The National Intelligence Service said on the 5th that it conducted on-site cybersecurity inspections of 152 national and public institutions, including central ministries, metropolitan governments and public agencies, and released the results of the 2025 cybersecurity status assessment.
This status assessment was conducted under Article 13 of the Cybersecurity Work Regulations for a total of 152 institutions, including 48 central ministries subject to government performance evaluation, 17 metropolitan governments and 87 public agencies. The results showed 32 institutions received an excellent rating, 114 received an average rating and 6 received an inadequate rating.
Among public agencies, 32 institutions, including Korea District Heating Corporation (KDHC), received an excellent rating, up by three from 29 in 2024. These institutions were found to have actively pursued continuous inspections of vulnerabilities and improvement efforts. Among them, Korea Land & Housing Corporation (LH) and Korea Petroleum Quality & Distribution Authority (K-Petro) were upgraded from average in 2024 to excellent in 2025 by expanding dedicated cybersecurity organizations and improving security management at outsourced project sites.
Among metropolitan governments, as in 2024, none received an excellent rating in 2025, and among central ministries, the number fell from three in 2024 to zero in 2025. The main reasons were analyzed to include insufficient control of unauthorized information technology (IT) devices.
Inadequate ratings occurred only among central ministries and metropolitan governments, affecting six institutions: the Korea Media and Communications Commission, the National Fire Agency, the Korea AeroSpace Administration, the Overseas Koreans Agency, the Seoul Metropolitan Government and South Chungcheong Province. The Korea Media and Communications Commission fell from average in 2024 to inadequate in 2025 due to reasons such as shortages of dedicated cybersecurity personnel and management capabilities. The National Fire Agency, the Overseas Koreans Agency, the Seoul Metropolitan Government and South Chungcheong Province were rated inadequate for the second consecutive year.
The National Fire Agency and the Overseas Koreans Agency were flagged for low interest and improvement efforts in cybersecurity across their organizations. The Seoul Metropolitan Government made some improvements, such as establishing a dedicated unit, but was cited for inadequate security management due to a lack of personnel relative to system scale. In South Chungcheong Province, security measures for major vulnerabilities identified in 2024 were not sufficiently implemented.
Many institutions were conducting only perfunctory drills that assumed real situations such as the National Information Resources Service fire in 2025, and, in particular, central ministries were found to be overly reliant on the National Information Resources Service for backup and recovery measures.
The National Intelligence Service (NIS) plans to focus on checking whether disaster recovery systems are established and real-world recovery drills are conducted, as well as controlling unauthorized access to key systems, in the 2026 status assessment. It also supported the Ministry of the Interior and Safety and the Ministry of Economy and Finance so that these results can be reflected in government performance evaluations, and raised the weighting of the cybersecurity status assessment in public institution management evaluations from 0.25 points to 0.6 points.
An official at the National Intelligence Service (NIS) said, "We will accurately assess the level and capabilities of security management at national and public institutions and provide comprehensive security consulting for institutions rated inadequate," and added, "We will continue to make preemptive improvements to the identified problems so that the overall national security level can be raised."