In recent years, with the continuous improvement of China’s information technology sector and growing emphasis on data protection, the domestic cybersecurity market has rapidly matured. There are many enterprises providing network security products, with different models, fierce market competition, and low concentration.
The evolution of cybersecurity presents numerous opportunities for businesses and organizations. In recent years, China has expanded its cybersecurity capabilities due to concerns about the security of its national data and the need for more personal information protection in the digital economy. In this article, we analyze the latest developments in China’s cybersecurity industry and examine the market opportunities for foreign investors.
China’s cybersecurity market at a glance
In 2021, the scale of China’s cybersecurity market reached RMB 62.7 billion (US$8.64 billion), an increase of RMB 9.5 billion (US$1.3 billion), or 17 percent, compared to 2020. Indeed, the country’s cybersecurity market has entered a period of rapid development, mainly driven by two factors: policy compliance and industrial upgrading. Notably, network security services have become the fastest-growing track in the market with enterprises allocating a higher budget of their security spending on cybersecurity services.
In 2022, China’s cybersecurity market revenue will reach US$14.05 billion, with cyber solutions representing the largest market segment with a total volume of US$9.42 billion.
In a 2021 draft of its most comprehensive policy plan for the cybersecurity industry in China, the Ministry of Industry and Information Technology (MIIT) mandated that significant industries like telecommunications allocate 10 percent of their IT upgrade budget to cybersecurity by 2023.
The Chinese government anticipates the cybersecurity industry to be valued at more than RMB 250 billion (US$38.6 billion) by the same year. To achieve this, Beijing is encouraging the development of increasing demand for goods and technologies such as data security monitoring and artificial intelligence-powered (AI) threat detection.
Factors behind the rising demand for cybersecurity
In the digital age, Chinese companies are responsible for an ever-increasing number of information and data transactions. These businesses are currently the main targets of cyberattacks, and because of organizational system weaknesses, critical data frequently leaks. Internet users in China have experienced financial losses of up to RMB 91.5 billion (US$12.62 billion) between 2016 and 2017 due to personal information leakage, fraud, spam email, and other similar issues.
Another factor is the rate of expansion of Internet coverage and speed. The Broadband China Project, which aims to deliver access to controlled high-speed broadband networks to 95 percent of the urban population, is an example of this. Additionally, China’s State Council has plans to invest US$22 billion in expanding broadband network infrastructure in rural areas of the country. This investment focuses on providing improved internet services to approximately 30 million households and covers about 50,000 villages.
Lastly, China has a high number of smartphone users. These smartphones utilize various applications that collect sensitive personal data: apps for processing online transactions and social networks make the Internet a highly vulnerable place exposing users’ data to cyberattacks.
Cybersecurity tools are thus essential in managing and safeguarding such individual and enterprise exposure online, thereby propelling the demand for cybersecurity products in China.
Cloud-based solutions enhance the vulnerability of the system
Businesses are aware of the benefits of saving money and resources by moving their data to the cloud rather than creating and maintaining new data storage, which is what is driving the demand for cloud-based solutions and subsequent growth in the use of on-demand security services.
These benefits encourage large corporations and small and medium-sized enterprises (SMEs) in China to adopt cloud-based solutions more frequently. In the upcoming years, it is projected that cloud platforms and ecosystems will serve as the catalyst for a rapid increase in the volume and scope of digital innovation.
In 2021, 143,319 information system vulnerabilities were documented by the MIIT information-sharing portal for cybersecurity threats and vulnerabilities. 86,217 of these were classified as “medium risk” and 40,498 as “high risk”.
At the same time, 753,018 distributed denial-of-service (DDoS) assaults were reported by China Telecom, China Mobile, and China Unicom in 2021, a 43.9 percent drop from 2020. The number of cybersecurity threats and vulnerabilities reported to the MIIT portal as of 2021 was 88,799, down 60.9 percent from the same period in 2020.
In December 2021, the MIIT discontinued its partnership with Alibaba’s cloud unit and several other information-sharing platforms over cyber-security threats. Such measures demonstrate Beijing’s commitment to tighten control over vital data and cyberinfrastructure for national security. China’s state-owned enterprises (SOEs) were also required to transfer their data from private operators.
Increase in cybersecurity incidents
Cybersecurity incidents have sharply increased in China because of the growing organizational adoption of digitization and the use of related technology as part of enterprise operations. Powered by 5G networks, Chinese devices are now more interconnected than ever.
According to the China Internet Network Information Center (CNNIC), as of December 2021, internet users reported not having experienced cybersecurity problems in 62 percent of cases – a figure that remained consistent with December 2020.
Additionally, the rate of personal information leakage among Internet users was the greatest at 22.1 percent; Internet fraud affected 16.6 percent of users; 9.1 percent of users reported having their devices infected with viruses, and 6.6 percent of them reported having their accounts or passwords stolen.
China’s regulation of cybersecurity
Cybersecurity in China is fast becoming synonymous with national security and state sovereignty. To shorten the gap with international counterparts in the US and the EU and improve the country’s overall security and defense capabilities, the Chinese government has released several regulatory measures to emphasize network security.
Beijing’s three-year cybersecurity plan doubles as a cyber defense strategy that aims to fortify its digital assets as part of its drive for a resilient digital economy.
The national 14th Five-Year Plan proposes to strengthen cyber security guarantee systems and capacity building, data resources, as well as networks and information systems in essential sectors.
To focus on network and data protection in China, the government enacted the country’s first Cybersecurity Law in 2016, which then became effective in 2017. To make the law consistent with the various legislation released in its aftermath, several amendments to the Cybersecurity Law were released in September 2022. The law now covers the following:
- Network operators must comply with basic data protection and cybersecurity requirements, such as the Multi-Level Protection Scheme (MLPS) standards.
- It offers operators of critical information infrastructure (CII) a framework for regulation.
- It provides pre-sale certification standards for essential network equipment and network security goods. It creates a cybersecurity assessment process for network products and services that could endanger China’s national security.
- It specifies requirements to safeguard data gathered during network operations.
- It sets a broad range of consequences and fines for businesses that don’t comply.
Since 2021, the government has implemented other cybersecurity and data protection regulations, including the Data Security Law, the Personal Information Protection Law, the Network Security Review Measures, and the Key Information Infrastructure Security Protection Regulations.
The cybersecurity market in China has a wide margin of growth. As businesses become more conscious of the importance of cybersecurity, players in the market are implementing a variety of strategies, such as collaboration, investments, and new product introductions.
The Chinese cybersecurity market can be segmented based on the type of products offered, the way of deployment (cloud and on-premises), and final users – banking, financial services, insurance, healthcare, manufacturing, government and defense, and IT and telecommunication.
Although China’s cybersecurity market is still relatively decentralized, industry concentration keeps improving. With the upgrading of network information technology, in view of the increasingly complex network environment and actual needs, cyber security technology is becoming more diversified, personalized, and evolving intelligent capacity, which puts forward higher requirements for product research and development of network security enterprises. Network security providers are now collaborating with manufacturers with certain technical strengths and brand awareness, bringing about a higher market concentration.
Although the Chinese market composition is very fragmented, several key players have gradually emerged. In November 2021, Palo Alto Networks released its next-generation Cloud Access Security Broker (CASB), which employs machine learning (ML) to increase the security of collaboration and SaaS applications. To provide capabilities like automated application discovery and improved data loss protection for sensitive data, the company claims that its next-generation CASB platform uses ML and AI.
A new generation network security analysis and management platform were released in July 2021 by Chaitin Future Technology Co Ltd, an Aliyun-affiliated provider of network security solutions, to combat network threats in the contemporary period. The platform reviews the businesses’ security situation and helps them realize unified data analysis, data processing, and secure operation standardization and automation.
ThreatBook, a Beijing-based provider of security threat intelligence, disclosed in March 2022 that a round of fundraising totaling over RMB 300 million (US$41.39 million) had been successfully concluded. Another stakeholder, Star Road Ventures, assisted CDH Investment in completing a transaction of over RMB 800 million (US$110 million). After this round of funding, ThreatBook plans to continue increasing its investment in product R&D, market expansion, and aiding enterprise customers in modernizing their security operations in China.
Innovative players and products
Below are some of the most popular and cutting-edge cybersecurity companies headquartered in China according to Cybersecurity Ventures (2020):
- Antiy Labs: Beijing-based Antiy Labs is the creator of the next-generation antivirus engine. A top vendor offering the best-in-class antivirus engine and cutting-edge antivirus services to combat PC malware and mobile malware, with six research centers.
- Bangcle: Top provider of IoT and mobile application security services and solutions
- Beijing Zhizhangyi Science & Technology Co., Ltd: Market leader in business mobile security solutions. Its client portfolio includes thousands of top businesses in the financial, manufacturing, government, military, aviation, education, healthcare, and other high-tech sectors. This company is now extending into its security situational awareness platform to achieve big data visualization and display product benefits.
- Bluedon: A key player in the Chinese information security market, it provides clients from a variety of industries with one-stop information security solutions thanks to its four-in-one business model of linkage development, which includes security products, security solutions, security services, and security operations.
- BUGBANK: Is a proponent of open security and a network security brand owned by Shanghai Muler Network Technology Co., Ltd. Vulnerability In order to gather, examine, address, and keep track of the most recent Internet vulnerabilities (including zero-day exploits), BUGBANK works with international network security specialists.
- DBAPP Security, Ltd: A pioneer in the fields of cloud computing, big data, smart cities, mobile internet, web application security, and database security.
- H3C: A market leader in digital solutions dedicated to being our customers’ most reliable partner for business innovation and industrial modernization.
- i-Sprint: Leading provider of identity and transaction security in the digital sphere that enables people, businesses, and communities to develop identity assurance and trust for boosting productivity through digital identification and identity of things (IDoT).
- QIANXIN: An integrated company that offers the public sector and businesses new-generation security goods and services.
- Threatbook: Leading provider of security threat intelligence in China. Since its founding in 2015, ThreatBook has protected millions of Chinese computers with its intelligence and services. Customers include Fortune 500 companies and Chinese unicorns.
Development prospects: China’s cybersecurity market potentials and challenges
The rapid development of the Internet has brought about changes in the global economy and technology. At the same time, cyber threats are emerging one after another, and cyber viruses are a serious threat to national security and the cyber security of enterprises, institutions, and individual users. Countries around the world attach great importance to cyberspace security as it is essential to the development of the Internet ecosystem and digital economy.
China’s IT industry is on the rise, and more and more Chinese companies are entering the international market. As a result, the country’s cybersecurity industry, which is an important support for Chinese national strategy in terms of security, is also entering a critical period of introducing innovative products, technologies, and talents.
In terms of key considerations of the market landscape for foreign stakeholders – China presents a relatively weak situation in terms of the upstream chip, operating system, database, middleware, and other technical foundations. Moreover, investing in information security does not produce direct economic benefits for companies, so customers currently are predominantly government departments and telecommunications, finance, energy, and other highly information-based and information-sensitive industries.
At present, China’s network security industry chain has gradually improved, and there are enterprises that provide both products and services. Moreover, cybersecurity in China is being gradually prioritized in emerging application scenarios, such as cloud computing, industrial Internet, and the Internet of Things (IoT). Foreign entities willing to invest in this sector can take advantage of such considerations, providing services and products, particularly in those fields where Chinese capabilities lag.
China Briefing is written and produced by Dezan Shira & Associates. The practice assists foreign investors into China and has done so since 1992 through offices in Beijing, Tianjin, Dalian, Qingdao, Shanghai, Hangzhou, Ningbo, Suzhou, Guangzhou, Dongguan, Zhongshan, Shenzhen, and Hong Kong. Please contact the firm for assistance in China at [email protected].
Dezan Shira & Associates has offices in Vietnam, Indonesia, Singapore, United States, Germany, Italy, India, and Russia, in addition to our trade research facilities along the Belt & Road Initiative. We also have partner firms assisting foreign investors in The Philippines, Malaysia, Thailand, Bangladesh.