Three major hacks in two months expose Korea’s shortage of full-time cybersecurity staff

Researchers at South Korea’s Electronics and Telecommunications Research Institute work on technology that automatically shifts server addresses to make it harder for hackers to find and target systems. (ETRI)

South Korea is grappling with a wave of major cyberattacks, yet many businesses still lack full-time cybersecurity staff. The disconnect is becoming more dangerous as high-profile breaches expose personal data and disrupt critical services.

On Monday, police launched an investigation into a hack targeting the academic submission platform (jams.or.kr) of the National Research Foundation. The attack, reported to regulators on June 16, compromised 120,000 records containing names, birth dates, email addresses and phone numbers.

This incident follows a string of others. On June 9, Yes24, one of South Korea’s largest online bookstores and ticketing services, suffered a ransomware attack that brought its entire system down for five days. The outage halted book sales and concert ticketing nationwide.

In April, telecom giant SK Telecom disclosed that hackers had breached its network, leaking nearly 10 gigabytes of sensitive USIM card data linked to over 26 million subscribers. While no known fraud has occurred yet, the breach was serious enough to prompt an apology from the SK Group chairman on May 7.

SK Group Chairman Chey Tae-won bows in apology during a public address in Seoul on May 7 following a major hacking incident at SK Telecom. (Newsis)

Most Korean companies have treated cybersecurity as an afterthought.

A government survey from 2024, conducted among 27,000 companies by the Ministry of Science and ICT and the Korea Information Security Industry Association, found that just 8.7 percent of businesses believed they needed cybersecurity personnel.

Even among large firms with more than 1,000 employees, only 14 percent said they saw a need. Just a third of companies (33.2 percent) said they plan to hire additional security staff within a year.

When companies were asked why they were not hiring, nearly half (48.8 percent) said their existing staff could manage. Only about one in four (23.8 percent) pointed to a lack of qualified candidates.

Of the country’s 79,509 cybersecurity workers, the research said only 28 percent focus solely on security. Most juggle multiple IT roles, and nearly 8 percent are outsourced entirely.

Pay is another issue. The average annual salary for a cybersecurity specialist in South Korea is 54 million won ($39,580). That drops to 46 million won at small and mid-sized firms, and even at major corporations, it barely reaches 63 million won.

In comparison, cybersecurity professionals in the US earn more than three times that amount on average, at around $127,000, according to the US Bureau of Labor Statistics. Experienced hires often make more, and some global companies offer upwards of $200,000 to compete for skilled workers.