China’s Cybersecurity Industry: growing opportunities due to digitalization and favorable policies

Cybersecurity, also referred to as information technology (IT) security, is the practice of protecting internet-connected systems including hardware, software, and sensitive data from cyberattacks whether they come from within or outside of a company. As the world is turning digital, cyberthreats are increasingly becoming more prevalent. Consequently, the demand for cybersecurity is also growing, with a huge opportunity in the Chinese market.

The increasing cost of cyberattacks is boosting the global cybersecurity industry

The global cybersecurity industry revenue is expected to reach US$173.5 billion this year and is estimated to have an annual growth rate of 10.90% (CAGR 2023-2027). Security services lead the revenue by a small percentage, taking 54.4% of the industry’s revenue in 2022 and 52.6% in 2023. The United States is expected to be the largest market by revenue in 2023: US$69.65 billion, accounting for 40.14% of the global revenue that year.

Global cybersecurity industry’s revenue
Graph source: Statista, designed by Daxue Consulting, Global cybersecurity industry’s revenue from 2018 to 2027E, by segment

As the world is turning digital, the cost of cybersecurity attacks also increased significantly throughout the years. In 2023, the world is estimated to lose US$11.5 trillion, an increase of around 1,337% from US$860 billion in 2018. Therefore, it is no surprise that the average spending per employee in the cybersecurity industry also increased by approximately 236.6% from US$5,190 in 2018 to US$12,280 in 2023.

cost of cybercrime worldwide
Graph source: Statista, designed by Daxue Consulting, Estimated cost of cybercrime worldwide from 2018 to 2027E

Policy changes and COVID-19 are among the factors influencing the growth of China’s cybersecurity market

China’s cybersecurity industry is projected to reach US$15.6 billion in 2023 and US$26.65 billion in 2027, a CAGR of 14.33%. China is estimated to account for around 9% of the global cybersecurity market’s revenue in 2023.

China’s cybersecurity industry’s revenue
Graph source: Statista, designed by Daxue Consulting, China’s cybersecurity industry’s revenue from 2018 to 2027E, by segment

The cost of cyberattack in China is predicted to reach US$1.24 trillion in 2023, indicating an 885.7% increase from US$140 billion in 2018. Moreover, the loss is estimated to increase at a rate of 28.11% (CAGR 2023-2027).

china's cybersecurity industry:  Estimated cost of cybercrime
Graph source: Statista, designed by Daxue Consulting, Estimated cost of cybercrime in China from 2018 to 2027E

In China’s cybersecurity market, security services remain the most fragmented section of the midstream due to lower entry thresholds. Moreover, products and hybrid solutions have a higher market concentration.

China’s cybersecurity industry
Infographic source: designed by Daxue Consulting, China’s cybersecurity “exploration and production” overview

The substantial growth observed in China’s demand for cybersecurity can largely be attributed to a combination of four main factors: favorable policy change, downstream market maturation, technical advancements, and sporadic influences (e.g., COVID-19, hacking incidents, etc.). Market maturation coupled with developments in hardware and software has contributed to stable long-term growth.

A jump in demand for software between 2020 and 2021 was partly spurned by the increase in the number of cases of employees working from home, which lead to the rapid growth of China’s cloud infrastructure and demand for cloud security. On the other hand, policy change has led to substantive growth in the service sector, as firms urgently required professional assistance in meeting and navigating new legal standards.

China’s B2C cybersecurity industry mainly revolves around virus protection with Trojan Virus being the most common type

According to Rising, one of the most famous anti-virus vendors in China, its cloud security system intercepted a total of 119 million virus samples and 250 million virus infections in 2021.

Of 119 million of the viruses intercepted by Rising, Trojan Virus is responsible for most of the cyberattack in China, accounting for 80.5 million viruses or 67.49% of the total virus intercepted. Worm Virus follow suit, with 16.52 million or 13.85%.

Viruses in China in 2021
Graph source: Rising, designed by Daxue consulting, Viruses in China in 2021, by category

Windows users are the primary source of demand for anti-virus software

Among 1,051 billion Chinese Internet users, 65.9% of them use desktops or laptop computers to access the Internet as of June 2022. Based on the desktop OS market share in China in December 2022, we can see that an overwhelming number of Chinese used Windows as their OS, with 86.84% while MacOS only took 4.88% of the market share.

Despite the built-in antivirus software installed on Windows, Windows Defender, almost all Windows users in China have installed third-party antivirus software such as 360 and computer manager. This suggests that there is a huge market demand and potential for third-party antivirus software providers.

On the other hand, MacOS is known for its comparatively lower risk of virus infection when compared to Windows. However, the number of malwares targeting MacOS is rapidly increasing from 2019 to 2021. This could indicate that the demand for third-party antivirus software from MacOS users would also increase with time.

Desktop OS market share in China
Graph source: Statcounter, designed by Daxue Consulting, Desktop OS market share in China in October 2022

In China, foreign antivirus software mostly require subscription. Meanwhile, domestic antivirus software is mostly implementing a freemium model as they generate their revenue from advertisement. Users who use computers heavily and are more concerned about the security performance of their devices will naturally have higher requirements for antivirus software and more knowledgeable about various antivirus technologies. Therefore, they have higher willingness to pay for antivirus software and to avoid the hassle of ads and pop-ups.

The public sector is the largest B2B consumer of China’s cybersecurity industry

The public sector makes up nearly a third of China’s cybersecurity market, a trend that is expected to stay. Overall, government contracts made up over a quarter of all cybersecurity business in 2021 with a 2% year-on-year growth.

Growth has somewhat stagnated in certain verticals, including manufacturing and energy which declined by 2%, due to the impacts of COVID-19. As China continues to ease COVID measures throughout 2023, such industries are expected to rebound. Segments such as transportation, finance, healthcare, telecom, and education (in particular higher education and vocational schools) are projected to have significant growth in the coming years.

china's cybersecurity industry
Graph source: China Cybersecurity Industry Alliance, designed by Daxue Consulting, Estimation of China’s cybersecurity client segment share by volume in 2020

QiAnXin Technologies is leading the revenue market share in China’s cybersecurity industry

Domestic players have varying degrees of geographical advantages owing to regional brand reputation and success cases. North China held the largest market size due to high concentrations of government entities, as well as Chinese central State-owned enterprises in 2020. Meanwhile, East China was the fastest-growing segment. Leading cybersecurity players in China are highly specialized in terms of products and services.

top 7 cybersecurity players in China
Graph source: China Cybersecurity Industry Alliance, designed by Daxue Consulting, Top 7 cybersecurity players in China based on revenue in 2021

Cyberattacks occurring among China’s industry giants further increased government scrutiny on the segment

More than 282,000 cybercrime cases involving a total of 282 different offenses were handled by China’s courts between 2017 and 2021, with fraud such as phony loans, impersonation, and bogus employments accounting for the biggest percentage (36.53%). More than 660,000 defendants were involved in cybercrime cases within the same time period, with an average of 2.4 defendants per case nationwide.

The target of cybercrimes is not only normal Chinese citizens. Leading companies in China also experienced cyberattacks which resulted in millions of user data leaks and trafficking.

WeChat & QQ user data leak incident

364 million users’ information on popular Chinese social messaging networks, WeChat (微信) and QQ, was leaked in March 2019. The stolen information contained different types of user data, including Chinese citizen ID, user images, addresses, and GPS location data along with personal messages.

As per the report from the Financial Times, the ID cards (身份证) and other personal data of 300 million Chinese users could be accessed online with only the IP entered. The cybersecurity investigation initiated by Victor Gevers has discovered that the stolen data was distributed to over 17 different servers after being accessed.

Weibo user data trafficking incident

As many as 538 million users’ information from the Chinese most popular social network, Weibo (微博), was exposed and sold online in the summer of 2019. The incident became known after the hacker breached the company’s user database that stores the real names, site usernames, gender, location, and phone numbers.

In its statement, Weibo said that since user passwords were not stored in plaintext, the users should not be concerned. The company did not, however, explain how the hacker was able to access additional detailed user information from an SQL database which was neither made public nor returned by the API when matching contacts.

Alibaba data breach incident

A massive 1.18 billion pieces of user data including usernames, mobile numbers, and other personal data were leaked in June 2021. Cyber experts confirmed that the data of Chinese citizens were stolen from the Shanghai National Police network which was stored on Alibaba’s cloud servers by the Shanghai Police. The data was left unsecured online for almost 14 months without a username or password guarding the access.

For foreign cybersecurity companies, the current policy creates favorable conditions for them to succeed

The Chinese government has started to increase cybersecurity requirements through its policies such as Multi-level Protection Scheme (MLPS), Cybersecurity Law (CSL), Critical Information Infrastructure (CII), important data protection, and personal data protection.

Despite these policies, national security concerns may create entry barriers for foreign companies. For instance, important data most commonly refers to government demographic data or data on key industries. As these are sensitive national information, foreign cybersecurity firms might face additional challenges during bidding compared to domestic cybersecurity companies.

China’s cybersecurity industry
Infographic source: MERICS and Canada Trade Commissioner Service, designed by Daxue Consulting, Overview of China’s cybersecurity policies

China’s cybersecurity industry: fierce competition but tremendous opportunities

  • China’s cybersecurity market is expected to reach US$15.6 billion in value in 2023 and grow with a CAGR of 14.33%. (2023-2027). In the same period, the cost of cyberattack in China is estimated to increase at a higher rate: 28.11%.
  • The main factors that influence the substantial growth of China’s cybersecurity industry are a favorable policy change, downstream market maturation, and technical advancements.
  • The public sector, especially government contracts, is the largest consumer in China’s B2B segment of the cybersecurity industry.
  • The top cybersecurity companies in China have specialization in products and services. QiAnXin Technologies is taking the largest market share in 2020 with 9.5%.
  • Many data breach incidents involving industry giants in China such as WeChat, QQ, Weibo, and Alibaba have increased government scrutiny on cybersecurity.
  • Policies implemented in China construct favorable conditions for foreign cybersecurity companies to succeed in the B2B segment. However, foreign companies may experience barriers due to national security concerns.

Author: Regina Sukwanto