Netmarble, a major domestic game company that recently suffered a leak of the personal information of 6.11 million people, was found to have the smallest information security investment among the so-called 3N (Nexon, Netmarble, NCSOFT) game companies.
According to the information security disclosure status provided by the Korea Internet & Security Agency (KISA) on the 28th, Netmarble's information security investment expenditure for the past year was about 5.7 billion won, accounting for 5.2% of the total information technology investment expenditure of 110 billion won. During the same period, NCSOFT invested 18.2 billion won and Nexon Korea invested 22.8 billion won in the security field, while Krafton, which ranks No. 1 by market capitalization among domestic listed game companies, spent 9.7 billion won.
Spending in the information security field also showed a clear decline. Netmarble invested 7.3 billion won in information security in 2021, but that decreased to 6.6 billion won the following year, dropped again to 5.2 billion won in 2023, and recorded a slight increase to 5.7 billion won last year, a 27% decrease over three years. In contrast, despite a marked decline in game revenue since 2022, NCSOFT increased its information security investment by about 12% over three years from 16.2 billion won in 2021 through last year. During the same period, Nexon Korea increased by 67% and Krafton by 138%.
The Ministry of Science and ICT has operated the information security disclosure system through KISA since 2021. ISPs (internet service providers), internet data centers (IDCs), tertiary general hospitals, cloud service providers, listed corporations with annual sales of 300 billion won or more, and corporations with an average of 1 million or more daily users of information and communications services are required to submit their information security status every year.
Earlier, Netmarble said the previous day that hacking at its PC game portal site for go and janggi resulted in the leak of information on 6.11 million customers and employees, according to its own investigation. It also explained that more than 31 million IDs and passwords that remained in dormant status, which cannot be used to identify individuals, and the names and email information of owners of some 66,000 PC cafe franchise locations prior to 2015 were leaked together.