In the first half of 2026, the government will impose punitive fines of up to three percent of sales on companies that experience repeated security breaches.

The Ministry of Science and ICT announced the planned system as part of a cybersecurity policy package during a briefing for President Lee Jae Myung on Friday.

The punitive penalty would require new legislation and is separate from the Personal Information Protection Commission's push to levy up to ten percent of turnover for repeated and serious violations of the Personal Information Protection Act.

The ministry will also seek to raise the penalty for the delayed reporting of data breaches from its current 30 million won, or around 20-thousand U.S. dollars, to 50 million won, and to impose charges aimed at forcing companies to execute preventive measures.

Authorities' unannounced inspection of cybersecurity, currently limited to the nation's three leading mobile carriers, will expand to include platform operators, and the government will push for the development of an "AI cyber shield dome" for information sharing and hacking forecasts.