SEOUL – Exactly one year after the catastrophic hacking of SK Telecom’s USIM systems in April 2025, South Korea’s cybersecurity landscape is at a critical crossroads. With massive data leaks still fresh in the public's mind, calls are mounting for a fundamental transition to a "Zero Trust" security paradigm as the nation enters the age of AI Transformation (AX).

A Year of Vulnerability
The past 12 months have seen the nation’s digital infrastructure shaken to its core. Following the initial breach at SK Telecom, fellow carriers KT and LG Uplus, along with Lotte Card and e-commerce giant Coupang, fell victim to sophisticated attacks. The Coupang incident, involving the leak of 33.7 million accounts, remains the worst in Korean history.

In response, the top three telecommunications companies have announced a combined $2.4 trillion KRW investment in security, moving their security heads to report directly to CEOs.

The Zero Trust Mandate
Experts argue that structural changes alone are insufficient. As industries integrate AI into everything from base stations to data centers, security must be "baked in" from the start.

"Companies are pouring resources into AX to increase efficiency," said Lee Kyung-ho, a professor at Korea University’s Graduate School of Information Security. "Applying Zero Trust principles at the design stage will not only protect data but actually double a company's competitiveness in the AI era."

From Punishment to Incentives
There is also a growing consensus that government policy must evolve. Current regulations focus heavily on penalizing firms after an incident occurs.

Park Chul-jun, a professor at Kyung Hee University, suggested a more proactive approach. "We need a system that encourages companies to find and fix vulnerabilities before hackers do," Park noted. "Incentives should be provided to firms that actively operate 'bug bounty' programs and demonstrate excellent secondary response capabilities after a breach."

As the Ministry of Science and ICT prepares to finalize its "National Cybersecurity Strategy" by the end of the year, the focus remains clear: in an era where AI powers both the shield and the sword, trusting nothing is the only way to protect everything.