High Risk of Security Incident Spread Due to Supply Chain Industry Characteristics
Need to Address Shortages in Specialized Personnel and Internal Systems
The Busan Institute of Science, Technology and Education Promotion (BISTEP, President Kim Youngbu) announced on December 29 that it has published Issue 2025-11 of the "R&D Policy Brief" under the theme "The Current Status and Implications of the Information Security Industry in Busan Centered on Enterprises."
This brief examines trends in national and Busan metropolitan government information security industry policies in response to the accelerating digital transformation and the spread of cyber threats. It also features a comparative analysis of the state of information security among Busan-based companies versus the national average, utilizing data from the 2022 Information Security Status Survey. This survey is a government-approved national statistic conducted annually by the Ministry of Science and ICT and the Korea Information Security Industry Association, based on the "Act on the Promotion of the Information Security Industry."
BISTEP highlighted that, due to Busan's industrial structure-where supply chain industries such as maritime, logistics, and manufacturing are concentrated-a single security incident could potentially spread across the entire region. Accordingly, the brief draws implications for Busan-specific information security policies and emphasizes the need for proactive prevention and systematic enhancement of information security response capabilities.
The analysis found that Busan companies generally have a stable level of awareness regarding the importance of information security and basic preventive activities against security breaches. However, internal operational systems-such as information security policies, organizations, dedicated personnel, and budgets-were found to be somewhat insufficient, indicating a need for more systematic strengthening of corporate information security capabilities.
In particular, Busan companies cited securing budgets and a shortage of specialized personnel as major challenges related to information security. In practice, information security budgets tended to focus on basic security maintenance, such as the upkeep of products and services or the installation of video surveillance equipment. Investment in hiring specialized personnel and establishing internal operational systems for information security was found to be below the national average.
In response, BISTEP suggested several policy implications: ▲ fostering the information security industry in connection with regional strategic industries ▲ advancing enterprise-centered internal information security operational systems ▲ expanding support for information security professionals ▲ providing stable support for maintenance-focused investment structures and increasing investment in workforce development ▲ strengthening proactive security response systems ▲ and activating incident reporting and integrated response systems.
Ryu Sumin, a researcher at the BISTEP Policy Research Division, stated, "Since Busan has an industrial structure with high security demands, it is crucial to establish a support system that enables companies to practically implement information security." She added, "It is necessary to strengthen integrated support connecting everything from incident prevention to post-incident management, centering on regional hubs such as the Southeast Information Security Support Center and the Southeast Information Security Cluster."
Details of this brief can be found on the BISTEP website.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
