On April 23, 2026, Lee & Ko entered into a strategic collaboration agreement (the Alliance Agreement) with Palo Alto Networks (Netherlands) B.V. Palo Alto Networks), a global AI cybersecurity leader. Palo Alto Networks (NASDAQ: PANW) offers a comprehensive portfolio of solutions and platforms across Network, Cloud, Security Operations, AI, and Identity, serving over 70,000 customers worldwide. The company is backed by Unit 42, its renowned threat intelligence and incident response team, and maintains a significant presence across both enterprise and public-sector clients in Korea. The Alliance Agreement, signed by Sanggon Kim, Managing Partner of Lee & Ko, and Sangkyu Park, the representative of Palo Alto Networks Korea, establishes a framework for ongoing cooperation between the two organizations in cybersecurity advisory, threat intelligence sharing, and joint client-facing initiatives.
Korea’s Cybersecurity Landscape: Recent Incidents and Legislative Response
The Alliance Agreement comes at a time when cybersecurity has emerged as a critical concern across all sectors of the Korean economy. In 2025, Korea experienced a series of high-profile cyber incidents — most notably the SK Telecom and Coupang incidents. Large-scale breaches also affected major credit card companies, online gaming platforms, and financial institutions throughout the year.
In direct response to these developments, the Korean legislature moved swiftly to overhaul the country’s data protection and cybersecurity framework through a series of amendments enacted in early 2026:
Amendments to the Personal Information Protection Act (PIPA) — passed February 12, 2026. The amendments establish the CEO as the ultimate responsible person for data protection, strengthen the role and independence of the Chief Privacy Officer (CPO) — including mandatory board-level appointment and reporting for entities meeting prescribed thresholds — and introduce punitive administrative penalties of up to 10% of total revenue (in addition to the existing 3% general cap) for repeated or large-scale violations involving willful misconduct or gross negligence. In addition, the scope of breach notification obligations has been expanded to cover not only confirmed breaches but also situations where there is a recognized possibility of a breach, and ISMS-P certification has been made mandatory for certain categories of data processors (effective July 1, 2027).
Amendments to the Network Act — passed March 12, 2026. The amendments require the designation of an executive-level CISO with expanded responsibilities (including personnel and budget oversight and board reporting), mandate the establishment of information security committees for entities meeting prescribed thresholds, and introduce annual information security level assessments by the Ministry of Science and ICT (MSIT). Incident reporting timelines have been tightened to 24 hours from awareness, and a new Incident Investigation Review Committee has been established with authority to initiate investigations based on suspected — not only confirmed — incidents. For repeated incidents caused by willful misconduct or gross negligence (two or more within five years), administrative penalties of up to 3% of relevant revenue may be imposed, supplemented by daily penalty payments of up to 0.03% of average daily revenue for non-compliance with corrective orders.
Both sets of amendments will generally take effect six months after promulgation.
In a regulatory environment that now demands 24-hour incident reporting, mandatory board-level cybersecurity governance, and revenue-based punitive sanctions, the ability to mobilize integrated legal and technical resources rapidly has become essential. By combining Lee & Ko’s established strengths in data privacy regulation, enforcement defense, and cybersecurity litigation with Palo Alto Networks’ technical forensics and threat intelligence capabilities, the Alliance Agreement is designed to enable a more comprehensive and timely advisory service for clients navigating this landscape.
Lee & Ko’s Cybersecurity Track Record
Lee & Ko has been at the forefront of cybersecurity incident response in Korea and has successfully handled a series of landmark cases, including large-scale data breaches involving major credit card companies, leading online gaming platforms, and e-commerce operators. Most recently, the firm was engaged from the earliest stages of the investigation into the SK Telecom data breach in 2025 — one of the most significant cybersecurity incidents in Korea’s history.
Drawing on this extensive track record, Lee & Ko has established a dedicated Cyber Incident Response Team staffed with legal specialists across data privacy, IT/security, financial regulation, criminal defense, and litigation, as well as former officials from the Personal Information Protection Commission (PIPC), the MSIT, the Financial Supervisory Service (FSS), the National Intelligence Service, and the Prosecutor’s Office. The team operates a 24-hour rapid response hotline and works in close coordination with leading cybersecurity researchers and technical experts to provide real-time support during regulatory on-site inspections and law enforcement investigations. Together with Lee & Ko’s broader Data Privacy & Cybersecurity Practice Group — comprising more than 50 professionals — the team delivers end-to-end legal services across every phase of a cybersecurity incident: from golden-hour crisis advisory and regulatory investigation response to legislative engagement, statutory interpretation, and related civil, criminal, and administrative proceedings, including class-action defense arising from large-scale data breaches.
***
If you have any questions regarding this article, please contact below:
Hwan Kyoung KO (hwankyoung.ko@leeko.com)
Sunghee CHE (sunghee.chae@leeko.com)
Kyung Min SON (kyungmin.son@leeko.com)
Sejin JUNG (sejin.jung@leeko.com)
Jaeyoung CHANG (jaeyoung.chang@leeko.com)
Matt Younghoon MOK (younghoon.mok@leeko.com)
For more information, please visit our website: www.leeko.com
