Cyber Domain, Military, Geopolitics Global Issues, Regional Conflict, Peace Building

Jun Osawa
Senior Fellow,
Sasakawa Peace Foundation

printprint

In recent years, cyberattacks targeting companies and critical social infrastructure have moved far beyond the realm of technical risks that can be left to the IT department alone. The surge in incidents affecting Japanese businesses and essential services since 2024 marked a turning point. By 2025, cyberattacks had come to be recognized as an everyday risk—one that could strike at any time.

Two types of attacks symbolize this shift. Ransomware directly threatens business continuity, while distributed denial of service (DDoS) attacks can paralyze core societal functions, such as finance, transportation, and telecommunications. These are no longer mere system failures; they have become management level risks with direct implications for corporate survival.

Disruptions Caused by Ransomware Attacks

Ransomware attacks typically involve intruders infiltrating a corporate network, stealing confidential data, encrypting servers, and demanding payment to restore access—a digital form of hostage taking. Attackers increasingly resort to double extortion, threatening to leak stolen data if the ransom is not paid.

Japanese companies publicly reported 84 ransomware incidents in 2024, the highest on record and more than a 20% increase from the previous year, according to Trend Micro.[1] Japan’s Information technology Promotion Agency (IPA) likewise ranked ransomware as the top threat to organizations in its report on the top 10 information security threats for 2025.[2]

Major disruptions were particularly visible among large corporations. A major retail chain saw its ordering system shut down,[3] leading to widespread in-store product shortages.[4] Another company handling data processing for local governments, financial institutions, and credit card firms suffered a service outage that halted operations and resulted in the leakage of customer personal data,[5] causing significant public confusion. A video streaming platform was hit by ransomware[6] —claimed by the Russia linked BlackSuit group[7] —and was forced offline for nearly two months. A major logistics provider engaged in e commerce fulfillment had its servers encrypted,[8] halting shipments nationwide.

Overseas cases highlight the scale of the threat even more clearly. In Britain, ransomware disrupted the supply of fresh and frozen foods,[9] leaving store shelves empty. In the United States, an organic food retailer was attacked,[10] similarly resulting in empty shelves[11] and other impacts directly affecting daily life. Airlines have also reported operational disruptions following cyberattacks.[12]

By 2025, the effects were rippling across entire supply chains. A major British automaker was forced to halt production for six weeks, triggering cascading disruptions among parts suppliers.[13] In Japan, a major beverage manufacturer suffered a ransomware attack in September 2025 that shut down its ordering system and halted production and shipments.[14]

These cases demonstrate that system outages are no longer a matter to be dealt with solely by the IT department. Prolonged business interruptions generate not only direct losses—reduced revenue and recovery costs—but also secondary damage: reputational harm, loss of customer trust, and even impacts on share prices.

Ransomware is not just a technical glitch but a management risk. Companies must assume they will be attacked and prepare incident response and business continuity plans (IR/BCP), including fallback procedures and manual operations. Because many intrusions occur through suppliers or contractors, firms must also reassess procurement and contracting practices to ensure security throughout the supply chain.

There is also growing concern that not all ransomware attacks are financially motivated. In the British automaker case, the government suggested Russia may have been behind the attack, aiming to damage the British economy rather than extract a ransom.[15] Some attacks involve no ransom demand at all, raising the possibility of geopolitical motives.

DDoS Attacks Against Critical Infrastructure

Alongside ransomware, 2024 saw a surge in DDoS attacks targeting financial services, transportation, telecommunications, and other critical infrastructure. DDoS attacks overwhelm servers by flooding them with traffic from compromised devices—called botnets—forcing services offline.

In May 2024, a major cashless payment provider was attacked, preventing users from logging into or topping up their mobile app.[16] In October, a cloud based accounting service went offline for about an hour.[17] From December to January, online banking systems and transportation reservation platforms were hit by large scale DDoS attacks,[18] rendering them unusable for hours. For users, these outages were not a minor inconvenience but disruptions affecting essential activities such as payments and travel.

A notable trend is the growing link between DDoS attacks and geopolitical confrontation.[19] Following Russia’s invasion of Ukraine, Japan imposed sanctions—including asset freezes, restrictions on capital transactions, trade bans, and service prohibitions—on Russian entities more than 20 times, while continuing support for Ukraine. Japan also hosted the Japan-Ukraine Conference for Promotion of Economic Growth and Reconstruction in Tokyo in February 2024.

In apparent retaliation, Russia linked hackers launched DDoS attacks against Japanese institutions during the Japan NATO joint exercise in July 2024 and the Japan US Keen Sword exercise in October.[20] Cyberspace is increasingly being used as a channel for diplomatic signaling and coercive messaging.

Similar patterns are visible in Europe and the United States. In Europe, DDoS attacks against financial institutions have increased amid tensions with Russia, disrupting cashless payments and online banking.[21] For attackers, DDoS has become a form of digital retaliation, effectively holding infrastructure hostage.

Cyberattacks as Management Risks

Ransomware and DDoS attacks differ in method but pose a common question to business leaders: Is a viable business continuity scenario in place for when systems go down?

Several areas of preparedness are essential. First, cyber risk must be treated as a management-level issue, on a par with financial or natural disaster risks. Companies must identify which systems are critical to which operations and define acceptable and unacceptable downtime. Without this, prioritizing recovery and security investment is impossible.

Second, risk must be managed across the entire supply chain. Attacks on suppliers or contractors can halt a company’s own operations. Businesses must revise procurement rules, such as by embedding security requirements in contracts, requiring third party assessments, and diversifying vendors to reduce single points of failure.

Third, geopolitical risk must be integrated into crisis management. A company’s exposure depends on where it operates and how sanctions or foreign policy measures affect it. Diplomatic and security developments should be read as signals of cyber risk, not merely as news.

And finally, companies must plan for initial response and accountability during an incident: what and when to communicate to customers, business partners, shareholders, and regulators; and at what stage senior leadership should step forward. Without pre established scenarios and training, these processes will fail under pressure.

Cyberattacks will continue to grow more sophisticated. They cannot be completely prevented. But resilience—built on leadership decisions and preparation—can significantly reduce the damage. Ransomware and DDoS attacks underscore a fundamental reality: cybersecurity is no longer an IT expenditure but a core management strategy for corporate survival.

(2026/03/23)

Notes

  1. 1 Trend Micro, “2024-nen saiba risuku doko sokatsu” [Summary of Cyber Risk Trends in 2024], January 8, 2025.
  2. 2 Information technology Promotion Agency, “Joho sekyuriti 10-dai kyoi 2025” [Top 10 Information Security Threats 2025], July 24, 2025.
  3. 3 Izumi Co., Ltd., “Daisansha ni yoru ransamuwea kansen higai oyobi keika ni kansuru oshirase” [Notice Regarding Ransomware Infection by a Third Party and Subsequent Developments], February 22, 2024.
  4. 4 NTV News, “Yume Taun nado tenkai ‘Izumi’ saiba kogeki de shogai, ichibu shohin ga shinausu ni” [Cyberattack on Izumi, Operator of YouMe Town: Some Products in Short Supply], February 23, 2024.
  5. 5 Iseto Corporation, “Fusei akusesu ni yoru kojin joho roei ni kansuru owabi to go-hokoku” [Notice and Apology Regarding Personal Information Leakage Due to Unauthorized Access], October 4, 2024.
  6. 6 Kadokawa Corporation, “Ransamuwea kogeki ni yoru joho roei ni kansuru oshirase” [Notice Regarding Information Leakage Caused by a Ransomware Attack], August 5, 2024.
  7. 7 Nikkei Online, “Hakka shudan ga hanko seimei KADOKAWA e no saiba kogeki” [Hacker Group Claims Responsibility for Cyberattack on Kadokawa], June 28, 2024.
  8. 8 Kantsu Co., Ltd., “Tosha ni okeru saiba kogeki ni yoru shisutemu no teishi jian hassei no oshirase” [Notice of System Outage Due to Cyberattack], September 28, 2024.
  9. 9 Co-operative Group Ltd. (UK), “Cyber Incident,” accessed December 13, 2025.
  10. 10 United Natural Foods, Inc., “UNFI Systems Update,” June 26, 2025.
  11. 11 Matt Egan, “Empty Shelves Plague Some Whole Foods after Distributor Knocked Offline,” CNN, June 10, 2025.
  12. 12 Sean Lyngaas, “Rampant Cybercriminal Group Targets US Airlines,” CNN, June 28, 2025.
  13. 13 Joe Tidy, “JLR Hack Is Costliest Cyber Attack in UK History, Say Analysts,” BBC, October 22, 2025.
  14. 14 Asahi Group Holdings, Ltd., “Saiba kogeki ni yoru joho roei ni kansuru chosa kekka to kongo no taio ni tsuite” [Investigation Results and Future Measures Regarding Information Leakage Caused by Cyberattack], November 27, 2025.
  15. 15 Ben Riley Smith, “Russia May Have Been Behind Jaguar Land Rover Cyber Attack,” The Telegraph, October 11, 2025.
  16. 16 Ministry of Land, Infrastructure, Transport, and Tourism, “Mobairu Suika shisutemu-to no shogai ni tsuite” [On the Mobile Suica System Outage] (press briefing), May 14, 2024.
  17. 17 OBIC Business Consultants Co., Ltd., “Bugyo Kuraudo, Bugyo Kuraudo Edge 2024-nen 10-gatsu 7-ka 8-ka no shogai hassei no owabi to go-hokoku” [Apology and Report on the Outage Affecting ‘Bugyo Cloud’ and ‘Bugyo Cloud Edge’ on October 7–8, 2024], accessed December 13, 2025.
  18. 18 Yomiuri Shimbun Online, “Nenmatsu nenshi no kigyo ‘Di-dosu kogeki,’ irei no kohan’i ‘jutan bakugeki-gata’” [Unusually Widespread ‘Carpet Bombing’ DDoS Attacks on Companies Over the New Year Holidays], February 4, 2025.
  19. 19 Jun Osawa, “Cyberattacks and Disinformation Linked to Diplomatic Events: DDoS Attacks During the G7 Summit,” IINA, October 17, 2024.
  20. 20 Jun Osawa, “Saiba anzen hosho no genzai: Chiseigaku risuku o kami shita saiba josei to seisaku no doko” [The Current State of Cybersecurity: Geopolitical Risk and Policy Trends], NPI Quarterly, Vol. 16, No. 4, pp. 10–11.
  21. 21 Jun Osawa, “Financial Services Targeted by Cyberattacks: Changes in the Geopolitical Environment and the Increase in DDoS Attacks,” IINA, June 24, 2024.