my timesThe Korea Times

Step up Korea’s cybersecurity readiness

Listen

Korea is one of the world’s most connected countries, enjoying the benefits of technological advancement. We often assume technological advancement accompanies cybersecurity readiness and resilience. However, a series of recent cyberattacks indicates that it may be only a myth. Cybersecurity must be part of a technological, economic and national security agenda.

The acceleration of digital transformations has increased the exposure of both public and private sectors, including individuals, to cyberattacks and threats driven by financial, political and geopolitical motivations. The rapid adoption of artificial intelligence is creating more effective and convenient methods for committing cyberattacks and crimes using LLMs, further complicating the cybersecurity readiness landscape. A 2023 Cloudflare study found that over 78 percent of the cybersecurity professionals interviewed in 14 Asia Pacific countries had experienced at least one cybersecurity incident in the past year and that only 38 percent of the organizations think they are well prepared to address the problem.

Lack of cybersecurity readiness imposes a heavy economic toll. The scale of global cybercrime is estimated to amount to $10.5 trillion this year. It is 5.8 times bigger than the Korean economy and only the U.S. ($30 trillion) and China ($19 trillion) have economies that are bigger than the scale of global cybercrime. Cybersecurity failures also stop network systems partially or entirely, causing serious organizational and national security concerns.

Well-connected nations like Korea are an attractive target for sophisticated threat actors. The most common cyberattacks in Korea are malware, supply chain attacks, ransomware attacks and phishing. Government and public organizations have experienced a large number of cyberattack attempts. There were 20,594 attempts to intrude on the National Assembly network between January 2022 and September 2025. The Constitutional Court experienced over 1.16 million cyberattacks from 2017 to August 2025. The Ministry of Trade, Industry and Energy and its 41 affiliated organizations experienced 3,402 hacking attempts since 2021. Of the 2,927 cyberattack attempts targeting the Bank of Korea from 2020 until August this year, 24 were successful.

Companies are frequently targeted by cyberattacks. The recent hacking attack on Lotte Card breached the data of nearly 3 million customers. Hacking incidents at major telecom companies such as SK Telecom, KT Telecom and LG U+ showed new vulnerabilities in the carriers’ mobile authentication systems. These incidents all led to membership cancellations and business losses.

Customers were infuriated with underreporting, false and delayed reporting. KT reported security breaches to the authorities three days after discovering the hack, and Lotte Card waited six days. Many organizations only find out well after the attacks occur or opt not to report it to the authorities out of fear of reputational damage, heavy penalties and a subsequent loss of business.

The authorities concerned are ill-prepared to conduct proper examinations of the companies under their jurisdiction, too. For instance, the Financial Supervisory Service has conducted no cybersecurity examinations of any of the eight major credit card companies since 2019.

Streamlined yet effective regulatory frameworks should be put in place. Voluntary incident reporting works in some cases but mandatory reporting with support measures will be more effective. The public sector should lead by example. Currently, cybersecurity falls under several different ministries working in silo, producing duplications and inefficiencies, while operating with inadequate budgets. Closer coordination is called for.

In most cases, hacking incidents go unchecked, especially at small and medium enterprises (SMEs), which are targeted by cyberattacks 92 percent of the time in Korea. SMEs are much more vulnerable to cyberattacks due to insufficient budgets and lack of professionals for cybersecurity. The difficulties faced by SMEs were confirmed by 71 percent of cyber leaders at the Annual Meeting on Cybersecurity 2024, according to the World Economic Forum’s Global Cybersecurity Outlook 2025.

In the public and private sectors alike, there is a notable lack of cybersecurity awareness, capacity building and cybersecurity professionals. Globally, there is a cybersecurity workforce supply-demand gap of 4.8 million people, with a current workforce of about 5.5 million, according to the 2024 ISC2 Cybersecurity Workforce Study. The situation in Korea is no different. Almost 6 out of 10 cybersecurity companies in Korea experience a constant outflow of cybersecurity professionals due to low wages and unfavorable working conditions.

For SMEs, policy support is critical. Only 27 percent of Korea’s SMEs have internal cybersecurity policies in place. SMEs lack funding to hire cybersecurity professionals, even as their vulnerabilities to cyberattacks provide a fertile ground for incursions, leading to severe damages. The Ministry of Science and ICT must quickly establish a cybersecurity professionals management system as mandated by the Act on the Promotion of Information Security Industry to mitigate the cybersecurity workforce shortage.

Korea, well connected and deeply integrated in global supply chains, needs to step up its cybersecurity readiness and resilience as a nation.


Song Kyung-jin is senior fellow at Asiatic Research Institute at Korea University.