29-07-2025
New threats, new protection: Rising cyberattacks push Korea to rethink digital insurance
Hanwha, Samsung move to fill coverage gap as corporate breaches fuel demand
A string of high-profile cyber incidents — from SK Telecom's data breach to a ransomware attack on Seoul Guarantee Insurance — has raised alarm over digital vulnerabilities and spurred Korean insurers to ramp up cyber coverage.
Leading the response is Hanwha General Insurance, which in November launched its Cyber Risk Management Center, the first dedicated cyber risk division established by a Korean insurer.
As part of its strategy, Hanwha formed a three-way partnership with global cybersecurity firm Theori and leading Korean law firm Shin & Kim, which operates a team specializing in digital and IT-related legal issues.
Samsung Fire & Marine has also stepped up, establishing a cyber risk team last year and launching a policy in May tailored to small- and mid-sized firms — those with under 100 billion won ($72 million) in revenue and fewer than 3 million data subjects.
Still nascent market
Despite rising threats, Korea's cyber insurance market remains underdeveloped. A 2024 report by Munich Re estimated Korean cyber premiums at just $50 million, only 0.3 percent of the global total and placing it among the smallest in Asia.
Domestically, cyber insurance accounts for just 1 percent of Korea's non-health accident insurance market.
Awareness is also low. A 2024 Korea Internet & Security Agency survey showed only 14.5 percent of companies were aware of cyber insurance, while just 2.7 percent had purchased a policy.
Yet threats are mounting. Reported incidents in Korea more than doubled from 630 in 2020 to 1,277 in 2023, then rose another 48 percent to 1,887 in 2024. In just the first half of 2025, major breaches hit SK Telecom, GS Retail, Olive Young, SGI and Yes24, exposing gaps in corporate defenses across sectors.
In Korea, many companies still downplay cyber risks, viewing insurance as a supplementary response measure rather than an essential preventive safeguard.
A KISA survey reflected worsening awareness. In 2024, only half of 6,500 companies had a data security budget, down from 68 percent in 2022. Of those, just 0.6 percent spent over 100 million won, while 75 percent spent less than 5 million.
The only mandatory policy is liability insurance for data breaches, required of firms with over 1 billion won in revenue and more than 10,000 data subjects. As of last year, only 10 percent of eligible firms — about 7,800 — were enrolled.
Even among the insured, coverage is often inadequate. SK Telecom, whose USIM breach affected 23 million subscribers, was covered for just 3 billion won, including the 1 billion won legal minimum. With USIM replacement alone estimated at 170 billion won, most of the burden remains uninsured.
Regulators are starting to take notice. At a parliamentary hearing on the SKT breach, Rebuilding Korea Party lawmaker Lee Hai-min said, 'The 1 billion won coverage under personal data compensation insurance falls far too short to meaningfully compensate consumers in large-scale hacking cases,' calling for higher limits and stronger mandates to drive preventive investment.
'Cyber risks are mostly intangible and hard to quantify, and firms tend to avoid costs tied to abstract risks. On the other end, insurers face challenges in underwriting due to their interconnectedness and large-scale losses," stated Kwon Soon-il of the Korea Insurance Research Institute, urging policy incentives such as tax benefits and premium subsidies, along with clearer terms and broader coverage for broader adoption.
The insurance industry is seeing growing demand. 'Until now, most firms subscribed only to basic liability policies, but the SK Telecom and SGI breaches have prompted many to reassess their coverage,' said an industry official.
Newer comprehensive policies are particularly gaining attention for their flexibility. They allow companies to tailor plans, such as adding emergency response coverage or avoiding overlaps with existing policies, the official added.
At Hanwha General, cyber insurance revenue doubled from November to May.
Meanwhile, Munich Re expects the global cyber insurance market to grow 37 percent to $21 billion by 2027. In Korea, it's projected to rise 80 percent to $90 million — still modest, but showing clear momentum.
