Encryption: A Strategic Business Decision That Turns Crisis into Opportunity
In 2025, large-scale data breaches both in South Korea and abroad have made one thing abundantly clear: cybersecurity is no longer a technical issue but a critical business risk. One of the most significant incidents occurred at Coupang, South Korea’s largest e-commerce platform, where the personal data of approximately 33.7 million users was leaked. This information, which included names, addresses, phone numbers, apartment unit numbers, common entrance passcodes, and purchase histories, had been stored without encryption.
With personal information of nearly two-thirds of the national population exposed, customer trust quickly deteriorated. Coupang now faces a potential class-action lawsuit with discussions underway regarding punitive damages—a scenario that represents not just a technical failure, but a severe crisis in governance. The leaked data could be exploited for secondary crimes such as voice phishing and smishing. In response, South Korea’s Personal Information Protection Commission has increased monitoring of illegal data circulation on the internet, including on the dark web.
The fallout for Coupang continues to escalate. The company faces regulatory fines that could reach as high as 1.2 trillion KRW (approx. USD 900 million), not to mention astronomical civil compensation costs and the invisible expense of rebuilding customer trust.
Japan has not been immune to similar threats. In 2024, Asahi Group, a leading Japanese beverage manufacturer, suffered a ransomware attack that compromised data from 2 million individuals, including customers and employees. The attack paralyzed logistics operations, halted product shipments, and caused a 40% drop in revenue compared to the previous year. Once their data was stolen, the entire business ground to a halt.
Ironically, encryption is one of the most effective defenses against ransomware attacks. Today’s attackers frequently target backup data, either encrypting it or deleting it to ensure recovery is impossible. According to a report by the Korea Internet & Security Agency (KISA), 43% of ransomware incidents in Korea also infected backup files. However, when companies encrypt backup data and store it in an isolated environment, attackers cannot destroy it without the decryption key.
These events highlight a critical truth: the only way to protect data itself is through encryption. Unencrypted data, like that leaked in the Coupang case, is immediately exploitable. In contrast, encrypted data is rendered useless without the corresponding decryption keys. South Korea’s Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization mandate encryption of sensitive personal data using secure algorithms. Recent amendments have increased criminal liability for executives if encryption and other safety measures are not properly implemented.
Still, encryption should be seen not only as a legal obligation but as a core business strategy. It is nearly impossible to prevent all cyberattacks, but it is entirely feasible to minimize their impact. If Coupang had encrypted its user data and managed keys appropriately, it could have prevented much of the damage and preserved customer trust. This is the essence of business continuity.
Data security is no longer the sole responsibility of IT departments. Cyberattacks now pose a direct threat to a company’s stock price, revenue, and brand equity. Executives must stop viewing encryption as a cost and start recognizing it as a long-term investment. Considering the potential customer attrition, legal liabilities, financial losses, and brand recovery expenses, encryption is a far more cost-effective safeguard than any reactive measure.
Moreover, global data protection regulations are tightening. Encryption now transcends regulatory compliance. It has become a critical business decision that protects customer trust and brand value while accelerating recovery in times of crisis.
As encryption emerges as a central pillar of corporate strategy, companies are no longer seeking just encryption technologies—they are seeking proven implementation experience. The biggest concern during adoption is often the potential performance impact on existing systems. However, outcomes vary significantly depending on implementation expertise. In many cases, solutions refined through years of deployment across diverse environments can actually enhance performance.
From this perspective, Penta Security’s encryption platform D.AMO stands out. Since commercializing data encryption in Korea in 2004, D.AMO has been adopted across various industries and systems, amassing invaluable know-how over 21 years. As of 2025, it holds a cumulative 55% market share in Korea’s public procurement sector for 18 consecutive years and has maintained a strong presence in Japan since its market entry in 2004.
With a Japanese subsidiary and a robust local partner network, Penta Security is uniquely positioned to understand and address regulatory and business requirements in both Korea and Japan. This makes D.AMO a practical choice for companies engaged in cross-border operations between the two countries.
In a year marked by unprecedented data breaches, the value of data as a core corporate asset has never been clearer. Cyberattacks are not a matter of “if” but “when.” The key question is whether a business can continue operating when under attack. Encryption provides a definitive answer.
Ultimately, it is up to corporate leadership to decide: bear the high cost of recovery after an incident, or invest in encryption now to build organizational resilience. This decision will shape the future of the business.
Click here to subscribe our Newsletter
Click here for inquiries regarding the partner system of Penta Security
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D.AMO
Check out the product lines of Cloudbric by Penta Security:
Cloud-based Fully Managed WAAP: Cloudbric WAF+
Agent based Zero Trust Network Access Solution: Cloudbric PAS
Agentless Zero Trust Network Access Solution: Cloudbric RAS
Click here for inquiries regarding the partner system of Cloudbric