- 1 Definition / Scope
- 2 Market Overview
- 3 Key Metrics
- 4 Top Market Opportunities
- 5 Market Drivers
- 6 Market Restraints
- 7 Industry Challenges
- 8 Technology Trends
- 9 Regulatory Trends
- 10 Market Size and Forecast
- 11 Market Outlook
- 12 Competitive Landscape
- 13 Key Market Players
- 14 Strategic Conclusion
- 15 Further Reading
- 16 Appendix
Definition / Scope
Cyber defense is a computer network defense mechanism which prevents, detects and provides responses to threats towards sensitive information or infrastructure. It provides security to information for organizations, government entities and other possible networks.
China is currently one of the most powerful and largest economies in the world. Driven by national security and social stability concerns, China has passed numerous laws and regulatory policies for cyber security. China’s Cyber security and defense system reflects a broader aim of regulating cyberspace activities and counteract threats. The rapid growth in digital commerce, electronic payment methods, cloud computing and the internet use, has given rise to new cyber security concerns. This in turn has given rise to companies providing cyber security in China. The country has moved rapidly to construct a policy and regulatory framework spanning cyber security, the digital economy, and online media content.
In 2012, when security of systems and infrastructure was based on legislation alone, the Chinese Cyber security market was worth RMB 29 billion US dollars.
In 2014, National People’s Congress (NPC) Standing committee was established for cyber security and information exchange. In July 2016, cyber security law was officially passed and the market then was worth RMB 33.6 billion. It then increased to 49.7 billion RMB in 2018.
Beijing is building a national-level cyber-security industrial park to boost the industry and tap into the potential of domestic tech companies.The national-level park in the capital city was launched in late 2017 with the aim to develop a RMB 100-billion (US$14.8 billion) market for cyber security in Beijing, contributing more than 330 billion yuan to the country’s GDP growth by 2020, according to the official Xinhua News Agency.
The cybersecurity companies that have signed up, including 360 Enterprise Security Group and Beijing Veda Information Technology Co, will move into the park’s two branches in Beijing’s Haidian and Tongzhou districts, according to the Beijing Municipal Bureau of Economy and Information Technology.
|Base Year||2018||Researched through internet|
Top Market Opportunities
Increase in the E commerce penetration across industry verticals
Large numbers of firms are conducting their business on online ecosystem.Their websites and digital communications are at high risk of being exposed cyber attacks and breaches. With increasing number of companies in online platform, opportunities to cater to specific needs of companies are also increasing.
Leveraging artificial intelligence (AI) and machine learning for cyber defense
AI has already displayed limitless potential in various applications across different industries such as hospitals and manufacturing. Likewise, deploying AI for cyber-security solutions will help protect organizations from existing cyber threats and help identify newer malware types too. AI-powered cyber-security systems can also ensure effective security standards and help in the creation of better prevention and recovery strategies. China is currently making extensive use of AI in domestic surveillance applications and planning to expand to cyber defense and national security in the near future.
Growing Security Budgets In 2018, Chinese companies spent 23.5 percent more money on cyber security than global average. Majority of financial, telecommunication, media and e-commerce sectors are spending heavily on cyber security. Larger companies are investing more in security than smaller businesses. Organizations with 500 or more staff account for 60 percent of China Cyber security spending.
Increase in the frequency and sophistication of cyber threats Attackers are using various forms of cyber attacks such as through social engineering. It includes manipulation through phishing and vishing. In November of 2018 a ransom ware spread rapidly across China that infected more than 100,000 computers. It also includes an additional ability to steal users' account passwords for Alipay (an online payment account) and emails. Researchers at a Chinese cyber security company named Velvet security created and released a free ransomware decryption tool that can easily unlock encrypted files for victims without requiring them to pay any ransom. As the frequency and sophistication is increasing, need for extensive research is increasing as well, driving the cyber security market to grow.
Stringent data protection government regulations for information security China’s new cyber law requires businesses operating Critical information infrastructure (CII) to keep all personal and important data collected in China within the border. If a CII operator wants to transfer such data overseas, it must pass a security assessment by China’s government. To conduct such assessment expert companies are appointed by the government.
Increase in the number of supply chain-based attacks exploiting the software supply chain
Cyber attackers are targeting both software developers and suppliers in an attempt to gain access to source code, processes and internal servers. Their goal is to get their malware onto a software application that will be deployed to multiple organizations easily. Such increasing number of supply chain attacks is creating demands for sophisticated cyber security.
Limited security budget among Small and Medium enterprise (SMEs) SMEs are essential for the Chinese economy as they currently make up about 97% of all enterprises in China. However, these companies have lower security budget and cannot afford high end software security packages.
Use of pirated and open source cyber security solutions
Individuals and small businesses are using pirates or copied cyber security packages in China. They are stealing 8.7 Billion US Dollars worth pirated software in a year. Over 70 percent of all the software used in China is pirated and out of them 5.7% are cyber security packages. This has become a major challenge for cyber security and software companies in China.
Chinese companies are not independent of its government. Domestic companies in China are finding it challenging to comply with rigorous laws and regulations, as China's cyber security law took effect in June 2017. Many standards have used intentionally broad language around verification and testing to give the government broad discretion. This way the government’s position can change at any time as it leverages the vagueness of the rules. This is more challenging to the foreign firms operating in Chinese market. Foreign firms are facing pressure to submit source code or undergo other kinds of invasive audits of IP to comply with the regulations which might discourage foreign investment.
Increasing complexity of cyber threats
As the cyber threats are increasing in number and sophistication, cyber security companies need to keep adapting to rapidly evolving technology. This is costly to both the service providers and users.
Artificial intelligence (AI) and new technologies are driving a revolution in cyber security. Big Chinese tech firms such as Qihoo 360 and Baidu, have been making large investment in this industry. Chen Zhaoxiong, vice minister of Industry and Information Technology, said the government will invest in promoting innovation, research and development of internet use, big data analytics and AI.
China is isolating itself from international IT technologies and developing its own IT industry. The country is maintaining its sovereign position by running state-owned telecommunication companies (China Telecom, China Unicom and China Mobile). This has helped in reducing data/information theft conducted through phones. In addition, the government promotes its own technological standards through state-run programs encouraging consumers to purchase government products. Furthermore, the new cyber security law aims to create a separate and heavily controlled Chinese cyberspace. Some of the provisions under the law are:
- Individuals have the right to require network operators to correct errors in personal information collected or stored by them. Network operators should take measures to remove or correct the errors.
- People who violate the Law and engage in activities that endanger cyber security may be detained for 5 to 15 days and may be fined RMB 100,000 - RMB1,000,000, depending on the severity of the case.
- Individuals or organisations are responsible for the use of their networks, and shall not set up websites or communications groups for fraudulent purposes or other illegal activities.
Market Size and Forecast
In June 2017 China passed a new cyber-security law that covered all businesses that manage their own email and other networks. The law also requires business information within China to be kept on domestic servers and not transferred abroad without permission.
China accounted for the largest share of 31.4% of the Asia-Pacific cyber security market in 2017. This is mainly attributed to the increased wired and wireless internet usage, growth of e-commerce, and the rise in the adoption of cloud computing by many organizations in the country.
By 2018, China had 2,681 cyber security enterprises. Beijing, Guangdong and Shanghai were the most popular areas with 957, 337 and 279 companies respectively. Information Security Industrial Park of China has 17 registered companies with a total investment of 4.5 billion yuan. Likewise, the park in Chengdu in Sichuan Province in the southwest was launched in April 2016, with total investment reaching 50 billion yuan. In the capital of Central China’s Hubei province, the National Cybersecurity Talent and Innovation Base was established in September 2016. As of September 2018, 53 companies have registered with total of 235 billion yuan in investment.
In 2018, Chinese companies spent 23.5 percent more money on cyber security than global average Chinas Cyber security market is expected to reach RMB 100 billion (USD 14.6 billion) by 2022, nearly tripling from the current RMB 35 billion (USD 5.1 billion).
The China Academy of Information and Communications Technology (CAICT) stated in a report that the market was worth 33.6 billion yuan in 2016 and in 2019, the Chinese cyber security system market is predicted to grow by almost double to approximately 60.2 billion yuan (8.7 billion US dollars).
As of December 2018, China has 2681 registered, legally run cyber security enterprises. The companies registered under the following three cyber security parks hold the majority of share in the Chinese Market. Beijing’s park, Tianjin's Binhai Information Security Industrial Park and, Sichuan Province’s park in the southwest have the company holding highest number of market shares.
Because of the Great Fire Wall (the combination of legislative actions and technologies enforced by the People's Republic of China to regulate the Internet domestically) Chinese tech companies took an extreme way to set up the unfair competition.From giving the product for free to stopping other enterprise from succeeding, Chinese enterprises have taken the competition to the extreme. When Qihoo 360 came out with a free antivirus software in 2009 it won over the Chinese cyber security market.Although they were free, the software made users install and accept bond-installations like 360 web browser. Qihoo made profit by selling ads in the browser and gained a record-breaking market share. Although, enterprise like Wechat never did malicious jobs or improper competition, the company had to face unfair competition from software like Didi and Kuaidi. is a miracle in China. One of the investor of Didi, banned any marketing campaign content from Kuaidi and Wechat.
Most of the Chinese don’t want to pay for the software they installed. Payment free software doesn’t mean ad-free, and they more prone to cyber attacks. These software would display a lot of advertisements to users or bond-install other software to make a profit, and gain large market shares.
Key Market Players
Beijing Venustech Inc.
Venustech Group Inc., established in 1996 A.D. is a Chinese company, engaged in the research and development, manufacture and distribution of information and network security products. Some of their product and services are: Security gateway, intrusion prevention, anti-DDoS, vulnerability scanning, security audit, security management platform, data security, industrial safety, information security consulting and risk assessment services.The company’s market capital as of June 2019 is ¥25,779.91 million. It is the largest cyber security providing company in China holding 12.56% of market share in 2018. The company sold ¥3,618.83 million worth of products in 2018.
WESTONE Information Industry Inc
Westone Information Industry Inc., established in 1998, is one of the most large-scale information security companies in China. The company owns top-level native intelligence in commercial confidentiality area. The company’s market capital as of June 2019 is ¥21,997.94 million. Some of its major products are: Password equipment, cryptographic modules, cryptography, network security, host security, data security and security management, secure desktop cloud, and secure storage.
NSFOCUS Information Technology Co Ltd.
NSFocus established in 2000 A.D. is an internet and application security company that delivers holistic, carrier-grade, hybrid DDoS Mitigation and Web Security.It’s main focus is on providing security ATM and credit card transactions. Some of the services provided by the company are Anti-DDoS, firewall, intrusion prevention, Web security, threat analysis, data leakage, and vulnerability scanning. In2018, ¥2,080.05 million worth of NSFocus products were sold in China.
As the number of cyber attacks is increasing, costs of mitigating such risks are rising. Breakthrough technologies could be the answer to finding and reversing this increasing expense. Investments in enabling security technologies, such as security intelligence and threat sharing, can help to reduce the cost of cybercrime. Similarly, Automation and advanced analytics can be used to investigate cybercrime and enhance recovery efforts.
New privacy regulations, such as GDPR and CCPA , should be implemented in China which extend considerable fines for non-compliance to security protocol are not followed by people and organizations.
- CCPA: California Consumer Privacy Act
- GDPR: General Data Protection Regulations