The massive cyberattacks against Estonia in 2007 marked the beginning of new era where cyberspace can be misused by daunting malicious actors as part of new operational domain like land, sea and air, which differs from ordinary cybercrime in nature. Japan has not been exempted from such cyberattacks and experienced a number of severe information breaches, to begin with the Japan Pension Service case in 2015 with the leakage of more than 1.25 million citizen's personal information. The aggravating security situations both in real and cyberspace urged Japan to review and improve its governance several times in terms of laws, strategies, and policies as well as organisational structures, coupled with increased budget and human resources. As a result, Japan denounced two cyberattacks by means of public attribution to date, WannaCry to North Korea in 2017 then so-called APT10 to China in 2018. This paper analyses Japan's efforts since past ten years to strengthen her cybersecurity governance from the viewpoint of anticipation and attribution, which require better coordination and cooperation public-public (interagency), public-private and private-private.