Lower Sanctions for Companies Making Preemptive Security Investments
Budget to Be Secured for System Building and Damage Recovery
The government has announced that it will prepare measures to lower the level of sanctions imposed on companies that have invested in cybersecurity, while significantly strengthening support for small and medium-sized enterprises (SMEs) in building security systems and recovering from damage caused by security incidents.
After the "Party-Government Consultative Meeting to Strengthen Response to Personal Information Leaks" held at the National Assembly Members' Office Building on the 4th, Yang Cheongsam, Secretary General of the Personal Information Protection Commission, met with reporters and said, "We have reflected in the amendment to the Personal Information Protection Act a system to reduce fines for companies that have made prior investments in security when they suffer a personal information leak," adding this explanation.
He said, "We plan to first introduce a system that encourages personal information encryption, the introduction of a Fraud Detection System (FDS), vulnerability assessments, and penetration testing," and added, "The bill passed the National Policy Committee at the end of last year and is currently pending in the Legislation and Judiciary Committee."
Han Jeongae, chair of the Policy Committee of the Democratic Party of Korea (second from left), is speaking at a government-party consultation to strengthen response to personal data leaks held on the 4th at the National Assembly Members' Office Building. Photo by Kim Hyunmin
At the same time, the government plans to secure a budget so that SMEs can strengthen their personal information protection systems. Secretary General Yang said, "SMEs are in a vulnerable situation when it comes to personal information leaks and safety management, and the related government budget is also at a minimal level," and added, "We will work to ensure that programs to strengthen SMEs' security systems and to swiftly support damage recovery when a leak occurs are reflected in next year's budget."
A senior official at the Personal Information Protection Commission said, "The current budget for SME security support programs is less than 300 million won, which only allows for preliminary consulting," and added, "After securing a significantly larger budget this year, we will begin in earnest to provide security consulting, support for building security systems, and support for incident response when accidents occur."
Park Sanghyuk, Senior Deputy Chair for Social Affairs of the Policy Committee of the Democratic Party of Korea, said, "Minimizing harm to the public is the focus of our discussions," and added, "As we review the bill, we will continue discussions on ways to support the difficulties faced by the industry and proceed with legislative amendments."
The inducement of preemptive security investment by SMEs is a follow-up measure announced by the government after The Asia Business Daily's investigative report in May last year titled "Companies That Hide Even After Being Hacked." Through that report, this newspaper exposed the reality that 9 out of 10 companies that were hacked concealed the fact of the hacking, and emphasized the importance of prior security investment. Following the report, on December 3 last year, the National Assembly plenary session passed the 2026 budget bill, which included a 14.5 billion won increase in the budget for hacking response systems.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
