Microsoft ends support for Internet Explorer on June 16, 2022.
We recommend using one of the browsers listed below.

  • Microsoft Edge(Latest version) 
  • Mozilla Firefox(Latest version) 
  • Google Chrome(Latest version) 
  • Apple Safari(Latest version) 

Please contact your browser provider for download and installation instructions.

Open search panel Close search panel Open menu Close menu


Resilience Strategies (1) <Natural Disasters, Large-Scale Failures and Other Similar Events>

The NTT Group is active around the globe, providing a myriad of services that sustain both social and economic activities as well as safeguarding daily life. These include communications networks, information systems, and other essential life-supporting services such as finance and payment solutions. There is a risk that the provision of these services could be compromised due to natural disasters like earthquakes, tsunamis, typhoons, and floods, as well as physical attacks including military invasions and terrorism, delays in development or glitches in vital systems, or the occurrence of significant network malfunctions. Such events have the potential to negatively impact the trustworthiness and corporate image of the NTT Group. Risks

To address such risks, the NTT Group has implemented a variety of strategies to ensure that the systems and networks necessary for service delivery operate safely and reliably. These strategies include fortifying the seismic and flood-resistant capabilities of communication buildings, diversifying transmission routes, and enhancing emergency power supplies for communication buildings and base stations during extended power outages. Particularly for large-scale failures, our concrete measures involve not only swift and accurate service restoration, but also rapid identification of the root causes. We will continue to enact cross-Group initiatives aimed at 1) comprehensive assessments and recurrence prevention for apparent risks, and 2) building a more resilient network based on an inventory of cross-Group risks, considering that unforeseen incidents are inevitable. Addressing Risks

In terms of seizing opportunities, we believe that improvements in network resilience and faster recovery capabilities will boost the reliability of our communication networks and information systems. This, in turn, will elevate customer satisfaction and enhance our brand image. For customers demanding even higher reliability, we will offer new value by expanding our range of solutions designed to reinforce their Business Continuity Plans. Opportunities

Indicators and Targets Related to Natural Disasters, Large-Scale Failures and Other Similar Events

(Note)1. The scope for counting significant incidents is limited to the four designated public telecommunications companies (NTT East, NTT West, NTT Communications, and NTTDOCOMO).
2. A "significant incident" is defined as an event meeting the following conditions that disrupt or degrade the quality of telecommunications services:
・Voice services that handle emergency calls (110, 119, etc.): Lasting more than 1 hour and impacting over 30,000 people
・Voice services that do not handle emergency calls: Lasting more than 2 hours and impacting over 30,000 people, or more than 1 hour and impacting over 100,000 people
・Internet-related services (free): Lasting more than 12 hours and impacting over 1 million people, or more than 24 hours and impacting over 100,000 people
・Other services: Lasting more than 2 hours and impacting over 30,000 people, or more than 1 hour and impacting over 1 million people

Disaster Countermeasure Initiatives

As a designated public organization, the NTT Group is making a daily effort to ensure emergency and critical communication channels. Furthermore, in recent years, there is an escalating risk of physical attacks, such as armed assaults and acts of terrorism, on top of the increasing frequency of large-scale, expansive, and long-lasting natural disasters. Recognizing the potential for natural disasters to have greater impacts on telecommunications facilities and services and for recovery efforts to be prolonged, NTT is increasing the resilience of its facilities and taking steps to expedite recovery efforts.

Initiatives Related to Resilience in the New Medium-Term Management Strategy (Further Strengthening of Business Foundations)

Learning from past experiences and lessons in telecommunications failures, we will create a robust network/system that takes into account the occurrence of major malfunctions and cyber-attacks, thereby strengthening social infrastructure. In addition, we will strengthen measures to cope with natural disasters, which are becoming increasingly severe. Looking toward this goal, we will invest around 160 billion yen*1 by fiscal 2025.

To build a resilient network system, we will proceed based on the assumption that unexpected events will inevitably occur, implementing preventive measures against human errors and malfunctions while minimizing the impact if a failure does occur.

Furthermore, we will enhance disaster preparedness and globally standardized cybersecurity measures, with a view toward safe and secure service delivery.

Resilience Strategies (2) <Security>

Should we experience security incidents such as cyber-terrorism that lead to service outages, degradation in service quality, or the leakage, alteration, or loss of information, there is a risk that the NTT Group's reputation and corporate image could suffer. This, in turn, could potentially impact our business performance and financial stability. Risks

To mitigate such risks, the NTT Group is actively engaged in risk-based information security initiatives. These are grounded in the belief that cyber incidents are inevitable and that minimizing damage is crucial. Measures include the implementation of a

As for capitalizing on opportunities, we are committed to nuturing security specialists endowed with state-of-the-art technology and deep expertise. Furthermore, we are actively offering risk management support services to businesses and communities outside the Group by leveraging the knowledge and insights accumulated through our risk-mitigation efforts. Opportunities

Indicators and Targets Related to Security

(Note)The scope of tallying the number of telecommunications service interruptions due to external cyberattacks includes four specified public institutions: NTT East, NTT West, NTTCommunications, and NTT DOCOMO.

Organization for Implementation

NTT Group's Security Governance Goals


Enhancing Security 1) Global Collaboration

Collection and Utilization of Global Threat Information

NTT has joined the Joint Cyber Defense Collaborative (JCDC), a U.S. government cybersecurity and resilience initiative, as its first Asian member.

Established by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in 2021, the JCDC is spearheading the collaborative development of cyber defense plans, information sharing on cybersecurity, and the dissemination of cyber defense guidance to reduce risks to critical infrastructure and essential national functions. Private sector members include major telecommunication companies, technology giants, and major security companies, such as AT&T, Verizon, Lumen, Microsoft, Google, Cisco, Mandiant, and Palo Alto Networks. Moreover, U.S. government intelligence agencies and cybersecurity-related departments from countries allied with the U.S. are also participating. By leveraging the global intelligence gained from the JCDC, NTT can offer more effective protection of vital information networks and improved responses to cyber incidents. Additionally, sharing information with other JCDC members enables NTT to further advance its own cybersecurity initiatives.

Building on our existing foundation of trust and collaboration with CISA and the U.S. government, we will contribute a unique Asian perspective to the JCDC while sharing NTT's leadership along with its expansive global experience and specialized expertise in security. In an era of continued global uncertainty surrounding cybersecurity, we firmly believe that a collaborative approach between the public and private sectors in cybersecurity is essential, not just in the United States but also globally, to defend against cyberattacks that threaten the critical social infrastructure upon which our daily lives depend.

Enhancing Security 2) Defense from an Attacker's Perspective

Red Team

NTT formed a Red Team in 2019. A Red Team conducts simulated cyberattacks from the perspective of external attackers. In the realm of cybersecurity, it is a never-ending game of cat and mouse, with new types of attacks emerging no matter how much one defends. Moreover, while attackers only need to succeed once with any variety of assaults, defenders must block every single one, creating an imbalance that favors the attackers. To address this challenge, NTT's Red Team was established to formulate countermeasures from the attacker's viewpoint. The ultimate goal is to improve defensive capabilities; the activities are not limited to just conducting simulated attacks. The Red Team's activities also include analyzing and reporting vulnerabilities and organizational challenges in the targeted systems after the simulated attack and even providing actionable advice for improvement. In some cases, the team may assist with implementing these improvements.

Bug Bounty Program

NTT began a Bug Bounty Program on a trial basis in 2022 and fully launched it in 2023. A bug bounty is a reward given to individuals who discover security loopholes in an information system. NTT has implemented this program with two specific aims.

1) To identify and rectify vulnerabilities before they can be exploited by malicious third parties, thereby enhancing the overall security posture of the NTT Group.

2) To offer employees who participate an avenue to refine their security skills from an attacker's viewpoint, thereby nurturing the development of security talent.

The trial phase demonstrated that the program not only contributed to enhancing corporate security, but also helped in discovering undiscovered security talent and further honing their skills. Although fully operational only since 2023, the program will be continually refined, and we aim to broaden the understanding that improving security is a collaborative effort involving all employees.