At a recent forum on deliberate hacking concealment held by the National Assembly, concerns were raised about the structure that incentivizes companies to hide evidence of hacking incidents due to the costs associated with transparency. Understandably, there have been high-profile hacking incidents involving telecom and platform companies, leading to criticism that some firms intentionally obscured evidence to avoid consequences. Lawmaker Lee Hae-min emphasized that the current system imposes lower penalties for destroying or concealing evidence than for disclosing hacking incidents, which results in companies focusing on minimizing their reported damages rather than genuinely addressing the issues.

Participants at the forum supported Lee's assertions, noting that the existing laws create a perverse incentive, where companies are faced with the choice of either paying fines for concealment or risking corporate crises through public disclosures. Professor Choi Hyun-woo from Sungshin Women's University added that the choice between paying fines and risking customer trust is problematic and effectively normalizes the concealment of evidence. The ambiguity surrounding corporate accountability and the structured response to hacking incidents blurs the line between legitimate incident response and evidence destruction.

Although recent amendments to the Information and Communications Network Act have been introduced to strengthen government enforcement measures, there still seems to be a lack of robust frameworks. Once enacted, these laws will empower the government to impose coercive fines on companies that refuse to cooperate in investigations. The Personal Information Protection Commission is also expected to enforce mandatory documentation retention, indicating a slow but positive shift towards more accountable corporate behavior in the face of cybersecurity threats.