using Advanced Technology for Research and Development of Information Security
- Advancement of DDoS Attack Detection Capabilities
- Completion of Security Verification for HQC, Selected as a U.S. Standard for Post-Quantum Cryptography (PQC)
- Data Clean Rooms Enabling Secure Inter-Organizational Data Collaboration with Privacy Protection
- Initiatives in Security Business
Using Advanced Technology for Research and Development of Information Security
■Advancement of DDoS Attack Detection Capabilities
In today's rapidly evolving digital society, the importance of cybersecurity is higher than ever. In Japan as well, the number of DDoS attacks is increasing rapidly, and their scale of impact is expanding, making them a serious threat. Additionally, reports issued by security vendors consistently rank Japan among the top targets of DDoS attacks, indicating that the threat continues to grow on a daily basis.
Furthermore, sophisticated attack techniques designed to evade conventional defensive measures have also been observed. One such technique involves simultaneously launching small-scale attacks against multiple hosts, each remaining below the detection thresholds, thereby gradually consuming network bandwidth across the entire network. Because these attacks can evade detection, they may eventually lead to communication failures or service outages. On the other hand, lowering detection thresholds in response can result in the unintended blocking of legitimate traffic, creating challenges.
Therefore, to respond to evolving DDoS attacks, it is important to focus not only on the "volume" but also on the "nature" of the attack, accurately analyzing the characteristics of attack traffic by leveraging AI. KDDI works to enhance detection technology through advanced analysis using AI, so that early signs of attacks can be quickly recognized and countermeasures initiated by accurately identifying and analyzing these characteristics.
■Completion of Security Verification for HQC, Selected as a U.S. Standard for Post-Quantum Cryptography (PQC)
Ensuring information security through cryptographic technologies is essential in the use of modern information services. However, with the emergence of quantum computers, concerns have been raised regarding the potential insufficiency of cryptographic strength in the future. The National Institute of Standards and Technology (NIST) in the United States has been developing Post-Quantum Cryptography (PQC) designed to withstand the computational capabilities of quantum computers and has declared that the transition from current public-key cryptography to PQC will be completed by 2035.
KDDI Research, Inc. has set world records 19 times in cryptanalysis contests and, in 2025, completed the security verification of Hamming Quasi-Cyclic (HQC), confirming that the security margin at the designated key length is approximately 50,000 times.
Furthermore, we successfully decoded the 3,846-dimensional HQC in 66.2 days, verifying that the security margin exceeds NIST's recommended level of approximately 30,000 times.
Additionally, we achieved the world's first successful decoding of a 240-dimensional code-based cipher over ternary fields, which is expected to be applied in devices with limited data capacity, such as IoT devices.
KDDI Research, Inc. will continue to advance security verification of PQC and research on high-speed, lightweight cryptographic technologies, contributing to the provision of secure and reliable communication services in the era of quantum computers.
Initiatives in Security Business
Cyberattacks are becoming increasingly complex and sophisticated, posing serious risks to business continuity and growing in importance as a critical management issue. Against this backdrop, in 2025 KDDI acquired LAC Co., Ltd., which has extensive experience in the security field, as a wholly owned subsidiary. By integrating corporate communication infrastructure with security capabilities, KDDI has established a comprehensive system that provides end-to-end support for companies to prepare for and defend against cyberattacks.
Additionally, KDDI has the capability to support corporate customers expanding globally and provides optimal security environments tailored to each country and location.
Going forward, KDDI will continue to strengthen its security initiatives and promote the creation of environments that customers can use with confidence and peace of mind.
