TOKYO -- Companies such as Google and Apple are offering "white hat" hackers rewards of a million dollars or more to find flaws in their systems, while Japanese businesses including Toyota Motor provide only a polite "thank you" despite the growing role software plays in all aspects of industry.
Japan's shortcomings in cybersecurity have been well publicized. A malicious actor could shut down ventilation systems for entire buildings through old, insecure management systems, several hackers told Nikkei. ATMs at most regional banks have the potential to be accessed through outside computers as well.
"We could even change deposit balances," one hacker said.
More companies now regard generous rewards to white hats, or ethical hackers, as being cheaper in the long run than risking a cyberattack that damages their brands. But Japan remains far behind the curve.
Toyota gives its thanks to outside hackers who discover bugs on its website -- but not in its vehicles. The automaker offers no monetary rewards. Technology companies such as NEC and Fujitsu have no rewards schemes for white hat hackers at all.
"Culturally, Japanese companies don't like to admit that they have problems," a source familiar with the issue said.
Many U.S. and European companies aggressively court white hat collaborators. Google said at the end of November that it would pay as much as $1.5 million to hackers who find remote-control vulnerabilities for Android devices, up from a cap of $200,000. The new figure is the highest ever promised publicly by a corporation.
Apple bolstered its bounty to $1 million from $200,000. Tesla and Fiat Chrysler Automobiles offer $15,000 and $7,500, respectively, while Starbucks has a cap of $4,000. Asian companies are part of the trend as well, with Singaporean ride-hailing app Grab offering $10,000.
The average reward for discovering cyber vulnerabilities has jumped 70% worldwide in two years to $3,380 in 2018, according to U.S.-based HackerOne.
