"Alibaba Group defeats around 300 million cyberattacks per day," said founder Jack Ma.
► These days, cybersecurity-related incidents are occurring more frequently on a global scale.
► Compared to that of the United States, the Chinese cybersecurity industry presents a vast pool of commercial opportunities – the sector is projected to grow at a 20.65% CAGR over the next 5 years.
► The key demand drivers are the Chinese government's tech development push, higher IT penetration rate and the ubiquitous digital transformation in the corporate sector.
► Major domestic brands in China are amassing in the market, with many of them using an identical sales model.
A small bite of cybersecurity
The Internet emerged as a tool of sharing information between different research bodies with few security concerns. As a result, it has some intrinsic features – such as packet switching, lack of authentication or traceability, best-effort services and so on – that can be regarded as flaws inviting attacks from criminals. It turned out to be less 'safe' than was originally predicted.
The history of cybersecurity begins in the 1970s, with major attacks in the form of collecting and intercepting information starting to happen. Currently, attacks can be categorized into active and passive attacks.
Active attacks: the perpetrator attempts to affect machine operation through attacks like Denial-of-Service (DoS: temporarily disrupts the host from connecting to the Internet), Brute force attacks (guesses usernames and passwords to reach sensitive personal data).
Passive attacks: collecting and using information from a computer without affecting system resources. For instance, surveillance, backdoor access and data scraping.
One primary reason for the increasing volume of cybercrime is the complicated information technology infrastructure. Concepts like big data, the mass transition to cloud and more terminals increase exposure to risks. During the pandemic, according to Cloudware, Internet threats boosted by around six-fold over the period.
Cyberattacks in China
In China, distributed denial-of-service (DDoS) is the most common type of attack, thanks to its low technical barrier. Attackers use loopholes, brute-force attacks or phishing to capture servers, then hack more office terminals. Other than that, the use of pirated software, patcher mods, game plug-ins and other irregular behaviors also raise the risk level. Besides, some hackers target the growing usage of the cloud, achieving virtual machine escape (attacker runs code on a Virtual Machine that allows an operating system running within it to break out and interact directly with the hypervisor) or cloud resource abuse.
Industry overview
The Chinese Internet security industry will accelerate its growth in the next five years. According to IDC's figures, China's cybersecurity expenditure is expected to rise at 20.6% CAGR, to hit USD 16.7 billion in 2024. Unlike that of the United States', in China the sector mainly consists of hardware revenue. Besides, the founder of Qi An Xin (688561:SH) Qi Xiangdong, claimed that the market in 2030 will reach CNY 600 billion, ten times larger than it was in 2019.
Sector tailwinds
As China claims to be building a robust Internet sector, relevant policies and stimuli for niche industries like cybersecurity have been implemented in recent years. In 2014, the central Cybersecurity and leadership team (Chinese: 中央网络安全和信息化领导小组成立) was launched, requiring the government and state-owned enterprises (SOEs) to shift to informationalization. Since then, the roadmap of China's cybersecurity industry has come out. More recently, we believe the upcoming 16th five-year plan might place cybersecurity in a more significant position.
We also expect the penetration rates to increase modestly in the next few years. The main reasons are security concerns and promotion. More hacking incidents happen every day and cost the bulk of the money to make the IT environment on track. Due to information disclosure rules, many companies in China choose to solve the problem privately by paying. Others, some brands and associations are building their awareness through advertisement. For example, Qi An Xin promotes itself as the 2022 Beijing Winter Olympic sponsor. The third week of September is the Chinese Cybersecurity Week since 2014.
Last but not least, the IT infrastructure of firms is getting more complicated as advanced technology is created and deployed. Cloud computing, big data, the Internet of Things (IoT) and Artificial Intelligence (AI) are applied in various ways where the 'edge' of the Internet expands ever wider, increasing the exposure to risks.
Market competition
China's Cybersecurity market used to be shared by some foreign and domestic competitors. As the primary demand is from the Chinese government and SOEs, due to the PRISM program, they have gradually banned international cybersecurity brands since 2015. At that time, Symantec (NLOK:NASDAQ) owned 26.5% of the market share. It got kicked off and its market share dipped down to 5.6% in 2019. Qi An Xin, a top domestic brand, has snatched to 23.5% of market share over the same period, holding the most significant market share for now.
Currently, the competitive landscape is centralized on several players, including Sanford (300454:SZ), DAS-SECURITY (688023:SH), Hillstone (688030:SH), Qihoo 360 (601360:SH).
Direct sales and partnership sales are two primary models in software companies. As a significant portion of orders placed by the Chinese government, public security, procuratorate, army and other government bodies, they have special requirements for safety, direct sales can provide tailored solutions. On the other hand, partnerships can make the company reach out to potential clients where security companies cannot be. It also lets IT security services be in a big joint project. For example, it can be included in a telecom firm's one-stop Internet connectivity solution package. In all, partnerships prevail as the sales trend toward outsourcing.