As Hacking Risks Spread, Calls Grow for Stronger Cyber Liability and Insurance Mandates (Yonhap)
SEOUL, Dec. 8 (Korea Bizwire) — A series of large-scale personal data breaches at telecommunications companies and at e-commerce giant Coupang has revived concerns that South Korean firms have little incentive to purchase cyber insurance, despite growing systemic cybersecurity risks across the economy.
According to a report released Sunday by the Korea Insurance Research Institute, Kwangmin Jung, a professor at POSTECH, warned that major leaks involving digital platforms and telecom services — now essential public infrastructure — represent a new form of “systemic cyber risk,” capable of cascading into industrial, financial and social sectors.
Jung pointed to the recent Coupang incident and data leaks at leading telecom operators, noting that when firms with dominant or monopoly positions fail to secure their systems, cyberattacks such as phishing and smishing grow more sophisticated, creating secondary and tertiary losses through identity theft and account hijacking.
Despite the scale of recent breaches, the domestic cyber insurance market has struggled to expand. Many firms underestimate security risks, while low compensation burdens reduce the need to take out insurance policies.
In previous high-profile cases, including breaches at major credit card companies in 2014 and at online marketplace Interpark in 2016, courts awarded compensation of only about 100,000 won (roughly US$75) per victim.
The photo shows the personal information exposure notification text message that Coupang sent to affected customers on November 30. (Yonhap)
Although amendments to the Personal Information Protection Act that took effect this year raised maximum fines to 3 percent of annual revenue, actual damages paid to victims remain limited, weakening deterrence.
Jung argued that addressing systemic cyber risk — including mass data leaks, ransomware attacks and disruptions to national infrastructure — requires coordinated efforts by companies, insurers and government.
Companies must strengthen enterprise-wide risk management, insurers need greater underwriting and security expertise, and policymakers should establish a framework for disclosure, punitive damages and cooperative public–private insurance programs.
He also recommended that financial regulators adopt cyber risk stress tests based on extreme breach scenarios to evaluate systemic vulnerabilities among financial institutions and quantify potential spillover effects from cyber incidents at big tech and platform companies.
Ashley Song (ashley@koreabizwire.com)
