KB Financial to launch voluntary information security disclosure

KB Financial Group said on Monday it plans to implement voluntary information security disclosures in the first half of this year to respond to changes in laws and systems related to information security and the trend toward ESG disclosures. It is a measure to prepare for a planned revision to the enforcement decree of the Information Security Industry Act, which is being pursued with an aim of taking effect in 2027.

Information security disclosures under the Information Security Industry Act are a system for externally publishing a company’s information security investment, workforce, certifications and operating status. Financial companies are not currently subject to mandatory disclosure, but they could be included if the enforcement decree is revised. KB Financial plans to externally disclose its group-wide information security status through the voluntary disclosure.

KB Financial plans to receive the Korea Internet & Security Agency’s pre-inspection consulting for information security disclosures. It plans to use the process to review the standards and methods for producing data for each disclosure item and to reorganise related management systems.

The measure is intended both to prepare for the introduction of the information security disclosure system and to treat information security as a non-financial risk management factor by refining disclosure levels and management systems.

KB Financial has been operating group information security and related management systems since 2026 by placing them under the holding company’s compliance officer. It plans to share consulting results and practical experience secured in the disclosure preparation process with affiliates to reduce differences in information security management levels across the group.

A KB Financial official said, “Information security disclosures are an important means of transparently showing users and the market the level of internal control and information security management capabilities of financial companies.” The official added, “We will continue to strengthen the trust-based foundation for financial consumer protection across the group by comprehensively considering the revision bill to the Information Security Industry Act and other factors.”