The advent of the Internet of Things (IoT) has emphasized the importance of cyber-security, as objects are being increasingly connected through networks and ICT is being applied across industries. As the world has recognized the importance of information security after experiencing crisis in social infrastructure in the wake of ransomware like Wannacry and Petya in 2017, an effort to strengthen security has been underway.
Korea is not an exception, with its well-established IT infrastructure that is developed enough to launch a 5G service for the first time in the world. The information security market has continued to grow, driven by the increasing demand for information security and investment by companies.
Status of Korea’s Information Security Industry
The information security industry can be defined as an industry associated with developing, producing, or distributing products related with information security, or consultancy on information security. Depending on the technologies applied and the nature of products, the industry can be further divided into information security, physical security, and convergence security.
Total sales of domestic information/physical security industry was about KRW 10 trillion in 2018, 5.3 percent up from the previous year. In detail, sales in the information security industry increased to KRW 3.003 trillion in 2018, up 9.4 percent from KRW 2.7449 trillion in 2017. Sales in the physical security industry rose to KRW 7.0864 trillion in 2018, 3.6 percent up from KRW 6.8408 in 2017. As shown in the table below, the domestic information security industry has continued to record a decent growth rate since 2015. The average growth rate of the information security industry is 14.8 percent, more than twice that (6.3 percent) of the physical security industry.
<Table 1> Status of Information Security Industry Sales
(unit: KRW 1 M, %)
|Information security||Physical security||Combined|
|Sales||Growth rate||Sales||Growth rate||Sales||Growth rate|
The information security industry can be largely divided into: system development for information security including network security and system security; and services of information security including security consultation and security control. Breaking it down by the sources of demand, 40.7 percent of sales of information security system development comes from general companies, while public institutions account for 38.5 percent, followed by financial institutions (20.8 percent). In the case of information security services, 44.6 percent of sales are generated by general companies, followed by public institutions (38.7 percent), and financial institutions (16.7 percent).
<Table 2> Status of Sales by Sources of Demand
(unit : %)
|Source of Demand|
|Information security system development||38.5||20.8||40.7||100.0|
|Information security service||38.7||16.7||44.6||100.0|
The physical security industry also can be classified into system development for physical security and physical security services. Breaking it down by sources of demand, most of the sales come from general companies (60.1 percent), followed by public institutions (31.6 percent), and financial institutions (8.3 percent). When it comes to physical security services, general companies account for largest share (58.8 percent), followed by public institutions (30.7 percent), and financial institutions (10.5 percent).
<Table 3> Status of Sales by Sources of Demand
(unit : %)
|Sources of Demand|
|Physical security system development||31.6||8.3||60.1||100.0|
|Physical security services||30.7||10.5||58.8||100.0|
For both information security and physical security industries, general companies account for the largest part in terms of the sources of demand, while the public sector also occupies more than a third of the total. In the physical security industry, general companies are dominant with the financial sector remaining tiny. In contrast, in the information security industry, the share of general companies and the public sector appear to be similar, with the financial sector also accounting for above 20 percent. All in all, regarding the demands for information security products and services in Korea, it is the public sector that has a relatively higher demand for both information security and physical security. By comparison, companies have higher demand for physical security than information security, and it is the other way around for the financial sector.
When it comes to the number of information security companies, there were 464 information security companies in 2018, and 549 physical security companies, totaling 1,013. This figure is 12.9 percent up from the previous year of 897 companies, signaling more room for scale-up of the industry. By type of information security company, there were 614 general companies (60.6 percent), and 399 startups (39.4 percent). This indicates the presence of promising companies with technological prowess and a business portfolio in the information security sector, considering that startups are those the government reckons the need for support based on their relatively higher technological capabilities and growth potential.
<Table 4> Status of Information Security Companies by Type
(unit : No., %)
|Information security||Physical security||Combined|
|No. of companies||Share (%)||No. of companies||Share (%)||No. of companies||Share (%)|
Information Security Industry Promotion Policies
The government has consistently supported enhancing competitiveness and market expansion of the information security industry through such actions as “K-ICT Security Development Strategy” (April 2015), “Act on Information Security Industry Promotion” (June 2016), “1st Information Security Industry Promotion Plan,” and the “Comprehensive Plan for Information Security in the Private Sector” (January 2019).
While the promulgation of the Act on Information Security Industry Promotion laid the foundation for the promotion of the information security industry, the Information Security Industry Promotion Plan has been implemented with a focus on ▷Strengthening competitiveness by encouraging establishment of businesses, ▷Creating a new information security market and expanding investment, ▷Expanding market from domestic-oriented to global one, and the ▷Establishment of ecology for continued growth.
The comprehensive information security plan announced by the Ministry of Science and ICT recently set such tasks as the ▷Foundation of fair and reasonable market conditions, ▷Establishment of an environment for the growth of information security companies, ▷Creation of a new convergence security market, and the ▷Push for an expansion of the global market; demonstrating the government’s efforts to hone the industry’s competitiveness.
Outlook of Information Security Industry
Based on the current status illustrated above, it’s time turn to the prospects for Korea’s information security industry going forward. First of all, the industry is highly likely to keep expanding. As shown in Table 1, the information security industry has continued to grow since 2015, surpassing the KRW 10 trillion mark in 2018. The number of companies involved in the information industry has consistently gone up. The government also wrote down laying the foundation for information security market, and support for global expansion in various measures, implying its active support for long-term growth of domestic information security market.
Secondly, the service sector, rather than the system development sector, is likely to drive the growth of the information security market in the future. This corresponds to the global trends in which major enterprises in the global market are moving towards a total solution service covering all areas of security, capable of comprehensively managing vendors. Major companies in Korea are also expected to launch and expand total solution services through M&A, in line with global trends. In particular, a cloud-based total solution service is likely to grow in keeping with an increasing cloud usage, accelerating the market expansion of the service sector.
Thirdly, the convergence security industry transcending the division between information security and physical security is expected to continue to grow. The convergence security industry is concerned about products and services resulting from the combination of information security with other industries, such as home appliances, medical, automobile and factory. Although the convergence security industry was not factored into calculating the size of the information security market, it has potential for growth in the future as security issues in other industries have been brought to the limelight since the acceleration of the Fourth Industrial Revolution. Once the convergence industry takes root and expands, it will provide the entire information security industry with a stimulus to take another leap forward.
Director, Oh Jin-young (email@example.com)
Manager, Oh Nam-ho(firstname.lastname@example.org)
Deputy General Researcher, Song Eun-ji (email@example.com)
Korea Internet and Security Agency (KISA)
< **The opinions expressed in this article are the author’s own and do not reflect the views of KOTRA. >
* Sources of Figures
“Survey for Information Security Industry in Korea (2018)”, Ministry of Science and ICT, Korea Information Security Industry Association (December 2018).