Introduction of Mandatory Information Security Disclosure System... Detailed Selection Criteria for the Second Half of the Year
Information Security Disclosure System Approved at Cabinet Meeting on the 1st
Fines up to 10 Million KRW for Violations
Applicable from Second Half of the Year, Newly Established by Presidential Decree
[Asia Economy Reporter Minyoung Cha] The Ministry of Science and ICT announced that it will promote a mandatory information security disclosure system for companies above a certain scale to ensure safe internet use for the public and to encourage corporate investment in information security.
The Ministry stated that the amendment to the Act on the Promotion of the Information Security Industry (hereinafter referred to as the Information Security Industry Act), which includes this provision, passed the 387th National Assembly (extraordinary session) plenary session and was approved at the Cabinet meeting on the 1st. The amendment will take effect six months after its promulgation.
The information security disclosure system is a system under Article 13 of the Information Security Industry Act that allows companies to voluntarily disclose their information security status, including investments, personnel, and certification status. With the acceleration of digital transformation following the Fourth Industrial Revolution and COVID-19, the importance of information security has increased. There have been ongoing calls for a shift in perception to view information security investment not as a cost but as a necessity, and to promote related corporate investments.
Following the approval of the amendment to the Information Security Industry Act at this Cabinet meeting, companies above a certain scale will be required to disclose their information security status. Violations will result in fines of up to 10 million KRW.
Detailed criteria for selecting the target companies will be established through consultations with experts from academia, industry, and research, as well as stakeholders, and will be enacted as a presidential decree in the second half of the year. Factors such as business sector, sales revenue, and number of users will be considered. Although not mandatory, companies that voluntarily participate in the disclosure system will continue to receive benefits such as reduced fees for information security management system certification.
Hong Jin-bae, Director of Information Security Network Policy at the Ministry of Science and ICT, stated, “Once information security disclosure becomes mandatory, corporate investments and personnel in information security will be transparently disclosed to the general public, which is expected to protect users,” and added, “We anticipate effects in strengthening information security and promoting the information security industry.”
Hot Picks Today
!["Rather Than Endure a 1.5 Million KRW Stipend, I'd Rather Earn 500 Million in the U.S." Top Talent from SNU and KAIST Are Leaving [Scientists Are Disappearing] ①](https://cwcontent.asiae.co.kr/asiaresize/93/2026051914165468840_1779167814.png)
"Rather Than Endure a 1.5 Million KRW Stipend, I'd Rather Earn 500 Million in the U.S." Top Talent from SNU and KAIST Are Leaving [Scientists Are Disappearing] ①
- "Not Jealous of Winning the Lottery"... Entire Village Stunned as 200 Million Won Jackpot of Wild Ginseng Cluster Discovered at Jirisan
- "I'll Stop by Starbucks Tomorrow": People Power Chungbuk Committee and Geoje Mayoral Candidate Face Criticism for Alleged 5·18 Demeaning Remarks
- "Stocks Are Not Taxed, but Annual Crypto Gains Over 2.5 Million Won to Be Taxed Next Year... Investors Push Back"
- "How Did an Employee Who Loved Samsung End Up Like This?"... Past Video of Samsung Electronics Union Chairman Resurfaces
Meanwhile, the Korea Internet & Security Agency (KISA) is providing free consulting on the information security disclosure process, including data calculation and procedural guidance necessary for information security disclosure.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
