The Driver Behind Network Security Spending in Asia-Pacific

By Cindy Payne, Managing Director
Asia-Pacific Connections Pte Ltd

May 2002

According to research leader International Data Corporation (IDC), the Asia-Pacific network security market (excluding Japan) reached US$264.3 million in 2001 and is expected to grow by 29% to reach US$340.9 million by the end of 2002. The growth this year is primarily driven by sales in firewall appliances, followed by investments in separate secure servers, data encryption tools, intrusion-detection applications, tokens, smart cards and biometrics. In 2001-2002, India is expected to be the region's fastest-growing market for network security solutions with an 80% growth rate, followed by China with 45% growth, closely shadowed by Australia, Korea and Singapore.

IDC noted that in 2000, the average company in Asia-Pacific spent a meager US$18,500 on security measures to protect their Internet and network infrastructure. The government, education and health care service sectors led the region in Internet and network security spending, averaging US$30,000 per organisation, followed by the finance, telecom and utilities sectors spending US$28,000 per organisation. The manufacturing, services and distribution entities spent the least, averaging US$13,000 per organisation in Internet and network-security investment.

Government IT spending in Asia-Pacific is surging as governments increase spending on e-government initiatives to drive more efficient processes, improve public service, cut costs and increase security measures. The importance of security within the e-government frameworks across the region is reflected by a myriad of new security and privacy initiatives introduced to secure operating environments.

But there seems to be a difference between prioritising security and implementing appropriate security policies in Asia-Pacific enterprises. In a recent study by CMP Worldwide, 71% of the enterprises surveyed had security as a top corporate priority, whilst only 38% actually implemented the intended security policies.

IDC reports that the fundamental drivers behind the adoption of network security-solutions in Asia-Pacific enterprises are the increased use of the Internet and the implementation of e-commerce initiatives. These initiatives forced enterprises to open a substantial portion of their network infrastructure to the public to accommodate the sharing of information and resources. The resulting vulnerability to external threats and potential internal sabotage is driving the deployment of integrated Internet-security solutions, including vulnerability management solutions, firewalls and virtual private networks (VPN), anti-virus and content filtering software, intrusion detection and web access management tools.

IDC forecasts that Asia-Pacific (excluding Japan) B2B e-commerce will be worth US$516 billion by 2005. 45% of these B2B e-commerce transactions will be conducted through e-marketplaces, where suppliers can save on cost of goods and buyers can save on procurement. With this major shift in purchasing patterns, security is no longer just insurance against an attack, but a critical component of any enterprise's infrastructure.

Network-security attacks – including denial of service attacks, website vandalism, network probes, password cracking, sniffing, buffer overflows, hostile ActiveX and JAVA applets, intrusion through back doors and Trojan horses – no longer just disrupt an enterprise's internal operations. In the e-commerce arena, they can also potentially damage partners, customers and buyers, causing a loss of goodwill and potential revenue. In many cases, a company's greatest asset is content (information or data). The ability to use technology to secure, whilst enabling greater access to, corporate content both deepens and stabilises relationships. "Trusted relationships" with customers, partners, suppliers and channels can yield numerous benefits, such as higher transaction rates with greater scalability, lower cost per transaction and transference of personnel from low-value interactions to high-value personalised service.

According to IDC, the anti-virus software market in Asia-Pacific (excluding Japan) will grow from US$137 million in 1999 to US$451 million in 2004. Unauthorised access to information and unauthorised modification of data or terminal configurations are amongst some of the most frequent security breaches within the region. Roughly 50% of all security breaches discovered involve individuals from within the enterprise in question or individuals who were familiar with the enterprise. In 2001, as the recession deepened and unemployment rose, enterprises saw a greater need to invest in IT-security solutions and began to proactively protect themselves from both internal, as well as external viral threats.

IDC forecasts that Asia-Pacific firewall/VPN security-appliance revenue will reach US$522.7 million by 2005, growing at a compound annual growth rate (CAGR) of 38%. After the September 11 attacks in the United States, companies in Asia-Pacific are acutely aware of the importance of business-continuity and disaster-recovery planning. Gartner Group says that the market for disaster-recovery and business-continuity planning in Asia-Pacific was worth US$360 million in 2000 and is now growing at a CAGR of 30%.

Enterprises across Asia-Pacific have traditionally been slow to adopt network security solutions, considering security a "nice-to-have" but not a necessity. Post-September 11, attitudes within Asia-Pacific towards IT security have changed dramatically. Both governments and enterprises are rapidly deploying network security solutions in an attempt to guard against external threats and internal sabotage. Enterprise applications like mobile commerce, e-commerce, enterprise relationship management, supply chain management, enterprise resource planning, e-learning and e-marketplaces are not only huge IT growth opportunities within Asia-Pacific, but are also driving spending on security – to protect transactions, content and session integrity, and customer goodwill.