Asahi Group Holdings is weighing the creation of a new cybersecurity team following a disruptive ransomware attack in September. The attack impacted operations and financial reporting, with recovery efforts expected to extend into the new year. Japan’s largest beer maker is adopting a stricter “zero-trust” approach, assuming no user within its network is inherently safe, according to chief executive Atsushi Katsuki. As part of this shift, Asahi has already discontinued the use of virtual private networks (VPNs).
Katsuki emphasized the critical importance of information security as a management priority. He acknowledged the inadequacy of previous security measures, stating that the company had underestimated the precautions required. The cyberattack froze Asahi’s core business systems in Japan, forcing manual processing of orders and shipments. Deliveries of year-end gift sets were delayed, and sales of beer and other alcohol products in November fell by more than 20 per cent year-on-year.
Asahi is a major player in the beverage industry, primarily known for its beer brands but also involved in the production and distribution of other alcoholic and non-alcoholic drinks. The company operates globally, with a significant presence in both domestic and international markets. Katsuki remains confident in the company’s ability to regain market share. He anticipates systems will be mostly restored by February, with full competitive positioning returning from March onwards.
Japan’s cybersecurity chief has highlighted the nation’s vulnerability to data threats, noting that corporate defences lag behind those in the US and Europe. A recent ransomware attack on Askul, which disrupted online business for Muji and other retailers, further underscored these concerns. Prior to the breach, Asahi had forecast operating profit to fall 5.2 per cent to ¥255 billion for the year ending December, on sales of ¥2.95 trillion.
