Korean companies actively designate information security officers

(Gettyimagesbank)

South Korean companies are introducing chief information security officer (CISO) titles in an effort to prevent hacking incidents and online data leaks.

According to the Ministry of Science and ICT and industry sources on Monday, the number of Korean companies that reported appointing a CISO reached 29,525 as of July 2024.

This trend includes not only large corporations with mandatory CISO appointments but also small and medium-sized enterprises and startups.

While a CISO may seem similar to a chief security officer (CSO) or chief privacy officer (CPO), the position has broader authority, including budget planning for security and establishing governance. Since January 2020, Korea has mandated that companies and organizations of a certain size designate a CISO and report it to the Ministry of Science and ICT.

Failure to comply results in fines, with repeated violations incurring penalties of up to 30 million won ($22,075).

Fintech startup Finda Inc. appointed a CISO in April.

Co-Chief Executive Officer Park Hong-min said that the company judged the appointment was necessary for the MyData business, which involves handling customer personal data.

Finda’s CISO oversees the company’s security by managing technical infrastructure, data protection, managing data entrusted by financial institutions, and regulatory compliance.

“We also manage data access control and data usage records while operating our credit scoring model and artificial intelligence (AI)-based suspicious transaction detection system,” the company said.

“With the rise of generative AI, the scope of data usage is expanding much faster than expected, likely leading to an increasing need for skilled CISOs who can quickly adapt information security policies to new technologies.”

Cuchen Co., a mid-sized home appliance company, also appointed a CISO.

“We appointed the officer at the department head level to establish an information protection management system, analyze security vulnerabilities, and prevent and respond to data breach incidents,” the company said.

Seoul Semiconductor Co. also appointed a CISO tasked with identifying security vulnerabilities in computer equipment and reviewing solutions, including antivirus software, firewalls and monitoring services.

“Practical authority given to CISOs and coordinated efforts across the organization can help protect our information assets,” said a company official.