[2025 National Audit] Kang Junhyun Points Out "Repeated Security Incidents in Financial Sector, No One Held Accountable"
Repeated Post-Incident Investigations... Serious Lack of a Control Tower
Calls for Simulated Hacking, Mandatory On-Site Inspections, and Punitive Sanctions
Assemblyman Kang Junhyun is questioning Chairman Lee Okwon during the National Assembly audit of the Financial Services Commission. Photo by National Assembly
View original imageKang Junhyun, a member of the National Assembly's Political Affairs Committee (Democratic Party of Korea, Sejong-eul), urged Lee Eogwon, Chairman of the Financial Services Commission, during the National Assembly audit of the Financial Services Commission, Korea Development Bank, and Industrial Bank of Korea held on October 20, to grant the Financial Security Institute substantial authority to prevent security incidents and stop the spread of damage. He pointed out that "the Financial Security Institute is currently limited to a de facto advisory role regarding security incidents in the financial sector, making it impossible to respond immediately."
Assemblyman Kang stated, "The Financial Security Institute was established in 2014 in response to the data breach incident involving three credit card companies. It is responsible for 24-hour monitoring, analysis, technical support, and education, but lacks legal supervisory and enforcement authority, so it cannot serve as a true control tower." He expressed concern, adding, "The Financial Supervisory Service can only impose sanctions after the fact, while the Financial Security Institute is limited to making recommendations."
He further criticized the fact that, over the past five years, there were a total of 159 electronic financial incidents at eight specialized credit card companies, but only 20% received a "satisfactory" rating in their internal IT audits. In particular, Lotte Card conducted only one internal security audit in the past five years, yet the Financial Security Institute did not even have the authority to require corrective action.
Furthermore, he pointed out that although SGI Seoul Guarantee received the highest rating (S) from the Financial Security Institute for four consecutive years, its IT systems were paralyzed for 81 hours by a ransomware attack in July. Similarly, Lotte Card suffered a large-scale personal data breach just two days after obtaining ISMS-P certification.
He concluded that the Financial Security Institute's evaluations and certifications are limited to formal, document-based procedures.
Assemblyman Kang proposed several institutional improvements, including: ▲ strengthening the authority of the Financial Security Institute and granting it practical enforcement powers ▲ introducing simulated hacking items in regular information security evaluations ▲ moving away from document-based evaluations and making on-site inspections mandatory ▲ implementing punitive fines for serious incidents.
He also argued that companies that do not conceal incidents and make early voluntary reports and efforts to remedy damages should be given mitigating factors.
He emphasized that, in order to dispel public distrust over "slap-on-the-wrist penalties" whenever a security incident occurs, it is time to abandon the current loose, post-incident response system and establish a trustworthy financial security system through effective inspections and by strengthening the authority of the Financial Security Institute.
Hot Picks Today
If They Fail Next Year, Bonus Drops to 97 Million Won... A Closer Look at Samsung Electronics DS Division’s 600M vs 460M vs 160M Performance Bonuses
- Opening a Bank Account in Korea Is Too Difficult..."Over 150,000 Won in Notarization Fees Just for a Child's Account and Debit Card" [Foreigner K-Finance Status]②
- [Local Election Interview] Chu Kyung-ho: "Daegu Needs a Competent Economic Expert... Attracting the Semiconductor Industry"
- Room Prices Soar from 60,000 to 760,000 Won and Sudden Cancellations: "We Won't Even Buy Water in Busan" — BTS Fans Outraged
- "Who Is Visiting Japan These Days?" The Once-Crowded Tourist Spots Empty Out... What's Happening?
Chairman Lee Eogwon of the Financial Services Commission responded, "It seems necessary to operate systematically," adding, "Monitoring, prevention, detection, and sanctions must be carried out consistently and effectively." He also explained, "I believe there is a growing need for the Financial Supervisory Service and the Financial Security Institute to respond closely together."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
!["Please Help Us": How Much Do Those Bowing 90 Degrees These Days Actually Earn? [Data Pick]](https://cwcontent.asiae.co.kr/asiaresize/307/2026052010120870131_1779239528.png)
