Astronomical Cost Increase Burden in the Future,
,
SK Telecom has decided not to accept a settlement proposed by the authorities to pay 300,000 KRW per person in compensation for the hacking incident that occurred last April. Industry insiders express concern that if such a precedent is set, the potential financial risks that companies will face could increase astronomically.
According to a report by Kukmin Ilbo on the 19th, SK Telecom has completed its legal review and plans to inform the Dispute Settlement Committee under the Personal Information Protection Commission of its decision not to accept the settlement before midnight on the 20th. November 20th is the deadline to decide whether to accept the settlement. Previously, the committee had proposed that SK Telecom pay 300,000 KRW per affected customer in a dispute settlement application filed by 3,998 customers affected by the hacking incident.
The main reason SK Telecom decided against accepting the settlement is the potential for triggering astronomical costs in the future. The immediate compensation for 3,998 people amounts to about 1.2 billion KRW, but if this settlement is finalized, it could open the door for all 23 million SK Telecom subscribers to apply for the same compensation. In mathematical terms, this could amount to nearly 7 trillion KRW. This settlement could also set a precedent for future cyber incident cases.
While some argue for severe accountability due to the failure to properly protect customer data, there are significant concerns that the punitive nature of this settlement could unintentionally create a “negative incentive” to further conceal hacking incidents.
According to the ‘2024 Information Protection Survey’ published by the Ministry of Science and ICT, more than 80% of companies have already experienced cyber incidents but have not reported them to the relevant agencies. A cybersecurity industry insider stated, “Including companies in the ‘gray area’ that hide the fact of cyber incidents, it is estimated that virtually 99% of companies conceal or independently handle hacking incidents,” adding, “As awareness grows that punishment outweighs benefits for reporting hacking incidents, it only benefits hackers.”