Hostile cyber activity targeting Japan and the United Kingdom is becoming more intense, more frequent, and more sophisticated.

Both countries have experienced attacks causing substantial financial and social harm — disrupting essential services, undermining public trust, and exposing vulnerabilities across critical industries. With threats increasingly cross-border, a single attack can now cascade through global supply chains and interconnected digital ecosystems, amplifying its impact far beyond the original target.

While both governments have taken steps to counter these risks, neither can secure cyberspace alone. Stronger, more resilient cyber security depends on cross—border public—private partnerships (PPPs) that match the speed and scale of today's threats. As Keidanren often emphasises, this means: "Cybersecurity for all, cybersecurity by all."

Why Public—Private Partnerships Matter More Than Ever

At any international cyber conference, one message is constant: PPPs are no longer optional — they are critical. This reflects a simple truth. The digital infrastructure that underpins our economies is mostly owned and operated by the private sector. Securing this environment requires a "whole—of—society approach".

Effective PPPs bring together government, industry, and academia — an actor too often overlooked — to enable trusted information sharing and the rapid co—development of solutions. In a domain where adversaries collaborate fluidly, defenders must do the same.

Similar challenges

Recent incidents in both countries show how cyberattacks have resulted in national—level economic shocks.

They also highlight the same persistent weaknesses: compromised credentials, complex global supply chains with uneven security maturity, and operational technologies never built to withstand cyber attacks. And underscore a broader truth: cyber attacks often affect workers, small businesses and consumers who may have no direct connection to the initial victim.

As the UK National Cyber Security Centre's 2025 Annual Review notes: "Cyber risk is no longer just an IT issue — it's a boardroom priority". All business leaders need to take responsibility for their organisation's ability to prepare for, respond to, and recover from cyber attacks.

Collective responsibility and sharing best practice

Progress is already underway. In January, the Prime Ministers of Japan and the UK launched the Japan—UK Strategic Cyber Partnership, built around three pillars:

1. Detect, deter, and defend against cyber threats;
2. Enhance whole—of—society cyber resilience; and
3. Build a growth— and innovation—driven cyber ecosystem.

PPPs are central to all three.

Two years earlier, in January 2024, the Keidanren Cyber Security Committee visited the UK for a three—day programme hosted by the National Cyber Advisory Board (NCAB), which I co—chair. Senior leaders from industry and government across both countries met to discuss securing digital supply chains, improving business engagement in resilience, and addressing shared cyber—skills shortages. The visit culminated in the signing of the Keidanren-NCAB Memorandum of Cooperation, committing both sides to deepen public—private dialogue, strengthen executive—level understanding of cyber security risks and broaden cooperation on cross—border standards development.

This reflects a mutual recognition that cyber security is a shared responsibility — and that sustained, structured cooperation is essential.

Regulatory Alignment

One area where deeper collaboration is urgently needed is regulatory alignment. International companies face an increasingly complex and inconsistent patchwork of cyber security regulations across jurisdictions. These inconsistencies often divert resources away from practical security improvements toward compliance administration — an inefficient outcome for both governments and businesses.

As both countries develop new requirements for mandatory reporting, closer Japan—UK cooperation can reduce this burden by aligning expectations, harmonising standards where appropriate, and championing best—practice adoption across both ecosystems. This will support global supply—chain resilience and ensure companies can focus their resources on strengthening defences.

Conclusion

Cyber threats will continue to escalate, but Japan and the UK are uniquely positioned to lead by example. By deepening PPPs — not only within our own borders but between them — we can strengthen collective defences, bolster supply—chain resilience, and shape a safer digital environment in which citizens and businesses can thrive.

Strong cyber security is no longer just a national priority. It is a shared endeavour — and one where Japan and the UK can excel together.