ISMS Reduced to "Formal Certification"... Hacking Surges After Yoon Administration's Simplification Policy
Security Breaches at Private Companies Up 50%, ISMS-Certified Companies Up 75%
Join Chul: "A Matter of Public Safety... Fundamental Reform Urgently Needed"
The Yoon Suk Yeol administration pursued a policy to simplify the Information Security Management System (ISMS) last April, citing the need to "reduce unnecessary and unreasonable burdens" on businesses. However, there have been claims that this move has led to a surge in hacking incidents and increased national cybersecurity risks. ISMS is a core certification system designed to ensure the stability of information and communications networks.
According to data submitted by Assemblyman Join Chul (Gwangju Seo-gu Gap) of the Democratic Party of Korea to the Ministry of Science and ICT on October 13, when the Yoon administration was pushing for the simplification policy, hacking incidents at private companies had already tripled compared to the Moon Jae-in administration, damages at small and medium-sized enterprises had also tripled, and damages at ISMS-certified companies had skyrocketed by a staggering 16 times. Despite the urgent need for stronger security, the government introduced a "simplified certification system" that minimized on-site inspections, under the pretext of "easing the burden on businesses."
The situation worsened after the introduction of the simplified certification system. As of the first half of this year, the total number of security breaches at private companies and damages at small and medium-sized enterprises had already increased by more than 50% compared to the previous year, while the rate of security breaches at ISMS-certified companies exceeded 75%. Critics argue that the Yoon administration’s simplification measures ultimately accelerated hacking damages and heightened national security risks.
The current ISMS system has revealed structural limitations in the wake of large-scale security incidents such as the SKT hacking and KT micro-payment incidents. Many have pointed out that applying the same standards to all certification targets, regardless of company size or industry risk, undermines the effectiveness of the system.
In response, Assemblyman Join Chul sponsored an amendment to the "Act on Promotion of Information and Communications Network Utilization and Information Protection" in July, proposing substantial reforms such as: introducing differentiated certification standards for high-risk industries, canceling certification for serious information security violations, imposing fines for failure to renew certification, and making it mandatory to secure information security budgets and personnel.
The lack of oversight and supervision of certification and audit agencies has also been identified as a problem. Despite major hacking incidents at companies such as KT, SKT, and Lotte Card-all of which had obtained ISMS certification-there has not been a single case where the certification agency KISA or audit agencies were sanctioned or penalized. This is attributed to an irresponsible structure in which certification and audit agencies bear no legal responsibility when hacking occurs.
There are even criticisms that there is no post-verification process to re-examine the security system of affected companies after a breach or to analyze items overlooked during the audit stage, resulting in a paralyzed feedback structure.
Assemblyman Join Chul stated, "The core of the system's shortcomings lies in the irresponsibility of the Ministry of Science and ICT, which should be overseeing the ISMS system, and the passive response of KISA, which is in charge of its actual operation. Security is not a matter of technology, but of public safety. We must move beyond formal certification and establish a truly effective security system."
Hot Picks Today
!["Rather Than Endure a 1.5 Million KRW Stipend, I'd Rather Earn 500 Million in the U.S." Top Talent from SNU and KAIST Are Leaving [Scientists Are Disappearing] ①](https://cwcontent.asiae.co.kr/asiaresize/93/2026051914165468840_1779167814.png)
"Rather Than Endure a 1.5 Million KRW Stipend, I'd Rather Earn 500 Million in the U.S." Top Talent from SNU and KAIST Are Leaving [Scientists Are Disappearing] ①
- "Not Jealous of Winning the Lottery"... Entire Village Stunned as 200 Million Won Jackpot of Wild Ginseng Cluster Discovered at Jirisan
- "I'll Stop by Starbucks Tomorrow": People Power Chungbuk Committee and Geoje Mayoral Candidate Face Criticism for Alleged 5·18 Demeaning Remarks
- "I Will Give Them a Chance for Self-Examination": Chinese Scientific Community Shaken by Influencer's Preemptive Whistleblowing
- "How Did an Employee Who Loved Samsung End Up Like This?"... Past Video of Samsung Electronics Union Chairman Resurfaces
He added, "Through fundamental reforms such as introducing differentiated certification systems for high-risk industries, strengthening oversight functions for certification and audit agencies, and enhancing the expertise and accountability of audit agencies, we will establish ISMS as a security certification system that the public can trust."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
