South Korean Firms Overlook Security: 97% Lack Dedicated Teams

-

A small tax law firm in Seoul, with just 15 employees, does not have a dedicated budget for cybersecurity. The firm relies on specialized programs connected through the cloud (virtual servers) for its tax-related work and shares files using Google Drive or Microsoft OneDrive. Its internal computers are managed with outdated antivirus software. The firm has never considered the possibility that malware could infiltrate all its computers via employee emails and subsequently breach the cloud. Representative A, who is 46 years old, stated, “I’ve never thought about hacking while doing business,” and added, “I wonder if a company like ours needs to do that.”

As hackers around the world target South Korea, with over 60 million cases of personal information leakage this year alone, Korean companies are falling into a “three-nothing” state—no budget, no dedicated personnel, and no will to improve security. While the risk of secondary damages such as illegal payments and phishing scams due to large-scale customer data leaks is increasing, companies remain trapped in a “moral hazard,” staying passive about security investments.

According to the “2024 Information Protection Survey” published in April by the Ministry of Science and ICT, which surveyed 6,500 companies with 10 or more employees nationwide, 87.9% of companies spent either nothing or less than 5 million won annually on information protection. Nine out of ten companies are in a security blind spot. Only half (49.9%) of all companies allocated any budget to information protection. 48.4% of companies had no information protection policies, and 67.4% had no dedicated information protection organization.

◇“Even if hacked, fines are cheaper”… 97% of companies lack dedicated information protection teams

Korean companies verbally acknowledge the importance of information protection (79% responded affirmatively) but neglect investment. An analysis by CEO Score, a corporate data research institute, of 585 companies’ information protection investments from 2022 to 2024 showed that the ratio of information protection investment to sales was 0.1–0.13%. In particular, the ratio of security investment to IT budget was 6–6.2%, half the U.S. level (13.2%). In a survey of over 8,000 private security and business leaders in 30 countries, including South Korea, by global network equipment company Cisco, only 3% of respondents rated South Korea as effectively managing cyber risks. Companies’ reluctance to invest in security stems from the lack of immediately visible results. “Cost-effective” management, which focuses only on performance metrics, is attracting hackers to South Korea. A former representative of a major security company, who requested anonymity, said, “Surprisingly, South Korea’s security awareness—from large corporations to small businesses—is far lower than its economic level or global standards.”

◇Only 3% of companies have dedicated information protection organizations

Companies’ low security awareness is evident in their lack of dedicated personnel for information protection. 67.4% of companies do not operate formal information protection organizations. Only 3% of companies have established dedicated teams, with an average of just 1.1 personnel per team. Kim Myung-joo, a professor at Seoul Women’s University, said, “Security personnel are often developers who handle security tasks part-time. There is no system to hire dedicated personnel, provide continuous education, or prepare for security as an investment.” Security requires daily monitoring and immediate response to hacking, but the number of security personnel being hired is decreasing. In 2022, 3,849 new information protection personnel were hired, but this number has been shrinking annually, with only 2,029 planned hires this year.

The government mandated in 2019 that companies and institutions above a certain size designate a Chief Information Security Officer (CISO), but the policy is ineffective. Companies prefer Chief Information Officers (CIOs), who handle data and AI utilization, over CISOs. While 18.1% of companies have CISOs, 55.8% have CIOs. This is because CISOs lack authority over IT assets, reporting rights to the board, and budget or personnel management rights. As a result, CISOs are often criticized as “CISOs in name only, assistants to CIOs in reality.” The security industry criticizes the flawed CISO system design, arguing that regulations tailored to large corporations lack effectiveness for smaller businesses. A security industry insider said, “Detailed CISO guidelines based on company size are needed. CISOs’ authority must be strengthened, and they should attend board meetings weekly to address security as a management issue.”

◇“Slap fines are more economical” due to weak penalties

Korean companies believe that even if security incidents occur, public memory fades over time, and business operations remain unaffected. A former security company representative said, “In the U.S., security incidents lead to loss of customer trust and significant stock market impacts, but this is not the case in Korea. Companies must recognize that the costs from security incidents can far exceed immediate savings.”

Fines for personal information leaks are low, leading to the perception that paying fines is more economical than investing in security. According to the Personal Information Protection Commission (PIPC), from its establishment in August 2020 to September this year, 109.16 million cases of personal information leakage occurred, resulting in cumulative fines of 367.15856 billion won. This averages 3,300 won per leaked personal information case—pocket change compared to Europe and the U.S., where punitive damages are imposed for corporate negligence. In 2019, the U.S. Federal Trade Commission (FTC) fined Facebook (now Meta) $5 billion (approximately 7.37 trillion won) for leaking 87 million users’ personal information to a political consulting firm. In contrast, SK Telecom, which leaked 23 million SIM card information in April, received the largest-ever fine of 134.8 billion won.

Comments

Post a Comment

Popular posts from this blog

🌞 IObit Summer Sale 2025 – Save 40% on Top PC Utilities!

-
  IObit Summer Sale 2025 - Get 40% OFF with Coupon Code SUM250605 Get ready for the IObit Summer Sale 2025 ! Whether you want to clean, optimize, protect, or update your PC – IObit has you covered. Enjoy exclusive 40% discounts on popular products like Advanced SystemCare PRO, Driver Booster PRO, Malware Fighter PRO, Uninstaller PRO, and Software Updater PRO . 🎟️ Coupon Code: SUM250605 📅 Valid Until: August 31, 2025 💸 Discount: 40% OFF on all listed products 🚀 Advanced SystemCare 18 PRO (1 Year / 1 PC) Boost your PC speed, clean junk files, and enhance privacy protection in one click. 💰 Price after discount: $19.99 👉 Get It Now 🛠️ Driver Booster 12 PRO (1 Year / 1 PC) Update outdated drivers automatically and improve system performance. 💰 Price after discount: $24.95 👉 Buy Now 🛡️ IObit Malware Fighter 12 PRO (1 Year / 1 PC) Real-time protection against malware, spyware, ransomware, and ...
Read more

New Clinics Focused on Internal Medicine and Orthopedic Surgery

-
Image
Trends in New Clinic Establishment Recent data reveals a notable trend in the establishment of new clinics, particularly highlighting a concentration in specific medical fields. Local hospitals and clinics are increasingly focusing on areas such as internal medicine and orthopedic surgery. However, one of the essential medical subjects—pediatric and adolescent medicine—has seen a continuous decline in the number of newly established clinics. According to an analysis conducted by Rep. Kim Mi-ae from the People Power Party and the Health and Welfare Committee of the National Assembly, based on data from the Health Insurance Review & Assessment Service, general practitioners, internal medicine, and orthopedic surgery have consistently ranked at the top among newly established clinics from 2019 to January-August 2025. For the first eight months of this year, the numbers were 531 general practitioner clinics, followed by 146 internal medicine clinics and 115 orthopedic surgery clinic...
Read more

Japan Firms Leverage Satellites and AI to Locate Abandoned Homes for Sale

-
Image
The Rise of AI-Powered Real Estate Discovery in Japan In Tokyo, a growing number of Japanese companies are leveraging satellite imagery and artificial intelligence to identify abandoned houses that could be repurposed or sold. This innovative approach is becoming increasingly vital as the country faces a rising number of deserted properties due to its aging population. Where Inc., a startup, offers a service that uses AI trained on tens of thousands of images to detect signs of aging roofs, such as rust and discoloration. These findings are then overlaid on satellite maps, helping users spot properties that may have been left unattended. One of Where Inc.'s users, Kotaro Yasue, recently discovered a two-story wooden house through this service. He was able to contact the owner via a real estate registry. It turned out that the house had been neglected for over a decade, and the owner was unsure how to proceed with its disposal. Yasue, who runs a house rental service company in G...
Read more