Eight out of 10 South Korean companies recognise information security as important, a survey shows. But 7.5 percent of firms said they were not aware whether a security breach had occurred, highlighting the need to strengthen detection and response capabilities.
The Ministry of Science and ICT, together with the Korea Information Security Industry Association, on March 27 released results of the 2025 Information Security Survey. The survey covered 5,500 companies with networks and at least 10 employees, and 3,000 internet users aged 12 to 69.
In the corporate survey, 80.6 percent of firms said information security is “important”. The top difficulties related to information security work were “securing an information security budget” at 49.1 percent, followed by “operating and managing information security systems and frameworks” at 45.7 percent and “searching for needed information security products and services” at 42.6 percent.
Firms with information security policies or rulebooks accounted for 52.6 percent, and those providing information security training came to 32.7 percent. Training rates were relatively lower among small and mid-sized companies, confirming a gap by company size.
Among firms that conduct information security work, which accounted for 79.9 percent, 35.3 percent had an information security organisation. By organisation type, the share of “dual-role organisations” was high regardless of company size, while “dedicated organisations” accounted for a larger share as company size increased.
Some 54.8 percent of all firms used an information security budget. The top area of spending was “maintenance and repair of information security products and solutions” at 78.0 percent, followed by “installing or expanding video surveillance equipment such as CCTV at business facilities” at 57.4 percent and “purchasing information security products and solutions” at 28.6 percent. Reasons for not using a budget included “the current business area is unrelated to information security” at 37.0 percent, “not knowing what information security-related activities are needed” at 33.4 percent and “no guarantee of perfect defence against breaches” at 32.7 percent.
Only 0.2 percent of firms said they had experienced security incidents. But 7.5 percent said they were “not aware” whether breaches had occurred, suggesting the need to strengthen detection systems and response capabilities in advance. Among firms that experienced incidents, 31.4 percent reported them to relevant agencies or investigative authorities, and reporting was highest at 43.6 percent among firms with at least 250 employees.
In the individual survey, 65.3 percent of respondents said they are interested in information security issues. The share that said they are “concerned” about security incidents was 72.5 percent, and 59.2 percent said news of such incidents is “relevant” to them.
The incidence rate of individuals experiencing security incidents was 8.5 percent. By type, “hacking of personal mobile devices” was most common at 44.7 percent, followed by “hacking of personal computers” at 34.9 percent and “external data leakage due to illegal access to personal electronic devices” at 28.0 percent. The share who reported their damage was 41.2 percent, and the top reason for not reporting was “because the damage was not serious” at 59.7 percent.
Lim Jeong-gyu (임정규), director general for information security network policy at the ministry, said the survey comprehensively measures awareness and the state of information security among individuals and companies, as well as breach experience and response activities. It is used to diagnose the level of security capability across the industry beyond simple incident statistics and as baseline data for establishing mid- to long-term information security policy, he said.
Click Here For The Original Source
