Cybersecurity Shifts to "Resilience" Focus
Recognizing the Possibility of Attacks and Strengthening Response Capabilities
Performance-Based Procurement and Establishment of Security Data Pools, Among Other Strategies

As the spread of artificial intelligence (AI) increases the importance of cybersecurity, there is a growing call to foster the domestic cybersecurity industry as a strategic sector that supports national competitiveness and industrial growth.


On July 1, the Korea Economic Association released a report titled “Cybersecurity Paradigm Shift and Strategies for Industry Revitalization,” commissioned to Professor Kim Gihyung of Ajou University. The report presented policy tasks to vitalize the cybersecurity industry, including: introducing a performance-based procurement system, establishing a security data pool, and creating dedicated growth support tracks.


The report diagnosed that the core of cybersecurity is shifting from “defense and perimeter-centered security,” which focuses on blocking external intrusions, to “resilience-centered security,” which maintains system stability and enables quick recovery even after an attack. While traditional security systems assumed the complete prevention of external threats, the report explained that it is now essential to acknowledge the possibility of attacks and to focus on capabilities that prevent system paralysis—these have emerged as core competitive strengths.


The “zero trust” approach, which fundamentally does not trust any user or activity regardless of network boundaries, was cited as a representative technology. The report, referencing the related strategies of the U.S. National Institute of Standards and Technology (NIST) and the U.S. Department of Defense, explained that the responsibility for security is expanding from traditional security departments to all members of an organization.


Korea Economic Association (KEA) Marker Stone. Photo by Yonhap News.

Korea Economic Association (KEA) Marker Stone. Photo by Yonhap News.

View original image

The market is also growing rapidly. According to the report, the domestic cybersecurity market is expected to grow from about 8.2 trillion won in 2025 to 18.2 trillion won by 2030. The compound annual growth rate during this period is projected at 17.3%, nearly double the global market growth rate of 9.1%. The report analyzes that the rapid increase in security demand—driven by the spread of AI and deepening digital dependency—positions cybersecurity as a new growth opportunity.


The report also presented examples from the United States and Israel. In the United States, the government sets the direction and standards for security systems and creates public demand, while the private sector leads technology development and service innovation, nurturing the industry ecosystem. The Cybersecurity Framework (CSF) of the U.S. National Institute of Standards and Technology (NIST) has become a standard used by both the public and private sectors. Companies are leveraging this framework to drive technology development, investment, and mergers and acquisitions (M&A), taking the lead in the global market.


Israel has referenced the U.S. system but developed its own cyber defense methodology (ICDM) reflecting its unique security environment and industrial characteristics. A key feature is the enhancement of compatibility with international standards, enabling companies that meet domestic criteria to naturally expand into overseas markets. The practical, real-world security capabilities of the military and intelligence agencies are connected to the startup ecosystem, and this has enabled Israel to produce security companies with global competitiveness despite a limited domestic market.


The Korea Economic Association analyzed that these cases illustrate the need for a clear division of roles between the government and the private sector. For the cybersecurity industry to achieve genuine growth, it is essential to establish a virtuous cycle in which the government provides direction and initial demand for the industry, while the private sector leads technological innovation and market expansion.


The report first suggested that the public procurement system should be shifted to a performance-based model. Currently, public procurement tends to focus on meeting predefined requirements or certifications, but going forward, the effectiveness of security services in actual operational environments should be evaluated. The U.S. Department of Defense’s Joint Warfighting Cloud Capability (JWCC) project was presented as a representative example, where vendors were selected based on measured responses to simulated attacks, communication disruptions, and forced access denials.


The report also proposed the establishment of a security data pool to advance AI-based security. The detection, analysis, and response capabilities of cybersecurity depend on how much real attack data is accumulated and learned. However, in Korea, individual companies often rely on data they have collected themselves, which poses limitations. The report suggested that security-related information accumulated by public institutions and key facilities should be anonymized and de-identified, then integrated so that private companies can use it to enhance research, development, and services.


The report also emphasized the need for a dedicated growth support track for promising security companies. While domestic security companies can receive some support in the early stages of their establishment, there is a lack of policy support as they try to scale globally after proving their technical prowess and market potential. The report stated that opportunities for participation in large-scale public projects should be expanded, and that policy financing, tax support, and export linkage programs needed for overseas expansion should be strengthened. It also included the need to improve the institutional foundation so that strategic investment in, and M&A of, security startups can serve as a means to advance the industry.



Kwon Hyukmin, head of the Growth Strategy Office at the Korea Economic Association, stated, “As advances in AI go beyond boosting productivity to raise national security concerns such as export controls, cybersecurity will become a strategic sector supporting both the stability and competitiveness of our industry. It is necessary to strengthen policy support so that domestic cybersecurity companies can demonstrate competitiveness not only in the domestic market but also globally.”


This content was produced with the assistance of AI translation services.

© The Asia Business Daily. All rights reserved. Unauthorized AI training and use prohibited.

Today’s Briefing