As South Korea grapples with a surge in cyberattacks and massive data breaches, this commentary argues that Seoul must adopt a framework of “strategic agility,” a nimble approach that balances domestic corporate accountability with the flexibility to respond to shifting global threats from North Korea and beyond. As the Lee administration redefines its national security, the lessons learned here offer a vital blueprint for how modern democracies can protect their citizens in an increasingly contested and high-stakes digital landscape.
Editor’s Note: Dr. GO Myong-Hyun is a senior research fellow at the Institute for National Security Strategy (INSS). Previously, Dr. Go was a senior fellow at the Asan Institute for Policy Studies in Seoul. His research applies quantitative perspectives to traditional and non-traditional security issues. Dr. Go is widely cited by the international media, with special focus on the nexus between traditional and non-traditional security domains. Dr. Go is an adjunct senior fellow at the Center for a New American Security (US) and an associate fellow at the Royal United Services Institute (UK). He received his Ph.D. in policy analysis from the Pardee RAND Graduate School (US).
By James Kim, Director, Korea Program
In 2025, cybersecurity was a serious and persistent problem in South Korea, with an over 26% increase in breaches, including large-scale hacking incidents in telecommunications and e-commerce. In response, the new administration announced a comprehensive inter-ministerial data protection policy guidance as it works to formulate a more comprehensive national strategy that is likely to be announced sometime later this year or next year. Looking ahead, what might this new strategy look like? In this commentary, we argue for an approach of strategic agility, where the South Korean government keeps its options open to allow for sudden changes in an increasingly uncertain geopolitical environment while addressing the evolving threat in the cyber domain.
The inter-ministerial data protection policy, which places corporate responsibility at the forefront and strengthens accountability for breaches, provides some hints and clues. As the Lee administration strives to formulate an effective domestic framework to protect the personal data of the Korean public, it will also have to accommodate demands for market access and the policy continuity of the previous administration’s aggressive posture against foreign cyber threats. In this commentary, we assess the state of the cybersecurity landscape and consider what the new inter-ministerial policy would mean for South Korea’s cybersecurity strategy. In conclusion, we recommend several potential additional considerations drawn from lessons learned in other countries, such as the United States.
Cyber Threats in South Korea
The most recent available data from South Korea suggests that the trend in illicit cyber activity has continually increased with the number of incidents going up over time (See Figure 1).
Figure 1. Number of Cyber Crime Cases in South Korea, 2015-24
The highest number of incidents are related to cyber fraud and defamation, but the enforcement data appears to show a good track record of addressing this problem (See Figure 2).
Figure 2. Number of Incidents of Cybercrimes in South Korea, 2014-23
One thing to notice is that while the incidence of hacking, malware, and financial crimes has been relatively low, those are the most difficult crimes to punish or remedy (See Figure 3).
Figure 3. Percentage of Cybercrimes Enforced, 2014-23
The shift in focus has so far been welcomed domestically. The South Korean public has expressed anger over the past year by revelations of massive data breaches at major ICT firms. For instance, SK Telecom alone is believed to have lost the personal data of about 27 million subscribers to unknown hackers, while another major telecom firm, KT, saw its mobile network compromised by unauthorized cell stations. In both cases, the companies were forced to replace sim cards for all of their customers.
The latest breach affected Coupang — the largest online retail company in South Korea, which is based in the United States. Though a large number of accounts were accessed, the company founder stated that the threat actor exfiltrated a limited number of records, and all of the data was fully recovered without being disseminated. Nonetheless, the South Korean National Assembly has moved to hold a series of contentious hearings to examine the risk to users while the police has initiated an investigation.
Towards a New Cybersecurity Strategy?
It is within this context that the current administration launched its new inter-ministerial policy and is likely to announce a new national cyber strategy sometime in the coming months. Besides highlighting data protection, the new strategy will likely continue to emphasize safeguarding critical ICT infrastructure and the importance of international cooperation, but it will also raise the issue of corporate responsibility and accountability. Based on our reading of the inter-ministerial policy guidance announced last year, the approach favored by the administration appears to emphasize vulnerability inspections, corporate accountability through mandatory disclosures, consumer protection, and punitive enforcement measures. Other elements, such as regulating domestic companies, protecting consumers, and developing the domestic security industry, will very likely get carried over as well.
What remains to be seen is whether the policy prescriptions in the 2024 strategy of preemptively detecting and analyzing sources of attack will continue in the new national strategy. The previous strategy focused mostly on what most observers refer to as an “offensive cyber defense” that emphasized three main activities: 1) establishing public attribution procedures to identify and hold perpetrators accountable; 2) strengthening joint deterrence through cybersecurity advisories with partner countries like the U.S., UK, and Japan; and 3) implementing preemptive, proactive responses.
The pivot to offensive cyber defense was a marked shift from South Korea’s cybersecurity strategy adopted in 2019. Offensive cyber defense is a concept similar to the American “defend forward” policy in which there is a greater emphasis on forward-looking or preemptive actions to halt or disrupt malicious cyber activity at their source rather than depending on response or deflection alone. This approach is not without controversy, and some would argue that it operates in a legal grey zone — although others would say that this is true for much cyber activity beneath the threshold of armed conflict. Nonetheless, at the moment, greater openness about offensive cyber capabilities or a readiness to embrace active defense seems to be the direction of travel for several states, including Australia, Japan, and the United Kingdom.
The Basic Plan that accompanied South Korea’s 2024 strategy offered some further insight into how the government intended to pursue or implement offensive cyber defense, although some of these activities, like attribution and issuing joint statements, do not necessarily fall within active or offensive defense measures and are instead important tools for accountability and deterrence that will hopefully be maintained and strengthened, through such tools as a national attribution framework.
That said, the 2024 National Cybersecurity Strategy adopted an explicitly offensive posture toward North Korea. This offensive posture paralleled the U.S. approach and reflected the overall centrality of deterrence in South Korea’s policy towards the North. There are several changes underway within the broader context that may require some rethinking of this approach.
First, policymakers must recognize that there are other threat actors of concern besides North Korea, and it would be wise for any new strategy to account for the actions of other nation states or criminal networks. It is reasonable to consider an approach that emphasizes more robust cyber defense, incident response capability, and public awareness raising given the recent series of data breaches. A new strategy could build on how these elements were approached in the past, such as through minimum-security requirements for national infrastructure operation systems and adoption of zero trust security models.
Second, a potential change in the geopolitical space that would signal a return to engagement with North Korea and more stable US-China relations could mean that the U.S. may adopt a softer posture than the “Defend Forward” doctrine.
However, there is also some concern over recent policy decisions and budget cuts in the U.S. that are affecting the foundations of American cyber defense and resilience. If this continues, it could have implications for beneficiaries and partners of cyber foreign aid or other assistance.
The U.S. is set to release a new cybersecurity strategy at any time, and many anticipate that it will emphasize cost imposition and deterrence. Already in 2026, the U.S. has shown unusual openness concerning its offensive capabilities, notably in the January operation in Venezuela.
The Lee administration has inherited a robust foundation of US-ROK cybersecurity cooperation, and the August 2025 Trump-Lee summit reaffirmed expanded collaboration in cyberspace alongside AI and defense technology partnerships. The 2024 Strategic Cybersecurity Cooperation Framework already commits both nations to bilateral alignment, countering North Korean cyber threats, and regional capacity-building. However, South Korea will need to keep its approach to cybersecurity cooperation more agile as it attempts to address the evolving threat in the cyber domain while adapting to the increasingly uncertain geopolitical environment.
Toward Strategic Agility: A Case for South Korea’s Evolving and Adaptive Approach to Cybersecurity
By Allison Pytlak • Myong-Hyun Go • J. James Kim
Korean Peninsula
As South Korea grapples with a surge in cyberattacks and massive data breaches, this commentary argues that Seoul must adopt a framework of “strategic agility,” a nimble approach that balances domestic corporate accountability with the flexibility to respond to shifting global threats from North Korea and beyond. As the Lee administration redefines its national security, the lessons learned here offer a vital blueprint for how modern democracies can protect their citizens in an increasingly contested and high-stakes digital landscape.
Editor’s Note: Dr. GO Myong-Hyun is a senior research fellow at the Institute for National Security Strategy (INSS). Previously, Dr. Go was a senior fellow at the Asan Institute for Policy Studies in Seoul. His research applies quantitative perspectives to traditional and non-traditional security issues. Dr. Go is widely cited by the international media, with special focus on the nexus between traditional and non-traditional security domains. Dr. Go is an adjunct senior fellow at the Center for a New American Security (US) and an associate fellow at the Royal United Services Institute (UK). He received his Ph.D. in policy analysis from the Pardee RAND Graduate School (US).
By James Kim, Director, Korea Program
In 2025, cybersecurity was a serious and persistent problem in South Korea, with an over 26% increase in breaches, including large-scale hacking incidents in telecommunications and e-commerce. In response, the new administration announced a comprehensive inter-ministerial data protection policy guidance as it works to formulate a more comprehensive national strategy that is likely to be announced sometime later this year or next year. Looking ahead, what might this new strategy look like? In this commentary, we argue for an approach of strategic agility, where the South Korean government keeps its options open to allow for sudden changes in an increasingly uncertain geopolitical environment while addressing the evolving threat in the cyber domain.
The inter-ministerial data protection policy, which places corporate responsibility at the forefront and strengthens accountability for breaches, provides some hints and clues. As the Lee administration strives to formulate an effective domestic framework to protect the personal data of the Korean public, it will also have to accommodate demands for market access and the policy continuity of the previous administration’s aggressive posture against foreign cyber threats. In this commentary, we assess the state of the cybersecurity landscape and consider what the new inter-ministerial policy would mean for South Korea’s cybersecurity strategy. In conclusion, we recommend several potential additional considerations drawn from lessons learned in other countries, such as the United States.
Cyber Threats in South Korea
The most recent available data from South Korea suggests that the trend in illicit cyber activity has continually increased with the number of incidents going up over time (See Figure 1).
Figure 1. Number of Cyber Crime Cases in South Korea, 2015-24
The highest number of incidents are related to cyber fraud and defamation, but the enforcement data appears to show a good track record of addressing this problem (See Figure 2).
Figure 2. Number of Incidents of Cybercrimes in South Korea, 2014-23
One thing to notice is that while the incidence of hacking, malware, and financial crimes has been relatively low, those are the most difficult crimes to punish or remedy (See Figure 3).
Figure 3. Percentage of Cybercrimes Enforced, 2014-23
The shift in focus has so far been welcomed domestically. The South Korean public has expressed anger over the past year by revelations of massive data breaches at major ICT firms. For instance, SK Telecom alone is believed to have lost the personal data of about 27 million subscribers to unknown hackers, while another major telecom firm, KT, saw its mobile network compromised by unauthorized cell stations. In both cases, the companies were forced to replace sim cards for all of their customers.
The latest breach affected Coupang — the largest online retail company in South Korea, which is based in the United States. Though a large number of accounts were accessed, the company founder stated that the threat actor exfiltrated a limited number of records, and all of the data was fully recovered without being disseminated. Nonetheless, the South Korean National Assembly has moved to hold a series of contentious hearings to examine the risk to users while the police has initiated an investigation.
Towards a New Cybersecurity Strategy?
It is within this context that the current administration launched its new inter-ministerial policy and is likely to announce a new national cyber strategy sometime in the coming months. Besides highlighting data protection, the new strategy will likely continue to emphasize safeguarding critical ICT infrastructure and the importance of international cooperation, but it will also raise the issue of corporate responsibility and accountability. Based on our reading of the inter-ministerial policy guidance announced last year, the approach favored by the administration appears to emphasize vulnerability inspections, corporate accountability through mandatory disclosures, consumer protection, and punitive enforcement measures. Other elements, such as regulating domestic companies, protecting consumers, and developing the domestic security industry, will very likely get carried over as well.
What remains to be seen is whether the policy prescriptions in the 2024 strategy of preemptively detecting and analyzing sources of attack will continue in the new national strategy. The previous strategy focused mostly on what most observers refer to as an “offensive cyber defense” that emphasized three main activities: 1) establishing public attribution procedures to identify and hold perpetrators accountable; 2) strengthening joint deterrence through cybersecurity advisories with partner countries like the U.S., UK, and Japan; and 3) implementing preemptive, proactive responses.
The pivot to offensive cyber defense was a marked shift from South Korea’s cybersecurity strategy adopted in 2019. Offensive cyber defense is a concept similar to the American “defend forward” policy in which there is a greater emphasis on forward-looking or preemptive actions to halt or disrupt malicious cyber activity at their source rather than depending on response or deflection alone. This approach is not without controversy, and some would argue that it operates in a legal grey zone — although others would say that this is true for much cyber activity beneath the threshold of armed conflict. Nonetheless, at the moment, greater openness about offensive cyber capabilities or a readiness to embrace active defense seems to be the direction of travel for several states, including Australia, Japan, and the United Kingdom.
The Basic Plan that accompanied South Korea’s 2024 strategy offered some further insight into how the government intended to pursue or implement offensive cyber defense, although some of these activities, like attribution and issuing joint statements, do not necessarily fall within active or offensive defense measures and are instead important tools for accountability and deterrence that will hopefully be maintained and strengthened, through such tools as a national attribution framework.
That said, the 2024 National Cybersecurity Strategy adopted an explicitly offensive posture toward North Korea. This offensive posture paralleled the U.S. approach and reflected the overall centrality of deterrence in South Korea’s policy towards the North. There are several changes underway within the broader context that may require some rethinking of this approach.
First, policymakers must recognize that there are other threat actors of concern besides North Korea, and it would be wise for any new strategy to account for the actions of other nation states or criminal networks. It is reasonable to consider an approach that emphasizes more robust cyber defense, incident response capability, and public awareness raising given the recent series of data breaches. A new strategy could build on how these elements were approached in the past, such as through minimum-security requirements for national infrastructure operation systems and adoption of zero trust security models.
Second, a potential change in the geopolitical space that would signal a return to engagement with North Korea and more stable US-China relations could mean that the U.S. may adopt a softer posture than the “Defend Forward” doctrine.
However, there is also some concern over recent policy decisions and budget cuts in the U.S. that are affecting the foundations of American cyber defense and resilience. If this continues, it could have implications for beneficiaries and partners of cyber foreign aid or other assistance.
The U.S. is set to release a new cybersecurity strategy at any time, and many anticipate that it will emphasize cost imposition and deterrence. Already in 2026, the U.S. has shown unusual openness concerning its offensive capabilities, notably in the January operation in Venezuela.
The Lee administration has inherited a robust foundation of US-ROK cybersecurity cooperation, and the August 2025 Trump-Lee summit reaffirmed expanded collaboration in cyberspace alongside AI and defense technology partnerships. The 2024 Strategic Cybersecurity Cooperation Framework already commits both nations to bilateral alignment, countering North Korean cyber threats, and regional capacity-building. However, South Korea will need to keep its approach to cybersecurity cooperation more agile as it attempts to address the evolving threat in the cyber domain while adapting to the increasingly uncertain geopolitical environment.
Recent & Related