China Cybersecurity: Safeguarding a Digitalizing Economy

By: Celia Qiu

Investment Analyst

As China continues to evolve into a digital economy with fast adoption of new technologies such as 5G, cloud computing and the growing number of new applications, network vulnerabilities have been growing in tandem. Cyber-attacks, which hamper the robustness of the entire online ecosystem and compromise data and identity integrity, are increasingly pervasive. According to Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC), the total number of cyber security breaches has risen in the past few years. In addition, enterprises are facing challenges of more sophisticated cyber threat technologies.

In this article we’ll take a closer look at China’s cybersecurity industry, key technology trends and major participants.

Since the establishment of Central Leading Group for Cyberspace Affairs in 2014, Chinese government has been proactively rolling out regulations to promote the growth of cybersecurity spending. In Dec. 2019, MLPS 2.0 (Multi-Level Protection Scheme), a regulatory framework that specifies security protection standards for enterprises and governments was issued. MLPS 2.0 classifies information security risks into five levels, ranging from threats to individual interests, to threats to national safety, and set requirements for each level.

With the temporary impact from Covid-19 on IT spending largely behind, we expect growth of China cybersecurity industry to reaccelerate in 2021, reaching US$9.5bn (+20% yoy vs. +11% in 2020) (Source: IDC, Jan. 2021) . We remain optimistic of the long-term growth at 15-20% per annum (IDC, Jan. 2021). The market is expected to grow to US$14bn by 2023E (IDC, Jan. 2021), primarily driven by 1) the government authorities’ increasing focus on combating cybersecurity attacks, 2) rising awareness of enterprises to protect digitalized assets from potential losses, and 3) a more complicated IT structure and malicious online environment.

However, compared to the United States, China’s cybersecurity spending is lagging. We believe the gap between US and global average is still quite large, which implies significant market potential going forward.

Key Technology Trends

In 2020, hardware (key areas include firewall, UTM (Unified Threat Management), IDS/IPS (Intrusion Detection Systems/Intrusion Prevention System), etc.) still contributed ~53% (IDC, Jan. 2021) of total cybersecurity spending in China, mainly because of on-premise IT deployment for customers in financials, manufacturing and other industries. As more IT workload moves onto cloud, cybersecurity software products are set to grow at a faster pace, and renders emerging technologies such as security analytics, identity management (zero trust), endpoint security, etc.

  • Zero Trust: Nowadays the physical boundaries between internal and external IT environment become blurrier. In fact, hackers now usually hack into internal employee’s computer system through cloud or external links, and they could access all the data and files from inside. This has prompted the emergence of Zero Trust Technology (Architecture).

Zero Trust Security is an IT security model that requires strict identity verification for every person and device trying to access resources on a private network, regardless of whether they are sitting within or outside of the network perimeter. No single specific technology is associated with zero trust architecture; it is a holistic approach to network security that incorporates several different principles and technologies.

  • Network Security Situation Awareness (NSSA): Cybersecurity situational awareness refers to a proactive understanding (from passively defending phase) of the cyber threat environment within which it operates, associated risk and impacts, and the adequacy of its risk mitigation measures.

Major Cybersecurity Companies

Qi An Xin: Qi An Xin Group was founded in 2014 and specializes in serving the cybersecurity market by offering next-generation enterprise-class cybersecurity products, services and hardware associated with network security solutions for government and enterprises.

The company has been aggressively investing in R&D to develop a comprehensive product portfolio covering cloud, network and terminals. Qi An Xin is a pioneer in new security fields, including zero trust, big data analytics, and others which should be the long-term growth driver for the company.

Sangfor: Established in 2005, Sangfor Technologies is the leading cybersecurity and cloud computing technology vendor in China. The company offers two sets of products: 1) cybersecurity, and 2) HCI (hyper converged infrastructure).

Sangfor has built a track record of consistently expanding its boundary through a series of successful product launches. In the past 20 years, it has transformed from being a single-product virtual private network (VPN) player to a comprehensive cybersecurity platform, and now to a significant player in the private cloud and basic IT space.

Venustech: Venustech is a cybersecurity veteran and has strong relationship with the government, SOEs, and military customers. The company also has a strong track record in providing security operation services, and it is the earliest supplier in China’s SOC (Security Operating Center) market.