Korea’s Cyber Security Market Outlook with SWOT Analysis (2021)

South Korea is a highly digitised and connected country with the world’s fastest internet speed, the highest rate of broadband penetration and the highest rate of smartphone ownership. The advancement of Korea’s digital infrastructure has outpaced development of cybersecurity infrastructure, which has suffered attacks from both domestic  overseas actors.

South Korea’s cybersecurity market was estimated to be worth KRW 1.98tn in 2020. Korean firms such as SK Infosys and global players such as Microsoft, Symantec and Cisco dominate the market, while system integrator providers such as Samsung SDS or LG CNS provide cyber solutions as part of its IT offerings. Approximately 40 percent of the market is dominated by U.S. companies such as Microsoft, Symantec and Cisco, as experts generally regard the most technically advanced solutions from foreign companies. Growing demand for higher security standards from the government, however, has led local firms to offer increasingly specialized products that keep pace with global best practices.

The total addressable market size of cybersecurity solutions are projected in 2021 are the following: network security at KRW 468bn, system security at KRW 216.9bn and information leakage prevention services at KRW 311bn. Services are driven chiefly by security projects, a market size of KRW 204bn in 2020, followed by consulting and maintenance services, market size of KRW 115bn and KRW 112bn respectively.

Trends

In 2020, the Presidential Office of National Security called a number of changes in its 2019 National Cybersecurity Strategy including developing preventative and response technologies that can detect and repel attacks in real time, as well as a regulatory framework to encourage greater spending on cybersecurity from companies and public institutions. The strategy identifies raising the competitiveness of local industry and increasing the number of cybersecurity personnel as a means of achieving these greater capabilities.

Other government initiatives also call for major investments in cybersecurity, including cloud and AI-based cyber solutions, with the goal of improving South Korea’s ranking in the International Telecommunications Union (ITU) global cyber security index from 15th to 5th over the next two years. In January 2021, the Ministry of Science and ICT (MSIT) announced KRW 670bn in funding for domestic cybersecurity capabilities. The plan aims to improve response capability through real-time collection of threat information and to develop an infrastructure around securing government facilities, cloud service providers and data centers.

The MSIT allocated a total of KRW 240 bn for information security in its 2021 budget, an increase of 29% compared to the 2020 budget.[i] Approximately one third of the spending (KRW 74.7bn) is dedicated to information security R&D, while spending on incident response planning is doubled to KRW 53bn as the government seeks to build a stronger digital security systems ahead of the increasing digitization and connectivity of the economy. Other areas of spending include developing mobile-specific security and offering consulting services to SMEs lacking sophisticated security protocols.

Demand for network security solutions grew 10% in 2020 to reach KRW 825m as work-from-home became increasingly prevalent during the COVID-19 pandemic. The remote work environment especially created demand for a network security infrastructure across cloud technologies, interconnected devices, and virtual private networks (VPN) to secure private networks in public spaces. Network security detects and prevents attacks on the system across the network, and consists of firewalls, Intrusion Prevention Systems (IPS), DDoS prevention systems, virtual private network (VPN), access control.

Network Security

The sales of network security solution provider Wins grew by 14% and firewall and cloud-based technologies sales rose by 50% in in 2020. Fortinet released a solution called SASE (Secure Access Service Edge), a collaboration with AT&T that secures multiple layers of security networks in remote environments. Major government institutions also continued to strengthen their networks, as the public electricity company Korea Electric Power (KEPCO) invested KRW 1.3 bn in software and the Government Buildings and Management Office (GBMO) made a smaller purchase of network separation security technology. However, experts consider many public institutions and private companies vulnerable to potential threats, having not secured the proper network security infrastructure during the rapid transition into the remote work environment.

The sales of network security solution provider Wins grew by 14% and firewall and cloud-based technologies sales rose by 50% in in 2020. Fortinet released a solution called SASE (Secure Access Service Edge), a collaboration with AT&T that secures multiple layers of security networks in remote environments. Major government institutions also continued to strengthen their networks, as the public electricity company Korea Electric Power (KEPCO) invested KRW 1.3 bn in software and the Government Buildings and Management Office (GBMO) made a smaller purchase of network separation security technology. However, experts consider many public institutions and private companies vulnerable to potential threats, having not secured the proper network security infrastructure during the rapid transition into the remote work environment.

Threat Intelligence Monitoring/Incident Response

Intelligence gathering and response capabilities are a strategic area of focus for the Korean government, which is seeking to improve the ability of public organizations and small firms to respond to threats. Domestic threat monitoring and response technologies are still under development, but the introduction of new solutions such as SOAR (Security Orchestration, Automation and Response), which detect threats in multiple layers of networks and connected device systems, show promise.

The government expects SOAR to automate the analysis and response to security threats, while also addressing capability gaps in the nation’s security infrastructure. More than 50 Korean companies are developing SOAR solutions, including Igloo Security, which launched its Spider SOAR solution to carry out vulnerability diagnoses for IT assets.

South Korea’s threat intelligence and monitoring solution providers have also integrated response functions within their products to allow for the identification of ransomware attacks and malicious code. Korea’s Nuri Lab NAR (Nuri Anti-Ransom) provides a security solution which detects and blocks cryptographic behavior and ransomware. WidgetNuri offers a whitelist-based software authentication blocking, as well as a cryptographic detection and blocking solution. Through an authentication system, the software analyses the action on the operating system to detect potential ransomware. The AhnLab Smart Defense solution has a built-in detect and block ransomware solution.

Endpoint Security

The need for EDR solutions grew in Korea during the sustained period of remote work. Users’ devices connect to the comparatively more vulnerable networks at home. An effective EDR solution according to AhnLab refers to the ability to monitor in real-time the processing, registry, and files through machine learning and IoC analysis. Korea’s adaption of EDR security technologies is relatively slow as Korean companies often lack internal CERT or SOC personnel to implement the solutions, however, a much more wide adoption of EDR technology can be expected in 2021. According to CUDO Communication, the EDR solutions were adopted in each internal departments in Korea, and companies are expected to secure a much wider security network this year, especially in financial and manufacturing sectors and large corporations with internal security control centers.

AhnLab leads the market in EDR solution followed by ESTSecurity. INCA Internet recently launched its own endpoint solution product, called Tachyon, in 2018, which includes a mobile-specific version. INCA’s nProtect is widely used in South Korea to secure e-commerce, online gaming and financial transactions. SentinelOne, a US-based startup offering an EDR platform, also announced plans in January 2021 to open a South Korean office, pointing to the demand for endpoint technologies in Korea.

Encryption

In Korea, quantum cryptography and homomorphic cryptography solutions are advancing the application of encryption technologies in digital healthcare solutions, 5G , and ICT infrastructures. The ‘2nd Information Protection Industry Promotion Plan’ designated post-quantum cryptography, or quantum-resistant cryptography as a priority investment area to support development of commercially available applications of quantum-resistant encryption systems, investing into testing the resilience of encryption algorithms and standardisation on the use of quantum encryption.

In the private sector, Naver’s venture arm, D2 Startup Factory invested into Desilo Inc, a startup developing a homomorphically encrypted machine learning solution and is currently developing the homomorphic encryption technology in-house. Samsung SDS has won first place in the international genomic information analysis security competition, iDASH 2020, with its homomorphic cryptography technology. Korea Institute of Science and Technology Information (KISTI) and Seoul National University Hospital in Bundang also signed an agreement to apply quantum cryptography and homomorphic cryptography in processing medical documents.

Authentication

The Electronic Signatures Act was amended in December 2020 authorizing private companies’ use of digital authentication solutions than the cumbersome public digital authentication system, which required users to install Microsoft’s ActiveX plugin. A number of major Korean tech firms including Naver, Kakao, Payco, BankSign, and all three major mobile telecommunications service providers, are already active in the broader authentication market, estimated to be worth KRW 70bn.[i] In December 2020, KB Financial Group’s digital signature was selected by MOIS for use on government websites out of five candidates. 

In 2020, South Korea’s three major telecommunications service providers, SK Telecom, KT, and LG Uplus, jointly launched a blockchain-based digital identity app called Pass that can verify the user’s ID and driver’s licence.[ii] The app, powered by the local fintech startup Aton, removes the complicated authentication process typically required by apps and websites for identity verification, allowing users to verify their identity via a six-digit number, fingerprint or iris recognition. Pass has close to 30 million users, well over half of South Korea’s total population. 

Internet of Things (IoT)

South Korea’s IoT market, a KRW 10tn industry, is among the five largest in the world. It is driven by a shift in focus from individual devices towards increasingly complex platforms and services supported by 5G connectivity.[i] The market is projected to show strong growth in the coming years through investments in connected cars, factories, energy grids and public facilities.

Hyundai Motor Company’s connected car service already has 1.5 million subscribers, but the automaker plans to increase this number to 10 million in coming years by ensuring all domestically produced vehicles have connected car capabilities by 2022. Meanwhile, the number of smart factories nationwide more than doubled between 2018 and 2020 to almost 20,000.[ii]

The massive projected increase in connectivity for a breadth of applications ranging from manufacturing to mobility to governance and smart cities, as well as the speed of the networks utilized, will mean the nature of threats will diversify while the time to detect and respond will be reduced. All three major telecommunications service providers are making significant investments in securing the 5G networks expected to underpin this connectivity. The leading suppliers of smart factory platforms (Samsung SDS, LG CNS and SK C&C) all integrate security into their platforms, providing both consulting and solutions such as monitoring, access control and cloud control. SK C&C is partnering with Google Cloud Korea to supply cloud security for its smart factory platform.

Industrial Control Systems (ICS)

South Korea’s ICS security market size as of 2020 is estimated to be KRW 91.3bn and has grown at an average increase of 48.8% per year since 2015.[1] ICS technology was not traditionally considered within the cybersecurity domain in South Korea. However, the rapid increase of smart factories, which more than doubled between 2018 and 2020 to almost 20,000, has underscored the importance of ICS technology in the country.

The 2018 cyberattack on Taiwanese chip supplier TSMC also prompted many Korean companies in the energy, manufacturing, and utility sectors to begin paying greater attention to dedicated protocols and securing equipment through ICS systems. POSCO ICT, the technical solutions arm of the national steelmaker POSCO, announced a jointly-developed ICS solution with Cisco in April 2019.[iii] Meanwhile SECUI, one of the leading network firewall companies in South Korea, is collaborating with Intel to develop solutions on ICS security monitoring and visualisation systems.

Supervisory Control and Data Acquisition (SCADA)

The market for SCADA in Korea was worth an estimated KRW 63.7bn in 2020, growing steadily at an average of 6.3% annually from KRW 50.3bn in 2016.[iv] Government-led SCADA projects are the largest segment of the market, usually related to the conversion of public infrastructure such as power plants, airports, and traffic control centers into smart facilities. Recent purchases of SCADA systems include public utility KEPCO, which installed a KRW 13.2bn system, as well as Incheon International Airport (KRW 2.7bn).[v]

The SCADA market in South Korea began under close collaboration between foreign and domestic companies. Local SI firm Vitzrosys entered a partnership with UK-based EuroTherm, to develop SCADA technology for sale in the Korean market. Vitzro is the market leader with 30% market share, leveraging its broader strengths in delivering complex systems for public customers such as KEPCO, Korea Railroad Corporation and the city of Seoul. Other leading companies in the Korean SCADA market include Hyundai Electric, a spinoff of global manufacturer, Hyundai Heavy Industries, as well as LS Electric and Taekwang NC.

SWOT Analysis

Strengths

  1. Due to Korea’s effective response to COVID-19,the economic impact of COVID-19 on Korea is not as severe as other countries. Korea experienced a -1.1% growth in 2020 compared to  -3.4% growth in the States and -5.1% in Japan, and Korea is expected to reach 2% in growth in 2020-2021, the highest among the 11 countries in average global growth rate.[1] 
  2. Government-led initiatives and programs are followed by private sector activity. Currently, there is large public and private investment into data infrastructure, autonomous vehicles, and hydrogen induced by the Korean New Deal
  3. Korea is a rare market with high digital penetration and an equally concentrated digitally literate consumer base. Strong ICT infrastructure underpins Korea’s capacity to build new services and technologies. The Korean market can deliver cyber technologies operationally intensive and at scale than other comparable markets.

Weakness

  1. Public attitude toward purchasing protective equipment or security technologies is passive, and corporations are slow to invest and adopt cyber solutions.
  2. Facilities vulnerable to cyber attacks, such as public health institutions and laboratories, lack education and training on potential threats. Over 90% of medical personnel have reportedly not received proper cyber training when transitioning into a remote work environment.[1]
  3. National smart city or smart factory strategies are often missing the cybersecurity framework from its onset.[2]
  4. Difficult for  technology at a globally competitive level 
  5. Korean corporations generally lack security experts or personnel in-house to guide adoption of the software.

Opportunities

  1. Due to prolonged remote work, cyber solutions such as endpoint protection and network security solutions are in greater demand with increased threat in the PC-Network infrastructure.
  2. Infection security solutions emerged in post-pandemic as a new market in Korea. Access control technologies incorporated facial recognition function with fever detection, evolving into an integrated infection prevention access security solution, widely installed in workplaces, restaurants, and public facilities.
  3. UK companies with European Civil Aviation Conference (ECAC) certifications can more feasibly sell into the specific sectors of the Korean market. Korea lacks a domestic certification system for companies to sell to the security solution buyers, such as the airport security facilities. Interested companies must obtain the certifications such as the Transportation Security Administration (TSA) and  ECAC certifications, which can be a difficult process for most Korean companies.
  4. Advanced technology solutions in the UK but not yet developed in Korea could ease into the market. Existing Korean cyber providers struggle to develop globally competitive solutions without the corporate investments or R&D support, and often partner with large multinationals to develop new technologies.[1]

Threats

  1. Korean small and medium businesses dominate the market with understanding of the country’s policies and regulations. Korean cyber solution providers interested in providing consulting service must undergo the rigorous Korea Internet & Security Agency certification procedure.
  2. The hardware in Korea, such as drones, CCTVs, and sensors, and UK software may not be technically compatible due to varying norms and standards.
  3. The Korean security products market is polarised with little room for foreign companies to be competitive in pricing. The hardware is made cheaply in China, and the Korean companies install software atop, e.g., AI-based CCTV.
  4. U.S. multinational cyber companies, such as FireEye, IBM, and Microsoft are often cyber providers of choice for large Korean corporations.
  5. Currently, the upfront cost of exploring security technology is high and the immediate forecasted return of investment is unclear. The entrants and existing organizations’ continued support is necessary for new security solutions, AI or cloud-based video analytics, etc., to emerge as business solutions.

APPENDIX

Security consulting firms

A total of 27 companies in Korea meet KISA’s standard for information security consulting. The Information Security Industry Regulations standard requires companies to establish protocols to ensure the safety of information and communication facilities. Competency is assessed based on a firm’s technical ability, completion of international certifications such as SIS, or PIMS, years of experience in the information security field and the cost of consulting services.

CompanyLink
SECUIwww.secui.com
Ahn Labwww.ahnlab.com   
eNsecurewww.ensecure.co.kr
A3 Securitywww.a3security.com   
Lotte Data Communicationwww.ldcc.co.kr
Cyberonewww.cyberone.kr/
SK Infosecwww.skinfosec.com 
Winswww.wins21.co.kr/
PioLinkwww.piolink.com 
Somansawww.somansa.com 
CISwww.cisro.co.kr/
SSRwww.ssrinc.co.kr/
Fasoowww.en.fasoo.com/
Igloo Securitywww.igloosec.co.kr
Secure Onewww.secureone.co.kr 
ICT Intelligent Securitywww.ictis.kr 
KISCAwww.audit.co.kr
SeedGenwww.seedgen.kr
Raon WhiteHatwww.whitehat.co.kr  
HanSecuritywww.hangrp.com  
MobyDickwww.mobymoby.com
Securityhubwww.securityhub.co.kr
LNJ Techwww.lnjtech.co.kr
KDNwww.kdn.com/
Shinhan DSwww.shinhands.co.kr/
ICTISwww.ictis.kr/
F1 Securitywww.f1security.co.kr/

Cyber solution providers

The largest domestic player is SK Infosec (annual revenue of KRW 270bn which specializes in consulting, monitoring and systems integration. SK Infosec is followed by Ahnlab, best known for its online and network security solutions, with annual revenue of KRW 178.2bn, anti-DDOS and IDS specialists SECUI and Wins as well as Igloo Security, which offers integrated enterprise solutions.

In late 2020, SK Infosec merged with a fellow subsidiary of the largest mobile telecommunications service provider SK Telecom, ADT Caps, which focuses on physical security, to create one of South Korea’s largest security companies. The new company, with combined revenues in excess of KRW 1tn, will offer integrated security solutions as a competitor of Samsung’s S1, which has revenues of KRW 2.2tn, largely from its physical security business. S1’s cybersecurity offerings include antivirus programs, VPNs and intrusion detection systems.

The leading Korean firms are increasingly investing in new technology such as AI, biometrics, ICT, big data, and other emerging technologies to develop total security solutions. AhnLabs recently acquired Jason, an AI-based data leakage prevention startup. S1 has invested in the development of integrated solutions customised for different industries such as aviation and healthcare, aiming to help lower the upfront cost of adopting a security solution.

CompanySales (2019)EmployeesKey ProductsKey Target Industries
SK Infosec172m1,065Managing security services, consulting, SIPublic sector
Ahnlab103m1,211Antivirus, online security, network security, firewalls, IPS and UTMPublic sector, financial institutions
SECUI76m399Intrusion prevention systems, anti-DDoS security, vulnerability analysis, unified management systemsFinancial institutions, gaming
WINS48m408Intrusion prevention, firewall, DDoS response, APT protection, integrated security monitoring, video privacyPublic sector, financial institutions
IGLOO SECURITY48m864Managed security service and enterprise security managementEnterprise
KICA27m85Licensed Korean certification authority; provides identity confirmation, secure transaction guarantees, compensation systemPublic sector institution, financial institutions
SGA Solutions25m175Antivirus, server security, firewalls, intrusion prevention and VPNPublic sector
Fasoo17m227Secure printing solutionsFinancial institutions, gaming
Penta Security Systems17.5m213Firewalls, encryption and authenticationPublic sector, financial institutions
NICSTECH7m119Personal/enterprise network security, web/mobile service implementationEnterprise
Genians15.8m140Cloud-managed network access control, IT security servicesPublic sector, financial institutions
Hancom Secure9.8m127Online integrated security solutionsPublic sector
Raonsecure18m205Security solutions development and consultingFinancial institutions, gaming
Inca, nProtect6.4m122Antivirus software, online securityPublic sector, financial institution

*Disclaimer: This article is produced from a body of my personal research during a project contracted from UKTI with Intralink group on the Korea’s Homeland Security Market.