Japan Today reports on a staggering number of personal information leaks as a result of cyber attacks targeting Japanese companies:

There were 3.08 million cases of personal information definitely or probably being leaked through cyberattacks on companies or other entities in Japan in 2017, a Kyodo News tally shows.

These figures are based on data security breaches at 82 entities last year — 76 companies, four administrative entities and two universities, according to the tally of confirmed or suspected data breaches.

The corresponding number of cases totaled 2.07 million in 2015, before surging to 12.6 million in 2016 due to a massive data leak at travel agency JTB Corp.

However, the amount of damages stemming from stolen credit card information hit an all-time high last year, as credit card information was involved in 530,000 cases, or roughly one-sixth of the total.

The total amount of damages roughly doubled from a year earlier to 17.6 billion yen ($166 million) in 2017, according to the Japan Consumer Credit Association.

Yet these figures probably understate the extent of the problem, according to some experts.

There are likely a host of companies unwilling to report data breaches for fear of legal liability or public embarrassment. Take these numbers with a huge spoonful of salt because it is almost guaranteed to be much larger number.

Japan has been making strong strides to increase cyber security capability throughout the years. However, there is a lack of emphasis on computer science in grade, middle, and high schools. A concerted, strategic focus on educating young folks on cyber security, an extremely important topic, is essentially non-existent. Until the Japanese educational system catches up with the societal shift towards more data-driven enterprises, Japan will unfortunately remain a cyber security laggard.