In a decisive move to counter the rising wave of cyberattacks, the South Korean government, led by Deputy Prime Minister and Minister of Science and ICT Bae Kyung-hoon, unveiled a Comprehensive Pan-Government Information Protection Strategy on October 22, 2025. This immediate action plan, coordinated by the National Security Office, addresses the escalating crisis by targeting both the public and private sectors, with a promise of a long-term 'National Cybersecurity Strategy' to be established by year-end.
The centerpiece of the new strategy is the expansion of government investigative authority. Authorities will now be able to launch on-site investigations into hacking incidents, particularly involving telecommunications companies, even without a corporate report if indications of a breach are secured. This measure is a direct response to concerns over delayed or concealed reporting of cyber intrusions.
Key Initiatives Target Critical Infrastructure and Corporate Accountability
The government announced an extensive security vulnerability inspection of approximately 1,600 critical IT systems widely used by the public, encompassing public infrastructure, central and local administrative bodies, financial institutions, and companies with Information Security Management System (ISMS) certifications. Telecommunications operators, in particular, will face unannounced, high-intensity drills that simulate actual hacking methods. The government is also considering implementing multi-factor authentication for smartphone micro-payments, which can currently be completed easily via SMS or ARS.
Furthermore, corporate accountability is significantly enhanced. The information protection disclosure obligation will be expanded from the current 666 companies to all approximately 2,700 listed firms in South Korea. These companies will be required to disclose and publicly grade their security capability levels. The government also plans to legally codify the CEO's security responsibility and strengthen the authority of Chief Information Security Officers (CISOs) and Chief Privacy Officers (CPOs).
Tougher Penalties and Consumer Protection Framework
Sanctions for security violations will be drastically stiffened. The plan includes raising fines and penalty surcharges for breaches of security duties such as delayed hacking reports, failure to implement recurrence prevention measures, and repeated leaks of personal or credit information. The government is also introducing enforcement charges and punitive surcharges to ensure compliance.
In parallel, a consumer-centered victim relief system is being established. Key sectors, including telecommunications and finance, must prepare user protection manuals detailing how to handle hacking-related damages. A new fund will be created, financed by fines collected from personal information leaks, to support victims and reinforce personal data protection efforts.
Finally, national cybersecurity cooperation will be intensified. The National Cyber Crisis Management Group under the National Intelligence Service will be designated as the central command for incident response at critical information and communication infrastructure, ensuring immediate cross-agency investigation and coordination among government, military, and private sectors.
[Copyright (c) Global Economic Times. All Rights Reserved.]