Major game companies in Korea were found to have neglected information security investment last year. Despite Nexon and KRAFTON recording their 'largest ever' sales last year, their investment ratios in information security were only 0.56% and 0.35% of sales, respectively. As the importance of security grows with recent hacking incidents involving SK Telecom and YES24, criticism is mounting regarding the irresponsibility of game companies that hold personal information of game users.
According to the Korea Internet & Security Agency (KISA) information security report on the 29th, Nexon Korea had the highest information security investment at 22.7 billion won among companies obligated to disclose their information security status last year. Following this were ▲NCSOFT (18.1 billion won) ▲KRAFTON (9.6 billion won) ▲Com2uS (8.6 billion won) ▲Netmarble (5.6 billion won) ▲Kakao Games (3.6 billion won) ▲Wemade (3.1 billion won). The Ministry of Science and ICT and KISA impose an obligation to disclose information security status annually to listed companies with sales over 300 billion won and IT service companies with an average daily user base of over 1 million.
The problem is that last year's information security investment amounts from game companies were significantly low compared to their total sales. Netmarble recorded sales of 2.6638 trillion won last year, but its investment ratio in information security was the lowest at 0.21%. In addition, Kakao Games and Wemade achieved sales in the 700 billion won range last year, with respective investment ratios of 0.48% and 0.43%. The only companies exceeding 1% were Com2uS (1.24%) and NCSOFT (1.14%).
The proportion of personnel dedicated to information security within game companies varied by company. Last year, Nexon Korea had the highest number of dedicated information security personnel with 163, while NCSOFT also exceeded 100 with 101. This was followed by ▲Netmarble (37) ▲KRAFTON (33) ▲Com2uS (29) ▲Kakao Games (20) ▲Wemade (16). Dedicated information security personnel are responsible for establishing corporate information security strategies, system security, incident response, and certification management.
However, there were differences in the number of dedicated information security personnel compared to the total number of employees within game companies. Com2uS had the lowest proportion with 1.95% dedicated personnel among its total employees (1,480). KRAFTON also had 1.96%, below 2%, among its total employees (1,680). In comparison, Netmarble had the highest proportion at 4.70% among its total employees (786). Nexon Korea and Kakao Games also recorded 4.16% and 4.06%, respectively. NCSOFT and Wemade had dedicated personnel ratios of 2.03% and 2.74%, respectively, among their total employees.
Game companies hold a large amount of personal information regarding game users, and security is crucial as any server downtime can severely impact performance. Last year, during a live broadcast of the domestic esports league LCK for 'League of Legends (LoL),' a DDoS attack caused the match to be interrupted, affecting Riot Games and renowned professional gamers.
Furthermore, with advancements in technology leading to more sophisticated DDoS attacks, there is a growing need for expanded investment in security. Hackers hack user IDs to steal game-specific cash or items, and also trade users' personal information.
Yum Heung-ryeol, an honorary professor of information security at Soonchunhyang University, noted, "Given that the game industry operates in a digital environment, security must be prioritized because a breach can be fatal." He added, "As the perception that closed networks are safe was shattered by the SK Telecom hacking incident, game companies should actively expand their information security investments based on risk assessment results."