Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Mar. 31, 2026
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	Nomura maintains a comprehensive cybersecurity strategy. Identifying, assessing and managing cybersecurity threats and risks are an integral component of Nomura’s Operational Risk Management (ORM) Framework. See Item 11. “ Quantitative and Qualitative Disclosures about Market, Credit and Other Risk—Overview of Risk Management Policy and Procedures” for further information on the framework. Nomura has invested and is continuing to invest in its cybersecurity strategy to address fast-evolving and sophisticated cybersecurity threats while at the same time complying with extensive global legal and regulatory expectations. Our cybersecurity programs are designed to be in line with industry best practice standards and include core capabilities such as Security Governance, Risk and Control, Security Awareness and Training, Threat Intelligence & Management, Security Operations Management, Vulnerability Management, Application Security, Data Security, and Identity and Access Management. Nomura is regularly engaging various external service providers to perform independent assessments of our cybersecurity programs and controls. The results from these independent engagements are integrated into updates to our cybersecurity strategy as appropriate. We also conduct our own regular internal security assessments, such as penetration testing, vulnerability scanning, red teaming, and tabletop cyber attack simulations. Nomura has developed a Third-Party Security Risk Management program that monitors and assesses the cybersecurity controls of our third-party vendors, which include, among others, service providers, SaaS providers, contractors, consultants, suppliers, etc. This program provides a consistent, controlled, cross-divisional approach to managing the services provided by third-party vendors. We perform various risk identification activities including security questionnaires, threat intel reports, SOC2 Type 2 attestation review, and onsite reviews for critical suppliers. We also perform periodic reassessment of existing critical vendors. Security risks and exceptions observed are monitored per our global Operational Risk Management framework. During the year ended March 31, 2026, we did not identify any risks from cybersecurity threats, including as a result of previously identified cybersecurity incidents that have materially affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition. However, there is no guarantee that our business strategy, results of operations and financial condition will not be materially affected by a future cybersecurity incident, and we cannot provide assurances that we have not had occurrences of undetected cybersecurity incidents. See Item 3.D “ Risk Factors ” for further information on our cybersecurity-related risks. Cybersecurity Risk Governance Nomura’s cybersecurity strategy and programs are managed by senior officers: the Group Chief Information Officer (“CIO”), who is supported by the Group Chief Information Security Officer (“CISO”) and the Group Chief Data Officer (“CDO”). These senior officers have extensive experience in technology, cybersecurity, information security, and data protection and privacy. The CIO has over 35 years of experience in various engineering, IT, Operations and information security roles. The CISO has over 25 years of experience leading cybersecurity teams at financial institutions, including in the areas of security engineering, risk and control management, data privacy, information security, and cybersecurity. The CDO has over 25 years of experience in data and analytics-led business transformation. Our Board of Directors (“BoD”) has overall responsibility for risk management, with its committees assisting the BoD in performing this function based on their respective areas of expertise. Our BoD delegates its authority to execute business to the Executive Officers led by Group CEO to the extent permitted by law. Among the matters delegated to the Executive Officers by the BoD, the most important matters of business are decided upon deliberation by the Executive Management Board (“EMB”) which consists of the Executive Officers. The EMB delegates responsibility for deliberation of matters concerning risk management including cybersecurity risks to the Group Risk Management Committee (“GRMC”). The CIO is an observer at the EMB and the GRMC, and provides cybersecurity updates to the EMB and the GRMC. The GRMC, based on a delegation from the EMB, meets regularly and reports on its activities and findings to the EMB. These meetings cover critical security topics such as resources and budget in cybersecurity risk mitigation and governance, cybersecurity risks, as well as security incidents and cyber tabletop simulations. In addition to these regular reporting activities to the GRMC, the EMB, and the BoD, potentially material cybersecurity events will be escalated to the same management bodies as well as key stakeholders according to Nomura’s security incident response process including crisis management perspectives.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	Nomura is regularly engaging various external service providers to perform independent assessments of our cybersecurity programs and controls. The results from these independent engagements are integrated into updates to our cybersecurity strategy as appropriate. We also conduct our own regular internal security assessments, such as penetration testing, vulnerability scanning, red teaming, and tabletop cyber attack simulations.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Role of Management [Text Block]	Nomura maintains a comprehensive cybersecurity strategy. Identifying, assessing and managing cybersecurity threats and risks are an integral component of Nomura’s Operational Risk Management (ORM) Framework. See Item 11. “ Quantitative and Qualitative Disclosures about Market, Credit and Other Risk—Overview of Risk Management Policy and Procedures” for further information on the framework. Nomura has invested and is continuing to invest in its cybersecurity strategy to address fast-evolving and sophisticated cybersecurity threats while at the same time complying with extensive global legal and regulatory expectations. Our cybersecurity programs are designed to be in line with industry best practice standards and include core capabilities such as Security Governance, Risk and Control, Security Awareness and Training, Threat Intelligence & Management, Security Operations Management, Vulnerability Management, Application Security, Data Security, and Identity and Access Management. Nomura is regularly engaging various external service providers to perform independent assessments of our cybersecurity programs and controls. The results from these independent engagements are integrated into updates to our cybersecurity strategy as appropriate. We also conduct our own regular internal security assessments, such as penetration testing, vulnerability scanning, red teaming, and tabletop cyber attack simulations. Nomura has developed a Third-Party Security Risk Management program that monitors and assesses the cybersecurity controls of our third-party vendors, which include, among others, service providers, SaaS providers, contractors, consultants, suppliers, etc. This program provides a consistent, controlled, cross-divisional approach to managing the services provided by third-party vendors. We perform various risk identification activities including security questionnaires, threat intel reports, SOC2 Type 2 attestation review, and onsite reviews for critical suppliers. We also perform periodic reassessment of existing critical vendors. Security risks and exceptions observed are monitored per our global Operational Risk Management framework. During the year ended March 31, 2026, we did not identify any risks from cybersecurity threats, including as a result of previously identified cybersecurity incidents that have materially affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition. However, there is no guarantee that our business strategy, results of operations and financial condition will not be materially affected by a future cybersecurity incident, and we cannot provide assurances that we have not had occurrences of undetected cybersecurity incidents. See Item 3.D “ Risk Factors ” for further information on our cybersecurity-related risks.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	Our Board of Directors (“BoD”) has overall responsibility for risk management, with its committees assisting the BoD in performing this function based on their respective areas of expertise. Our BoD delegates its authority to execute business to the Executive Officers led by Group CEO to the extent permitted by law. Among the matters delegated to the Executive Officers by the BoD, the most important matters of business are decided upon deliberation by the Executive Management Board (“EMB”) which consists of the Executive Officers. The EMB delegates responsibility for deliberation of matters concerning risk management including cybersecurity risks to the Group Risk Management Committee (“GRMC”). The CIO is an observer at the EMB and the GRMC, and provides cybersecurity updates to the EMB and the GRMC.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	Our Board of Directors (“BoD”) has overall responsibility for risk management, with its committees assisting the BoD in performing this function based on their respective areas of expertise. Our BoD delegates its authority to execute business to the Executive Officers led by Group CEO to the extent permitted by law. Among the matters delegated to the Executive Officers by the BoD, the most important matters of business are decided upon deliberation by the Executive Management Board (“EMB”) which consists of the Executive Officers. The EMB delegates responsibility for deliberation of matters concerning risk management including cybersecurity risks to the Group Risk Management Committee (“GRMC”). The CIO is an observer at the EMB and the GRMC, and provides cybersecurity updates to the EMB and the GRMC.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Nomura maintains a comprehensive cybersecurity strategy. Identifying, assessing and managing cybersecurity threats and risks are an integral component of Nomura’s Operational Risk Management (ORM) Framework. See Item 11. “

Quantitative and Qualitative Disclosures about Market, Credit and Other Risk—Overview of Risk Management Policy and Procedures”

for further information on the framework.

Nomura has invested and is continuing to invest in its cybersecurity strategy to address fast-evolving and sophisticated cybersecurity threats while at the same time complying with extensive global legal and regulatory expectations. Our cybersecurity programs are designed to be in line with industry best practice standards and include core capabilities such as Security Governance, Risk and Control, Security Awareness and Training, Threat Intelligence & Management, Security Operations Management, Vulnerability Management, Application Security, Data Security, and Identity and Access Management.

Nomura is regularly engaging various external service providers to perform independent assessments of our cybersecurity programs and controls. The results from these independent engagements are integrated into updates to our cybersecurity strategy as appropriate. We also conduct our own regular internal security assessments, such as penetration testing, vulnerability scanning, red teaming, and tabletop cyber attack simulations.

Nomura has developed a Third-Party Security Risk Management program that monitors and assesses the cybersecurity controls of our third-party vendors, which include, among others, service providers, SaaS providers, contractors, consultants, suppliers, etc. This program provides a consistent, controlled, cross-divisional approach to managing the services provided by third-party vendors. We perform various risk identification activities including security questionnaires, threat intel reports, SOC2 Type 2 attestation review, and onsite reviews for critical suppliers. We also perform periodic reassessment of existing critical vendors. Security risks and exceptions observed are monitored per our global Operational Risk Management framework.

During the year ended March 31, 2026, we did not identify any risks from cybersecurity threats, including as a result of previously identified cybersecurity incidents that have materially affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition. However, there is no guarantee that our business strategy, results of operations and financial condition will not be materially affected by a future cybersecurity incident, and we cannot provide assurances that we have not had occurrences of undetected cybersecurity incidents. See Item 3.D “

Risk Factors

” for further information on our cybersecurity-related risks.

Cybersecurity Risk Governance

Nomura’s cybersecurity strategy and programs are managed by senior officers: the Group Chief Information Officer (“CIO”), who is supported by the Group Chief Information Security Officer (“CISO”) and the Group Chief Data Officer (“CDO”).

These

senior officers have extensive experience in technology, cybersecurity, information security, and data protection and privacy. The CIO has over 35 years of experience in various engineering, IT, Operations and information security roles. The CISO has over 25 years of experience leading cybersecurity teams at financial institutions, including in the areas of security engineering, risk and control management, data privacy, information security, and cybersecurity. The CDO has over 25 years of experience in data and

analytics-led

business transformation.

Our Board of Directors (“BoD”) has overall responsibility for risk management, with its committees assisting the BoD in performing this function based on their respective areas of expertise. Our BoD delegates its authority to execute business to the Executive Officers led by Group CEO to the extent permitted by law. Among the matters delegated to the Executive Officers by the BoD, the most important matters of business are decided upon deliberation by the Executive Management Board (“EMB”) which consists of the Executive Officers. The EMB delegates responsibility for deliberation of matters concerning risk management including cybersecurity risks to the Group Risk Management Committee (“GRMC”). The CIO is an observer at the EMB and the GRMC, and provides cybersecurity updates to the EMB and the GRMC.

The GRMC, based on a delegation from the EMB, meets regularly and reports on its activities and findings to the EMB. These meetings cover critical security topics such as resources and budget in cybersecurity risk mitigation and governance, cybersecurity risks, as well as security incidents and cyber tabletop simulations. In addition to these regular reporting activities to the GRMC, the EMB, and the BoD, potentially material cybersecurity events will be escalated to the same management bodies as well as key stakeholders according to Nomura’s security incident response process including crisis management perspectives.

Cybersecurity Risk Management Processes Integrated [Text Block]

Nomura is regularly engaging various external service providers to perform independent assessments of our cybersecurity programs and controls. The results from these independent engagements are integrated into updates to our cybersecurity strategy as appropriate. We also conduct our own regular internal security assessments, such as penetration testing, vulnerability scanning, red teaming, and tabletop cyber attack simulations.

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Role of Management [Text Block]

Nomura maintains a comprehensive cybersecurity strategy. Identifying, assessing and managing cybersecurity threats and risks are an integral component of Nomura’s Operational Risk Management (ORM) Framework. See Item 11. “

Quantitative and Qualitative Disclosures about Market, Credit and Other Risk—Overview of Risk Management Policy and Procedures”

for further information on the framework.

Nomura has invested and is continuing to invest in its cybersecurity strategy to address fast-evolving and sophisticated cybersecurity threats while at the same time complying with extensive global legal and regulatory expectations. Our cybersecurity programs are designed to be in line with industry best practice standards and include core capabilities such as Security Governance, Risk and Control, Security Awareness and Training, Threat Intelligence & Management, Security Operations Management, Vulnerability Management, Application Security, Data Security, and Identity and Access Management.

Nomura is regularly engaging various external service providers to perform independent assessments of our cybersecurity programs and controls. The results from these independent engagements are integrated into updates to our cybersecurity strategy as appropriate. We also conduct our own regular internal security assessments, such as penetration testing, vulnerability scanning, red teaming, and tabletop cyber attack simulations.

Nomura has developed a Third-Party Security Risk Management program that monitors and assesses the cybersecurity controls of our third-party vendors, which include, among others, service providers, SaaS providers, contractors, consultants, suppliers, etc. This program provides a consistent, controlled, cross-divisional approach to managing the services provided by third-party vendors. We perform various risk identification activities including security questionnaires, threat intel reports, SOC2 Type 2 attestation review, and onsite reviews for critical suppliers. We also perform periodic reassessment of existing critical vendors. Security risks and exceptions observed are monitored per our global Operational Risk Management framework.

During the year ended March 31, 2026, we did not identify any risks from cybersecurity threats, including as a result of previously identified cybersecurity incidents that have materially affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition. However, there is no guarantee that our business strategy, results of operations and financial condition will not be materially affected by a future cybersecurity incident, and we cannot provide assurances that we have not had occurrences of undetected cybersecurity incidents. See Item 3.D “

Risk Factors

” for further information on our cybersecurity-related risks.

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Our Board of Directors (“BoD”) has overall responsibility for risk management, with its committees assisting the BoD in performing this function based on their respective areas of expertise. Our BoD delegates its authority to execute business to the Executive Officers led by Group CEO to the extent permitted by law. Among the matters delegated to the Executive Officers by the BoD, the most important matters of business are decided upon deliberation by the Executive Management Board (“EMB”) which consists of the Executive Officers. The EMB delegates responsibility for deliberation of matters concerning risk management including cybersecurity risks to the Group Risk Management Committee (“GRMC”). The CIO is an observer at the EMB and the GRMC, and provides cybersecurity updates to the EMB and the GRMC.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true