Seventy Percent of Small and Medium Enterprises in Gyeonggi Region Have No Dedicated Information Security Staff

The Korea Internet & Security Agency (KISA) announced the results of the "2023 Gyeonggi Region Small and Medium Enterprise (SME) Information Security Status Survey" on the 8th. Together with the Gyeonggi Venture Business Association, the survey analyzed the information security demands and status of SMEs and venture companies in the Gyeonggi region. The survey targeted 550 SMEs and venture companies to assess their information security demands and status, as well as to accurately gauge their level of awareness regarding information security. It aimed to identify the difficulties local companies face in information security and to discover practical support projects needed.

Photo by Korea Internet & Security Agency

This survey covered 16 items across three areas over the past three years (2021?2023): ▲ information security solutions and budgets ▲ information security incidents and responses ▲ information security improvements. Key findings include that only 27.1% of all companies (149 companies) reported having dedicated information security personnel. In particular, among companies with sales of 5 billion KRW or less, which account for 62.9% of all companies, 67% (232 companies) reported having no dedicated personnel, and 17% (59 companies) answered "don't know," totaling 84% (291 companies).

Additionally, 24.5% (135 companies) of all companies experienced cyber intrusion incidents over the past three years. The main types of damage included ransomware (15.2%, 92 cases), malware (10.6%, 64 cases), hacking (5%, 30 cases), and information leakage (4.6%, 28 cases). Regarding the status of information security budgets by company, 64.5% (355 companies) either did not know or had no budget. The reasons for not investing in information security were mainly the burden of setup costs (31.8%), lack of security experts (12.1%), difficulty in searching for necessary security services (11.6%), and lack of technical understanding (9.4%), indicating that budget and expert shortages are major challenges.

To address these issues, companies responded that the following are needed: ▲ government-led campaigns to strengthen the necessity and awareness of information security ▲ online and offline specialized training to cultivate information security experts or dedicated personnel ▲ government voucher support projects related to information security ▲ development and distribution of affordable information security solutions for SMEs that can be introduced at low cost for financially constrained small businesses. Jun-sang Cho, Director of the KISA Gyeonggi Information Security Support Center, stated, “Not only in the Gyeonggi region but also in most regions, SMEs and venture companies face difficulties due to lack of awareness, budget, and experts in information security, so support is necessary.” He added, “KISA will continue to provide effective support for SMEs and venture businesses, including customized consulting, reflecting the results of this survey.”

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.