A bill to amend the Act on Promotion of Information and Communications Network Utilization and Information Protection that raises fines on corporations that report cyber hacking late or intentionally fail to report passed the Cabinet meeting.
The Ministry of Science and ICT said on the 24th that the bill to amend the Act on Promotion of Information and Communications Network Utilization and Information Protection was approved at a Cabinet meeting. The amendment strengthens the full range of measures from prevention to response to cyber incidents. In Oct. last year, the government established a "pan-government comprehensive information security plan" encompassing the private and public sectors, led by the Office of National Security, the cyber defense control tower.
First, the government strengthened the authority of the chief information security officer and mandated the establishment and operation of an information security committee within corporations.
The government created a basis to conduct on-site inspections even before corporations file a report if it secures indications of a hacking incident at a corporation. Fines related to delayed reporting or intentional non-reporting will also be raised.
In addition, corporations that do not implement recommendations for measures to prevent recurrence will be subject to compulsory performance charges. The government also introduced a penalty surcharge for corporations with repeated incidents.
At the Cabinet meeting that day, an amendment to the Digital Inclusion Act to protect digitally vulnerable groups, such as older adults and people with disabilities, from cybercrime and security incidents was also approved.
The amendment to the Act on Promotion of Information and Communications Network Utilization and Information Protection will take effect six months after promulgation. The amendment to the Digital Inclusion Act is scheduled to take effect one year after the promulgation date.
Bae Kyung-hoon, Deputy Prime Minister and Minister of the Ministry of Science and ICT, said, "I understand that the public is currently calling for proactive measures to improve digital security," and added, "This legal amendment will elevate the prevention and response system for cyber incidents by one step and provide a foundation to ease public anxiety."