South Korea’s financial watchdog is urging companies to lift cybersecurity spending, saying current budgets lag global peers even as significant cyber incidents continue to affect major firms.
Financial Supervisory Service (FSS) Governor Lee Chan-jin said recent breaches at large corporations indicate that the issue is not limited to technical shortcomings but reflects shortcomings in risk recognition at senior levels. “Looking at these recent incidents, there’s no comparison with the US, and, even compared to the international average, the level of security investment by Korean companies is extremely low. Companies do not fully recognise the risk that a breach of such systems could potentially bankrupt them,” Lee said at his first press briefing since taking office in August, as reported by Korea Times.
Referring to data from the Financial Security Institute (FSI), Lee said Korean corporates on average allocate 6.4% of their IT budgets to cybersecurity. Financial and insurance institutions spend more, at about 9.6%, but this remains below the roughly 13% reported at leading international financial institutions and the “20-something percent” reported at some European banks.
Lee cited the growing use of stablecoins and other digital assets by Korean financial firms as a factor that is increasing the need for robust systems and controls. He said virtual asset service providers are expected to meet similar cybersecurity standards as other regulated financial entities. “A breach exposing sensitive personal financial information could trigger consumer anxiety and endanger the very survival of financial firms,” he said.
Lee added that current laws and regulations do not yet fully reflect the scale and complexity of cyber exposures facing the financial sector. According to Lee, authorities are preparing legal changes that would more clearly link cybersecurity investment and system safeguards to corporate continuity, including stronger requirements around system security and consumer protection.
The discussion in Korea over cybersecurity investment is taking place against a backdrop of a new global analysis on capital markets impacts from cyber incidents, including those with reputational effects. Aon’s 2025 Cyber Risk Report examined 1,414 cyber incidents worldwide and identified 56 events that attracted substantial media attention and were followed by a measurable drop in share price. Companies involved in these reputation-related cases saw an average decline in shareholder value of 27%. This compares with an average 9% drop in shareholder value following major cyber events in Aon’s 2023 research, indicating that reputationally exposed incidents may result in larger market impacts than other cyber events in the sample.
According to the report, malware and ransomware incidents made up 60% of the reputation-linked cases, although they accounted for 45% of all events reviewed. For underwriters, this concentration has led to closer examination of insureds’ controls against these attack types, including backup and recovery procedures, network segmentation, and incident response planning.
