South Korea Financial Services Commission calls for CEO-led cybersecurity upgrades and readies fines disclosure and stronger CISO powers

The South Korea Financial Services Commission held a meeting with chief information security officers across all financial sectors to discuss measures to strengthen the financial sector’s capacity and resilience against cyberattacks following recent breaches. The Commission set an expectation that information security and customer data protection should be treated as a core management priority under chief executive accountability, warning that negligence or failures in operating cybersecurity systems will lead to strict investigations and sanctions. Financial companies were urged to proactively inspect and tighten their cybersecurity systems and protocols, including embedding information security from the design and development stage of services and products to ensure system stability. The Commission also stressed resilience measures such as keeping business continuity plans up to date, running recovery drills, and improving consumer protection manuals to ensure immediate customer notification of service suspensions or information breaches and faster remediation. Financial authorities requested firms to carry out thorough self-inspections under chief executive responsibility and to take immediate corrective action where deficiencies are identified. Alongside ongoing supervisory efforts, the authorities plan regulatory improvements to introduce punitive fines, establish a comparative disclosure system on cybersecurity status, and strengthen the authority of CISOs.