The government is responding to a wave of cyberattacks by enabling immediate on‑site investigations of hacked entities and enhancing penalties for security breaches.
The Ministry of Science and ICT, the Ministry of Economy and Finance, the Financial Services Commission, the Ministry of the Interior and Safety and the National Intelligence Service on Wednesday announced a joint comprehensive information‑protection plan at Government Complex Seoul in central Seoul.
The move comes after this year’s hacking incidents at telecom and financial firms triggered warnings from cybersecurity experts that the existing post‑incident and agency‑by‑agency response system is insufficient.
“We regard the repeated hacking incidents as a serious crisis, and we will immediately activate a coordinated, government‑wide response framework," Science and ICT Minister Bae Kyung-hoon said. “Given the urgency of the matter, we have laid out short‑term tasks that can be executed immediately, and we plan to develop a ‘National Cybersecurity Strategy’ covering medium‑ and long‑term tasks within the year.”
The plan calls for an immediate vulnerability inspection of over 1,600 IT systems in public and private sectors, covering 288 public infrastructure facilities, 152 central and local government organizations, 261 financial firms and 949 ISMS‑certified firms in sectors like telecom and platform services.
For telecom companies, the government intends to conduct high‑intensity unannounced inspections. Major companies in the platform industry must submit their self‑inspection results to the government after CEO review.
![A person walks in front of a KT store in Goyang, Gyeonggi, on Sept. 21. [NEWS1]](https://imgnews.pstatic.net/image/640/2025/10/22/0000078700_002_20251022191417788.jpg?type=w860)
The plan also strengthens investigative powers: when the government detects signs of hacking, it may launch on‑site investigations without waiting for company reports.
Firms that fail to report hacking, neglect preventive measures or breach security obligations will face increased fines, surcharges, enforcement fees and punitive penalties.
Some industry representatives expressed concern over possible abuse of investigatory powers.
“Expanding investigative authority raises worries about abuse by police or other agencies,” a telecom industry official said. “Incentives for companies to proactively report hacking incidents are also needed.”
Industry experts shared similar concerns and emphasized the need to balance stronger oversight with clear limits on government authority.
“While the government’s direction is understandable, we need in-depth discussion on how far the government’s direct investigation authority should extend," said Professor Hwang Suk‑jin at Dongguk University's Graduate School of International Affairs and Information Security.
Professor Kim Seung‑joo at the School of Cybersecurity in Korea University noted that “relying solely on reports to trigger investigations caused major delays in cases like the telecommunications hack, so government, experts and firms must agree on when on‑site investigations can begin.”
Amid continuing hacking problems in public agencies, the government will also boost next year’s information‑protection budget and personnel.
“We recognize that the government is not immune to hacking issues,” Bae said. “We plan to invest 401.2 billion won [$280 million] in government information‑protection, which is 7.7 percent of next year’s IT budget.”
For the private sector, the plan extends mandatory disclosure of information‑protection status to all listed companies. Based on those disclosures, firms’ security capabilities will be graded and publicly released.
The government also plans to legally require CEOs to take responsibility for cybersecurity and expand the authority and decision-making scope of chief information security officers (CISOs) and chief privacy officers (CPOs).
This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.
'">
'">
'">
