In an information society where the majority of citizens are connected through networks, the destructive power of personal data breaches rivals that of natural disasters. The convenience of accessing nearly all services—financial, shopping, telecommunications—using only data that proves one's identity simultaneously carries the potential risk of being exploited by others at any time. The Cambridge Analytica scandal that emerged in 2018 is a prime example. The British political consulting firm Cambridge Analytica collected data from 87 million Facebook users without authorization and used it for political manipulation, including the U.S. presidential election and Brexit. It was a symbolic incident demonstrating that data poses a real threat capable of shaking a nation's economy, security, and social safety.
Constantly leaking personal information is threatening citizens' daily lives. Combined information such as phone numbers and names that have leaked from telecommunications, financial institutions, and online platforms is leading to secondary crimes including voice phishing that causes massive financial damage, going far beyond simple spam advertising.
Despite the growing risk of such breaches, many companies still treat information security investment as a burden of questionable value. The recent case of Louis Vuitton Korea, which was sanctioned by the Personal Information Protection Commission, starkly illustrates this reality. A single employee's device being infected with malware led to the leak of approximately 3.6 million customers' information. The root cause was the company's complete reliance on an external vendor's cloud-based Software-as-a-Service (SaaS) for customer management, citing cost reduction and administrative convenience. It was a man-made disaster caused by pursuing efficiency alone.
According to the Korea Internet & Security Agency (KISA), information security investment as a share of total information technology (IT) investment among 773 companies subject to disclosure requirements stood at just 6.3%. This figure shows that security remains a "low-priority area" rather than a core investment target.
As security threats become increasingly sophisticated and the scale of damage grows, companies can no longer escape responsibility simply by promising to "prevent recurrence." Coupang was summoned to a National Assembly hearing following a management shakeup, and SK Telecom was hit with a massive fine of 134.8 billion won. The government and ruling party are pushing measures to strengthen companies' statutory liability for damages in the event of personal data breaches. It is now time for companies to recognize security not as a mere cost, but as a core management priority directly tied to their survival.
![[Reporter's Eye] Personal Data Protection: A Matter of 'Survival,' Not 'Cost' - Seoul Economic Daily Technology News from South Korea](/_next/image?url=https%3A%2F%2Fwimg.sedaily.com%2Fnews%2Fcms%2F2026%2F02%2F18%2Fnews-p.v1.20260217.0b137edbf9a84ba89ebdfe4478e77484_P1.jpg&w=3840&q=75 "Data Protection Now Matter of Survival, Not Just Cost")