Google, Meta, IBM Have 'Zero' Dedicated Information Security Personnel

[Asia Economy Reporter Lim Hye-sun] As part of ESG (Environmental, Social, and Governance) management, domestic IT companies such as Samsung Electronics, Naver, and Kakao are increasing their investments in information security and expanding dedicated personnel. Meanwhile, global big tech companies like Google, Meta, and IBM have been found to have no dedicated personnel in South Korea. Although the reason is that investments are concentrated at their U.S. headquarters, there are calls for the need to have separate dedicated personnel in South Korea given the significant increase in domestic users.

According to the Ministry of Science and ICT and the Korea Internet & Security Agency as of the 5th, a total of 633 companies have disclosed their information security investment status for the first time on the ‘Information Security Disclosure Comprehensive Portal.’ Among the companies, Samsung Electronics invests the most in information security. Samsung Electronics’ information security investment amounts to approximately 693.9 billion KRW, with 526 dedicated personnel. The proportion of information security within Samsung Electronics’ total IT investment is 9.55%.

KT, which experienced an information security breach last year, invested 102.1 billion KRW in information security, accounting for 5.2% of its total investment. The number of dedicated personnel is around 335. Naver’s information security investment is about 35 billion KRW (3.79%), with 107 dedicated personnel. Kakao’s investment is approximately 14 billion KRW (3.91%), with 60 dedicated personnel. In the e-commerce sector, Coupang invested significantly in information security with 53.4 billion KRW (7.13%).

On the other hand, investments and dedicated personnel from foreign companies were minimal. Except for Netflix, companies such as Google, Meta, Amazon Web Services (AWS), and Oracle reported both domestic investment and dedicated personnel as ‘0’.

Google stated, "Our employee management is conducted on a global scale," and clarified, "As announced last August, we plan to invest 10 billion USD over five years to strengthen cybersecurity, including expanding the Zero Trust program, supporting software supply chain security, and enhancing open source security." Netflix’s investment is 338.99 million KRW (12.0%), with 3 dedicated personnel.

Additionally, Apple is not subject to disclosure obligations. Although it operates iCloud for iPhone users, it is excluded from disclosure requirements because it does not conduct cloud business targeting enterprises.

The absence of any dedicated information security personnel for domestic users at global big tech companies is being pointed out as a problem. The government amended the Information Security Industry Act to impose disclosure obligations on 603 companies, including listed companies with sales exceeding 300 billion KRW, companies with an average daily number of information and communication service users exceeding 1 million in the last three months of the previous year, Internet Service Providers (ISP), Internet Data Center (IDC) operators, tertiary general hospitals, and Infrastructure as a Service (IaaS) providers. Public institutions and financial companies are exempt from information security disclosure obligations, but some companies voluntarily participated in disclosure. The disclosed information includes investment amounts in the IT sector, investment in information security, and dedicated personnel. Failure to comply with mandatory disclosure results in a fine of up to 10 million KRW.

The Ministry of Science and ICT stated, "Companies need to inform users of their various information security efforts through information security disclosure, and this process will induce healthy competition among companies, naturally leading to increased investment in information security."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.