U.S. and U.K. Central Banks Allocate 10-15% of IT Budgets to Security
Rhee Changyong: "There Is Room for Improvement...Countermeasures Will Be Prepared"
Nearly 3,000 hacking attempts have been made against the Bank of Korea, which is classified as a "Class A" national security facility, over the past five years. However, the budget for cybersecurity has decreased, accounting for only 5.8% of the IT budget. The Bank of Korea stated that, as the use of artificial intelligence (AI) becomes more widespread, it could be exposed to greater risks and announced plans to implement countermeasures.
![[2025 National Audit] Nearly 3,000 Hacking Attempts on Bank of Korea in 5 Years... Cybersecurity Budget Only 5.8%](https://cphoto.asiae.co.kr/listimglink/1/2025102011261372991_1760927173.jpg)
According to the "Cybersecurity Status Assessment Results" submitted by the Bank of Korea to Democratic Party lawmaker Jung Ilyoung, a member of the National Assembly's Planning and Finance Committee, on October 20, a total of 2,927 hacking attempts targeting the Bank of Korea were detected from 2020 through August of this year. Of these, 98.5% (2,883 cases) originated from overseas. By country, the highest numbers came from the United States (645 cases), Brazil (506 cases), Russia (316 cases), and China (282 cases).
The main types of attacks were information gathering and denial-of-service (DDoS) attacks. In December last year, the Bank of Korea's website suffered a DDoS attack that caused delayed access for users.
However, lawmaker Jung pointed out that the Bank of Korea's response to cybersecurity threats has stagnated. The number of cybersecurity personnel at the Bank of Korea currently stands at seven, only one more than in 2018. The proportion of the security budget fell from 14.7% in 2021 to 5.8% this year, less than half. In contrast, major central banks such as the U.S. Federal Reserve and the Bank of England maintain security budgets at around 10-15% of their IT budgets.
In the first-ever cybersecurity status assessment conducted by the National Intelligence Service this year, the Bank of Korea received a low score of 43.05 points. It was also pointed out that many security devices are outdated, having been in use for 5 to 7 years.
Lawmaker Jung stated, "As the central settlement bank, the Bank of Korea is a core institution for national financial security, enabling fund transfers between commercial banks through the financial settlement network. However, staffing and budget are severely lacking." He continued, "With the budget shrinking and no concrete plans to increase personnel, there are concerns that damage could spread in the event of a large-scale attack or intrusion into the financial network in the future." He also emphasized, "It is unacceptable for the central bank, which is responsible for national currency and financial stability, to be evaluated as a security-vulnerable institution. There must be a substantial increase in personnel and budget, and the inspection system should be strengthened on a continuous basis."
In response, Bank of Korea Governor Rhee Changyong said, "If we move toward AI and cloud computing, the problem could become even more serious. There have been shortcomings in our response, and there is much to improve, so I believe we need to establish effective countermeasures."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
