Vice Chairman Kwon Dae-young of the Financial Services Commission presided over a meeting with chief information security officers (CISOs) of financial companies representing all financial sectors to have discussions on ways to strengthen the capacity and resilience against cyberattacks in the financial sector on September 23. Today’s meeting was held in the wake of recent cyber breaches targeted at the financial sector with the purpose of raising alertness and boosting response capabilities.

A Summary of Vice Chairman’s Opening Remarks

The government and financial companies need to reassess the critical nature of cyber and information security in the financial sector to make it a top priority.

First, in order to prevent cyber breaches targeting financial companies, which can inflict significant damages to consumers, the duty of ensuring information security and protection of customer data should be considered as a key management priority of financial companies under the responsibility and leadership of chief executives. In this regard, financial companies will need to step up efforts to strengthen the capacity and resilience against cyberattacks commensurate with the external growth shown in the financial sector.

Second, financial companies should take proactive steps and go the extra mile to tightly inspect and operate their own cybersecurity systems and protocols. From the stage of designing and developing services and products, financial companies need to give top consideration for information security to ensure system stability and the establishment of a well-functioning cybersecurity system. When cyber breaches take place at financial companies due to their negligence or failure of properly operating a cybersecurity system, financial companies will be subject to strict investigation and sanctions.

Third, as an essential element for preventing damages from cyberattacks and quickly resuming services thereafter, financial companies need to step up efforts to bolster resilience, keep their business continuity plans up-to-date, and conduct recovery drills to make sure the effectiveness in their responses. In addition, financial companies should work on making improvements to their consumer protection manuals to make sure that consumers are notified of service suspension or information breach immediately when cyberattacks take place and to speed up the remedial process.

Further Plan

The financial authorities requested financial companies to thoroughly inspect their own cybersecurity systems and protocols with the highest level of alertness under the responsibility of chief executive officers and demanded immediate actions for making improvements to the areas found to be deficient.

While making continuous efforts to prevent cyber breaches and bolster financial companies’ cybersecurity capacity, the financial authorities also plan to seek regulatory improvements for introducing a punitive fine, establishing a comparative disclosure system on cybersecurity status, and strengthening authority of CISOs.

* Please refer to the attached PDF for details.