25% Tax Credit for Hacking Defense Investments... Government Reviewing 20 Billion Won Increase in SME Security Budget [Concealment(17)]

A bill has been introduced in the National Assembly that would grant significant tax reductions to companies ranging from small and medium-sized enterprises (SMEs) to mid-sized and large corporations if they establish security systems to prevent hacking. The government is also preparing countermeasures, including increasing next year's budget for SME security and establishing a new forensic center. These actions follow up on a series of investigative reports by Asia Economy at the end of May about "companies that hide after being hacked." Since it is impossible to completely block hacking attempts, the focus is on helping companies prepare and strengthen their post-incident response capabilities to minimize damage.

On June 30, Representative Lee Haemin of the National Innovation Party (a member of the National Assembly's Science, ICT, Broadcasting, and Communications Committee) proposed an amendment to the Restriction of Special Taxation Act. Under this bill, SMEs that invest in security systems such as security servers, intrusion detection equipment, and backup devices would receive a tax credit equal to 25% of their total investment. For example, if an SME invests 100 million won in building a hacking defense system, it would receive a 25 million won reduction in corporate tax.

In an interview with this newspaper, Representative Lee previously stated that he was preparing this bill (see June 2 article 'Tax Cuts for Companies Investing in Security Equipment'). He explained, "The key is to encourage voluntary security investment by SMEs," and added, "We have enhanced the effectiveness by ensuring that companies benefit from investing in security systems." Mid-sized and large companies can also benefit. Companies that have transitioned from SME to mid-sized status within the past three years are eligible for a 20% tax credit, while existing mid-sized and large companies receive a 15% credit.

Security consulting and cyber insurance are also eligible for tax credits. SMEs can receive a 5% refund on expenses for penetration testing, risk assessment, and insurance premiums. Mid-sized companies receive a 3% credit, and large companies receive a 1% credit. Tax benefits are also provided when hiring security experts. This addresses concerns that security systems are useless without operational personnel. SMEs receive a tax credit of 10 million won per information security expert hired, mid-sized companies receive 6 million won, and large companies receive 4 million won. For example, if an SME hires three experts, it receives a 30 million won tax reduction.

If this bill passes the National Assembly, it will take effect from January 1 next year and remain in force for three years, until December 31, 2028. An official from the National Assembly stated, "The Restriction of Special Taxation Act is fundamentally based on a sunset clause, but if its effectiveness is proven, it can be extended."

The government is also preparing measures. After this newspaper reported on SMEs being defenseless against ransomware attacks (see May 29 article 'Free Security Solutions Exist, but Only 0.004% of SMEs Use Them Due to Lack of Awareness'), there have been moves to strengthen support. On June 18, the Ministry of Science and ICT reported to the new government's National Policy Planning Committee a plan to increase next year's budget for "regional SME information security support" to 23.3 billion won. On June 27, Baek Kyunghoon, the nominee for Minister of Science and ICT, stated, "The most important thing in cybersecurity is prevention," and added, "We will review whether the overall national system is well established."

The government is expected to use this increased budget to expand the coverage of "SECaaS," a cloud-based security service operated by the Korea Internet & Security Agency (KISA). SECaaS is a security service that SMEs can use for an annual fee of 500,000 won, offering essential security functions such as firewalls, malware detection, and DDoS attack defense. However, the related budget was cut from 10 billion won in 2023 to 2.3 billion won this year, less than a quarter of the previous amount. Lee Wontae, former president of KISA, stated, "The SECaaS budget should be restored so that more SMEs can prepare for hacking."

The number of "regional information security support centers," currently only ten nationwide, will be increased to seventeen. These centers are responsible for inspecting SMEs' security vulnerabilities and providing consulting services. An industry insider commented, "There are industrial complexes in Jeolla region densely packed with manufacturing plants, which are major targets for hackers, but there is only one support center in Gwangju," adding, "Compared to Gyeongsang region, which has centers in Daegu, Pohang, Ulsan, and Busan, the regional disparity is significant."

The government is also considering allocating a new budget of 15 billion won to establish a "forensic center" to analyze the causes of cyberattacks. This measure is intended to address the government's low hacking response capability, as pointed out by this newspaper (see June 2 article 'The US Retaliates Against Hacking Organizations... The Korean Government Only Investigates'). The forensic center will collect, store, and analyze firewall and security equipment log data from victim companies to determine the cause of hacking incidents. The government plans to officially announce the SME cybersecurity measures it has prepared in response to this newspaper's reports around July 9, which is "Information Security Day."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.