When Your Partner's Staff Are Inside: Japan's Secondment (出向) Risk and the Toyota Insurer Leak

Part of our guide to Japan’s cybersecurity landscape. For the regulatory map behind it, see Japan’s Cybersecurity Laws & Guidelines.

In April 2026, three of Japan’s largest non-life insurers disclosed that employees they had seconded to Toyota Motor had improperly taken Toyota’s internal information and the personal data of Toyota employees, reportedly over several years (Nikkei). To a foreign reader this sounds like an ordinary insider leak. It isn’t — and the reason why is a feature of Japanese business that most overseas security teams have never had to threat-model: 出向 (shukkō), the secondment of staff between companies.

I work in information security at a Japanese enterprise. I want to use this case not to pile on, but to explain a structural blind spot that foreign companies with Japanese partners, joint ventures, or keiretsu ties quietly inherit.

What was reported

According to reporting, employees seconded from Tokio Marine & Nichido, Mitsui Sumitomo Insurance, and Aioi Nissay Dowa Insurance to Toyota took internal materials — such as meeting minutes and organizational information — and personal information on Toyota employees, without authorization (Nikkei; Toyo Keizai). Coverage described the conduct as effectively gathering competitive intelligence — rival insurers’ terms, competing quote prices, renewal timing — for the seconding insurers’ sales benefit.

As this disclosure is recent and still developing, I’ll treat the specific figures cited in reporting as provisional and focus on the structural mechanics, which are already clear enough to learn from.

This did not emerge in a vacuum. It follows the broader reckoning in Japan’s non-life insurance sector — the BigMotor fraudulent-claims scandal and the resulting scrutiny of seconded staff — which prompted the Financial Services Agency’s 2024 report on structural problems in the industry, flagging the appropriateness of secondments to agents and partners as a core issue (FSA report, June 2024).

What is 出向 (secondment), and why it’s a blind spot

Here is the context a foreign security team lacks. Under 出向, an employee of Company A is sent to work inside Company B — embedded in B’s offices, on B’s org chart, often for years — while their employment relationship with A continues. It is a normal, trust-based feature of Japanese corporate relationships, used to deepen partnerships, transfer know-how, and cement keiretsu and supplier ties.

For an insider-threat model, secondment creates a person who is:

• Physically and organizationally inside the host company, with the access of an insider;
• Loyal, ultimately, to a different employer — the one they will return to;
• Trusted precisely because the relationship between the two firms is close.

That is a structurally awkward combination. The seconded employee has an insider’s reach and an outsider’s incentives, wrapped in a relationship whose whole premise is not to treat them with suspicion. A Western “third-party risk” or “contractor offboarding” program doesn’t cleanly capture this, because 出向 staff are not contractors and not quite employees — they are trusted partners sitting at an insider’s desk.

The structural reading — attack the system, not the person

The instinct is to frame this as individuals behaving badly. I think that misses the more useful, and more uncomfortable, point: the system was arranged so that this behavior was almost rational.

When a seconded employee’s home-company evaluation rewards the intelligence and relationship value they bring back, and the host grants insider access on the assumption of partnership goodwill, you have built an incentive to gather information and removed the controls that would catch it. That is not a story about bad apples; it is a story about an environment that quietly asked for the fruit.

The governance principles are the same ones I apply to any access decision:

• Least privilege doesn’t pause for partners. A seconded employee needs the access their function requires — not the standing reach that “they’re basically family” tends to grant.
• Trust is not a control. “They’re from a partner we’ve worked with for decades” is a statement about relationship, not about what their account can exfiltrate on a Tuesday.
• You can only manage what you measure. If seconded-staff access to confidential materials and personal data isn’t logged and reviewed like any other privileged access, you are relying on goodwill — and goodwill leaves no audit trail.

Blaming the individuals lets the structure off the hook, and the structure is the part you can actually fix.

Lessons for foreign companies with Japanese partners

If you operate in Japan through joint ventures, keiretsu relationships, or partner secondments — or you host seconded staff from a Japanese partner — this is your threat model too:

• Inventory seconded (出向) personnel and their access. Know who at your desk works for someone else, and what they can reach.
• Apply least privilege to seconded staff explicitly. Scope access to function; resist the “they’re trusted partners” expansion.
• Log and review their access to confidential and personal data as you would any privileged insider — without exception for the relationship.
• Define data-handling terms in the secondment agreement, including what may leave with the person when the secondment ends.
• Don’t treat closeness as assurance. The closer the partnership, the more access flows on trust — and the larger the unmeasured exposure.

For the Japanese data-protection obligations triggered when employee personal data is involved, see the APPI guide.

The bottom line

The Toyota insurer case is not really about three insurers, and definitely not about a few individuals. It is about a trusted business structure — secondment — that grants insider access on the strength of a relationship, without the measurement that would catch abuse. Foreign companies tend to threat-model contractors and employees; in Japan, the trusted person at the next desk may belong to someone else entirely. Model that, or inherit the blind spot.

Start from the pillar guide for the full map of Japan’s regime.

References

• Tokio Marine and other insurers disclose information leakage by staff seconded to Toyota (Nikkei, confirmed 2026-06-11)
• Three major insurers took internal information and personal data from Toyota — “spy activity” resurfaces in non-life insurance (Toyo Keizai, confirmed 2026-06-11)
• Report of the expert panel on structural issues and competition in the non-life insurance industry (Financial Services Agency, June 2024, confirmed 2026-06-11)