SK Telecom reduced cybersecurity spending over the past two years, lagging behind rivals KT and LG Uplus who ramped up investments after suffering major data breaches, data from South Korea’s internet regulator shows.

The spending cuts came under scrutiny after a hacking attack on April 19 compromised customer SIM-related data. Critics say the breach was a preventable failure caused by underinvestment in network security under CEO Ryu Young-sang.

Ryu Young-sang, CEO of SK Telecom, speaks during the company’s 41st annual general meeting at its T Tower headquarters in Euljiro, Seoul, on March 26, 2025./SK Telecom

In 2024, SK Telecom spent about 60 billion won ($43.5 million) on cybersecurity, down 4% from 62.7 billion won in 2022. By comparison, KT Corp. spent 121.8 billion won, while LG Uplus spent 63.2 billion won — both surpassing SK’s outlay.

KT raised its cybersecurity spending by 19% last year, while LG Uplus more than doubled its investment — a 116% jump from 29.2 billion won in 2022. Both operators had previously suffered high-profile cyberattacks that exposed millions of users’ personal data.

LG Uplus was hit in January 2023 by a hacking incident that leaked around 300,000 customer records onto illegal trading sites. South Korea’s Personal Information Protection Commission later fined the firm 6.8 billion won and imposed an additional administrative penalty of 27 million won.

KT experienced large-scale breaches in 2012 and 2014, which led to the personal information of more than 20 million users being leaked. Since then, both KT and LG Uplus have made cybersecurity a strategic priority.

Industry sources say SK Telecom’s lack of prior hacking incidents may have led to complacency. “The belief that ‘SK Telecom had never been breached’ bred complacency,” said an industry official. “Under CEO Ryu, the company funneled resources into AI while sidelining cybersecurity — a misstep that’s now come back to haunt them.”

SK Telecom spent 392.8 billion won on research and development in 2024 — 2.7 times more than LG Uplus and nearly double KT’s R&D outlay.

After detecting signs of a breach involving malicious code late on April 19, SK Telecom said it immediately deleted the malware and isolated affected equipment. The extent of the damage has not yet been confirmed.

CEO Ryu convened an emergency executive meeting on April 20, calling for “swift and transparent” action. In an internal message on April 22, he expressed “deep regret and responsibility,” urging employees to recheck all security measures and respond to customers with their best efforts.

SK Telecom operates its fixed-line business through its subsidiary SK Broadband. Even when combined, the two firms’ cybersecurity investment rose by just 0.8% over the past two years — far behind their peers.