The Personal Information Protection Commission pushed an information security enhancement project on the 10th of last month, but no corporations submitted bids. As a series of large-scale personal data leaks caused by cyberattacks have occurred this year, analysts say cyber defense corporations are reluctant to take on projects from the Personal Information Protection Commission, the lead agency.
According to the industry on Jan. 10, the Personal Information Protection Commission issued a notice last month for an information security enhancement project to prevent cyberattacks. The Personal Information Protection Commission is looking for a small security firm to provide consulting to strengthen a comprehensive personal information protection system, but not a single firm submitted a bid for the open tender that closed on Jan. 8.
Industry officials say the budget set by the Personal Information Protection Commission (PIPC) for the project is low at 100 million won, and corporations refrained from bidding out of concern that, if a security incident occurs later, the consulting firm would be caught up in blame. Security consulting projects like those from the Personal Information Protection Commission are typically sought-after work in the security industry, but with successive hacking incidents this year, the risks of working with the Personal Information Protection Commission (PIPC) have increased, and firms appear to be shunning the bids.
An official at the Personal Information Protection Commission (PIPC) said, "We plan to expand the bidding target from small businesses to small and midsize businesses and increase the budget to issue a new notice."