China’s cybersecurity industry: a market analysis (part 2)

China’s cybersecurity industry: a market analysis (part 2)

Beijing, Nov. 2, 2022

China’s regulation of cybersecurity

Cybersecurity is fast becoming synonymous with national security and state sovereignty in China. To narrow the gap with the U.S. and EU and improve the country’s overall security and defense capabilities, the Chinese government has enacted several regulatory measures.

Beijing’s three-year cybersecurity plan is also a cyber defense strategy,. The national 14th Five-Year Plan calls for strengthening cybersecurity systems and capacity building, data resources, and networks and information systems in key sectors.

As a result, China’s cybersecurity market is expected to grow at a compound annual growth rate (CAGR) of about 12.4 percent through 2027.

Factors driving the increasing demand for cybersecurity

In the digital age, Chinese companies are responsible for an ever-increasing number of information and data transactions. These companies are currently the main targets of cyberattacks, and due to organizational system weaknesses, the loss of important data often occurs. Internet users in China suffered financial losses of up to RMB 91.5 billion (US$12.62 billion) between 2016 and 2017 due to loss of personal data, fraud, spam emails, and other similar issues.

Another factor is the speed at which Internet coverage and speed is being expanded. One example is the Broadband China Project, which aims to provide 95 percent of the urban population with access to controlled high-speed broadband networks. In addition, China’s State Council plans to invest US$22 billion in expanding broadband network infrastructure in the country’s rural areas. This investment aims to provide improved Internet services to about 30 million households and covers about 50,000 villages.

Finally, there are a million-fold number of smartphone users in China. Various applications that collect sensitive personal data are deployed on these smartphones: Online transaction processing apps and social networks make the Internet a highly vulnerable place where users‘ data is exposed to cyberattacks.

Cybersecurity tools are therefore essential for managing and protecting individuals‘ and businesses‘ data online, which is driving demand for cybersecurity products in China.

Cloud – based solutions are in high demand

Enterprises are aware of the benefits of moving their data to the cloud instead of creating and maintaining new data storage facilities. This is driving demand for cloud-based solutions and, in turn, the use of on-demand security services.

These benefits are driving large enterprises and small and medium-sized enterprises (SMEs) in China to increasingly adopt cloud-based solutions. Cloud platforms and ecosystems are predicted to catalyze a rapid increase in the volume and scope of digital innovation in the coming years.

In 2021, 143,319 information system vulnerabilities were documented by MIIT’s cybersecurity threat and vulnerability information sharing portal. 86,217 of them were classified as „medium risk“ and 40,498 as „high risk.“

At the same time, China Telecom, China Mobile and China Unicom reported 753,018 distributed denial of service (DDoS) attacks in 2021, down 43.9 percent from 2020. The number of cybersecurity threats and vulnerabilities reported to the MIIT portal was 88,799 in 2021, a 60.9 percent decrease from the same period in 2020.

In December 2021, the MIIT ended its partnership with Alibaba’s cloud unit and several other information-sharing platforms over cybersecurity threats. These actions demonstrate Beijing’s determination to tighten control over vital data and cyberinfrastructure for national security. China’s state-owned enterprises (SOEs) have also been ordered to transfer their data from private operators.

Increase in cybersecurity incidents.

Cybersecurity incidents have surged in China as digitization becomes more prevalent in businesses and related technology is used as part of corporate operations. Thanks to 5G networks, Chinese devices are now more connected than ever before.

According to the China Internet Network Information Center (CNNIC), in December 2021, Internet users reported having no cybersecurity issues 62 percent of the time – a figure that remained unchanged from December 2020.

In addition, 22.1 percent of Internet users were affected by personal data leakage, 16.6 percent were affected by Internet fraud, 9.1 percent of users reported that their devices were infected with viruses, and 6.6 percent of users reported that their accounts or passwords were stolen.

China’s regulation of cybersecurity

To focus on protecting networks and data in China, the government issued the country’s first cybersecurity law in 2016, which took effect in 2017. To bring the law in line with the various laws that have subsequently been enacted, several amendments to the Cybersecurity Law were published in September 2022. The law now includes the following:

– Network operators must comply with basic privacy and cybersecurity requirements, such as Multi-Level Protection Scheme (MLPS) standards.

– It provides critical information infrastructure (CII) operators with a framework for regulation.

– It provides for pre-sale certification standards for essential network equipment and network security assets. It creates a process for assessing the cybersecurity of network products and services that could threaten China’s national security.

– It establishes requirements for protecting data collected during network operations.

– A wide range of consequences and fines are set for companies that do not comply.

Since 2021, the government has issued other cybersecurity and data protection regulations, including the Data Security Law, the Personal Data Protection Law, the Network Security Review Measures, and the Critical Information Infrastructure Protection Regulations.