2. CYBERSECURITY
AUTHORS
Future Watch Report2
At Business Finland, we create new growth by supporting companies to go global, as well as funding innovations.
Our top experts speed up the identification of business opportunities around the world and help transform them
into global success stories. Future Watch is part of TF Market opportunities service and it provides actionable
insights from our global network for Finnish businesses and stakeholders. More information at
www.marketopportunities.fi
Zahil Jackpersad
Consulting Analyst
Lehlohonolo Mokenala
Consultant
3. CYBERSECURITY
TOPICS
1. A GLOBAL PERSPECTIVE OF CYBERSECURITY
2. CYBERSECURITY SERVICE AND TECHNOLOGY TRENDS
3. IMPLICATIONS AND FUTURE OPPORTUNITIES FOR TEAM FINLAND
Future Watch Report3
4. CYBERSECURITY
CYBERSECURITY â MARKET DEFINITION
Future Watch Report4
Industrial Control Systems in
Crtitical InfrastructuresInternet of Things
Enterprise & Government
IT Infrastructures Mobility
About Cybersecurity
Cybersecurity includes technologies, methods, procedures and practices employed in cyberspace to protect
systems, networks, programs and data from unauthorized access, attacks, damage and other malicious intrusions.
Ensuring the confidentiality, integrity and availability of data in the digital world will be the main objectives of
cybersecurity.
At an overall level, cybersecurity can be defined as a subset of âInformation Securityâ. However, it may often
include multiple infrastructure components, right from the network layer to the application and databases.
From a service delivery perspective, it includes:
1) Implementation
2) Remediation
3) Management
Source: Frost & Sullivan
5. CYBERSECURITY
CYBERSECURITY PRODUCT & SERVICE FOCUS
Future Watch Report5
Cybersecurity Categories and Key Product and Services
Endpoint Access Control Managed
Services
Infrastructure Vulnerability
Research
Firewall/VPN/NGFW Anti Malware One Time Password CPE
Vulnerability Research
Feeds
IDS/IPS-SSL VPN Mobile Anti-malware Anti Fraud Hosted â
SIM/SIEM Content Filtering PKI Professional â
Wireless IDS/IPS NAC SSL Certificates Penetration Testing â
Content Filtering Full Disk Encryption Identity Management Vulnerability
Assessment
â
UTM/NAC Secure USB SSO â â
DLP/ILP DLP/ILP â â â
Web App Firewall â â â â
Source: Frost & Sullivan
6. CYBERSECURITY
DUE TO ITS RELATIVELY HIGH ADOPTION OF ICT, SOUTH AFRICA IS ONE OF
THE HOTSPOTS FOR CYBERSECURITY ATTACKS IN AFRICA
Future Watch Report6
High
Medium
Low
Cybersecurity Demand Hotspots, Global, 2017
Source: Rasindotek; Frost & Sullivan
There has been a sharp increase in the number of high profile cyber-attacks globally, the cost of which is expected to
reach $2 trillion by 2019.
7. CYBERSECURITY
THE HIGH GROWTH OF CYBERSECURITY IN THE MIDDLE EAST & AFRICA
REGION WILL COME FROM ADVANCED MARKETS SUCH AS SOUTH AFRICA
Future Watch Report7
North
America
Market ValueLow
LowHigh
Latin
America
Europe
Asia Pacific
Middle East
& Africa
Medium
Opportunity
Low
Opportunity
High
Opportunity
High
MarketGrowth
Regional Cybersecurity Revenue Potential, Global
2012â2020 Region
Revenues
2012 - 2020
CAGR
North America $506 billion 17.4%
Europe $243 billion 9.9%
Asia Pacific $159 billion 8.0%
Latin America $51 billion 16.7%
Middle East & Africa
(MEA)
$40 billion 10.7%
Total $999 billion 13.1%
Enterprises have ramped up their spend on cybersecurity solutions, with North America and Europe among the
leading regions by cybersecurity spend. Due to a relatively less mature adoption of technology, the Middle East and
Africa region is the lowest spender but is expected to have the third highest growth over the period 2012-2020.
Source: GoLegal Frost & Sullivan
8. CYBERSECURITY
125
135
139
142
148
148
152
163
169
188
202
233
0 50 100 150 200 250
ASEAN
Japan
South Korea
South Africa
Global Average
United Kingdom
Italy
Middle East
France
Germany
Canada
United States
Cost of Data Breach in US$
140
145
152
166
167
170
174
181
206
408
0 100 200 300 400 500
Consumer
Entertainment
Manufacturing
Education
Energy
Technology
Pharmaceuticals
Buiness Services
Financial Services
Health
Cost of Data Breach in US$
Future Watch Report8
SOUTH AFRICA IS ONE OF THE MOST AFFECTED COUNTRIES BY CYBER-
ATTACKS, WITH HEALTH AND FINANCIALS SERVICES TARGETED THE MOST
The Per Capita Cost of Data Breach by
Country or Region, Global, 2018
Source: Ponemon Institute; IBM; Frost & Sullivan
The Per Capita Cost of a Data Breach by
Sector, Global, 2018
9. CYBERSECURITY
AS ENTERPRISES INCREASINGLY EMBRACE DIGITAL TRANSFORMATION,
CYBERSECURITY IS BECOMING A MAJOR PRIORITY
Future Watch Report9
Cloud Security
Endpoint Security
Consumerisation of IT
Advanced Persistent Threats
Internet of Things
Managed Services
⢠The growing digitisation of enterprise
operations is unlocking inefficiencies,
leaving enterprises to focus more on those
elements that are core to their businesses.
⢠As enterprises increasingly adopt the cloud,
mobility, and the internet of things, they
have inadvertently opened their systems to
security threats coming from hardware,
software, and communications networks.
⢠Due to rising volume and sophistication of
threats, it is becoming common for
enterprises to move components of their
security functions to specialist managed
security services providers (MSSPs).
The growing integration of technologies such as mobility, cloud, and IoT has seen enterprises turn
to managed security service providers.
Technology Trends Shaping the Security
Market, South Africa, 2017
Source: Frost & Sullivan
10. CYBERSECURITY
TOPICS
1. A GLOBAL PERSPECTIVE OF CYBERSECURITY
2. CYBERSECURITY SERVICE AND TECHNOLOGY TRENDS
3. IMPLICATIONS AND FUTURE OPPORTUNITIES FOR TEAM FINLAND
Future Watch Report10
11. CYBERSECURITY
CYBERSECURITY IS A KEY GROWTH AREA FOR SOUTH AFRICAN IT SERVICE
PROVIDERS AND ENTERPRISES ACROSS SOME OF THE KEY SECTORS
Future Watch Report11
Cybersecurity Market Landscape, South Africa,
2017
Market Evolution
⢠The growing adoption of cloud, mobility, Internet of
Things (IoT), and Big Data as well as the Protection of
Personal Information (POPI) Act, governing data
protection, will drive the development of South Africaâs
managed security services market.
Addressable Market
⢠South Africaâs financial services and public sector are
expected to remain prominent market segments due to
continued cyber-attacks.
⢠The mining and manufacturing sector is increasingly
investing in digitising operations in line with global
trends, and is expected to become a prominent market
segment for local security services providers.
Competitive Environment
⢠In order to deliver a more comprehensive set of
solutions, service providers such as communication
service providers (CSPs) may need to partner with other
technology providers.
⢠The rising investment in digitising
enterprise operations will shape the
evolution of security services.
⢠The development of the industry is still
somewhat limited by a lack of skills, not
within enterprises but services as well
in technologies such as analytics and
artificial intelligence.
⢠A range of providers including
operators are establishing a presence in
the market.
Source: Frost & Sullivan
12. CYBERSECURITY
667
1,000
0
200
400
600
800
1,000
1,200
2017 2022
RevenueinUSD$million
Year
ENTERPRISES ARE ALLOCATING A GROWING PORTION OF THEIR IT BUDGET
TO CYBERSECURITY SPEND WHICH IS EXPECTED TO GROW BY 8.4%
Future Watch Report12
According to the South African
Bank Risk Information Centre,
cyber-attacks such as phishing
attacks and internet fraud cost
South Africans about $200
million per annum.
South African enterprises are
allocating a growing portion
of their IT budgets to
cybersecurity.
It is estimated that in 2017 the
spend on cybersecurity was
$667 million, making up 10% of
total enterprise IT budgets,
rising to over $1 billion by 2022.
Cybersecurity Market Revenue Forecast, South
Africa, 2017 â 2022,
CAGR = 8.4%
Source: Fortinet; Frost & Sullivan
8.4%
13. CYBERSECURITY
THE LEADING CAUSE AND COSTLIEST SOURCES OF DATA BREACHES COME
FROM MALICIOUS ATTACKS AND INTERNAL HUMAN ERRORS
Future Watch Report13
The contribution of
malicious attacks has
increased from 43% in 2016
to 45% in 2017.
01
Data breaches due to a
system glitch has dropped
from 28% to 25% over the
year.
02
Human errors account for
30% of data breaches in
2017 up from 29% in 2016.
03
45%
Malicious
or Criminal
Attack
30%
Human Error
25%
System Glitch
⢠Data breaches from Malicious or Criminal Attacks ($157) generally have a higher per capita cost than from
System Glitches ($131) or Human Errors ($128).
⢠For South Africa, Malicious Attacks had a per capita cost of $154 while the cost from System Glitches and
Human Errors were $115 and $116, respectively.
⢠While Human Error cause refers to negligence or negligence by insiders, Malicious Attacks include malware
infections, phishing/social engineering and criminal insiders.
Source: Ponemon Institute; Frost & Sullivan
Distribution of the Benchmark Sample by Root Cause of
the Data Breach, South Africa, 2017
14. CYBERSECURITY
FINANCIAL SERVICES AND PUBLIC SECTOR ARE MAJOR OPPORTUNITIES
FOR CYBERSECURITY BASED ON SPEND AND GROWTH OF SPEND
Future Watch Report14
Cybersecurity Spending Trends, South Africa, 2017
⢠Financial services sector, as one of
the biggest targets for hackers and
ISP / telecom providers are among
the leading spenders on
cybersecurity
⢠Due to their growing digitization,
the public sector is expected to have
one of the highest growth rates in
security spending
⢠The rising integration of IoT in retail
and manufacturing has made
cybersecurity a growing priority for
enterprises, while Oil & Gas is still
lagging behind the other sectors
Source: Frost & Sullivan
Oil , Gas,
and Mining
Public
Sector
High
Low
ExpectedSpendGrowth(5-yr)
Low Spend on Cybersecurity High
Telco / ISPs
BFSIManufacturing
Others*
Big Spenders
Retail
15. CYBERSECURITY
SOUTH AFRICA WAS RANKED AMONG THE MOST TARGETED COUNTRIES
FOR BANKING MALWARE ATTACKS
Future Watch Report15
⢠South Africa ranks among the top 10 countries in the world targeted by malware, with over 3% of the
banking population reporting such an attack in 2015.
⢠Many South African banks use one-time PINs (OTP) to authenticate customersâ online transactions, which
are sent to mobile phones. However, fraudsters are using SIM-swap scams to circumvent two-factor
authentication security measures that have proven inadequate for the major banks.
⢠Security companies such as Entersekt, a South African security provider, are among the leading security
providers looking to provide multi-factor authentication.
0.0
1.0
2.0
3.0
4.0
5.0
6.0
Singapore Switzerland Brazil Australia Hong Kong Turkey New
Zealand
South Africa Lebanon UAE
PercentofUsersAttacked(%)
cybersecurity Market: Banking Malware Attacks by PopulationâTop 10 Ranking, Global, 2015
Source: Ponemon Institute; Frost & Sullivan
16. CYBERSECURITY
MANUFACTURING IS A KEY OPPORTUNITY FOR MANAGED SECURITY DUE
TO THE RISING DIGITALISATION AND LIMITED INTERNAL SECURITY SKILLS
Future Watch Report16
cybersecurity Market: IoT Impact on Manufacturing Value Chain, South Africa, 2017
Concept
Design and
Analytics
Simulation
and
Optimisation
Manufacturing Assembly Supply Chain Managed
Services
IoT-enabled Supply ChainIoT-enabled Manufacturing IoT-enabled Services
Production responsiveness, smart
energy management, remote asset
management, smart factories
Intelligent and interactive, fleet tracking
and optimisation, flexible value chain
networks, end-to-end traceability
⢠Embedded devices,
⢠Application services,
⢠Cybersecurity services
⢠Manufacturing is expected to be one of
the biggest beneficiaries of the evolution
of technology and connectivity towards
IoT.
⢠Manufacturing companies in South
Africa are allocating up to 1.3% of their
revenues to ICT as they look to digitise
their processes and enhance their
operational efficiency.
⢠Because IoT requires an environment of data
and information sharing with partners, it
exposes enterprise systems to security
breaches
⢠As a result, South Africaâs manufacturing sector
is expected to be a key market for managed
security services
⢠In addition, there is a dearth of skills in the
sector to combat the threat of cyber-attacks.
Source: Frost & Sullivan
17. CYBERSECURITY
GOVERNMENT IS WARY OF ADOPTING ADVANCED TECHNOLOGIES SUCH
AS CLOUD FOLLOWING CYBER ATTACKS ON PUBLIC SECTOR INSTITUTIONS
Future Watch Report17
The adoption of emerging technologies such as cloud computing and IoT is limited by the security
threat that they pose to public sector systems and networks. In South Africa, public organisations such
as the Post-Bank, Gautrain Management Agency, and the South African Police Service (SAPS) have been
victims of cyber attacks.
Cloud Services
E-governance
IoT and Big Data
⢠Despite the operational and cost efficiencies that the cloud
model offers, network and data security are still major concerns.
The POPI Act is a key consideration in the governmentâs move to
a cloud environment.
⢠Open data and collaborative approaches encourage public
participation. Open data enables the creation of new
added-value services, but steps need to be taken to ensure
privacy and security.
⢠The South African government is exploring options for exploiting
IoT and Big Data to improve service delivery. However, the
integration of advanced technology is leaving public sector
systems susceptible to cyber attacks.
Source: Frost & Sullivan
Cybersecurity Market: Leading Technology Trends Driving Public Sector Cybersecurity
Investment, South Africa, 2017
18. CYBERSECURITY
THE LOCAL SECURITY MARKET HAS A STRONG NETWORK OF LOCAL AND
INTERNATIONAL PROVIDERS ACROSS THE VALUE CHAIN
Future Watch Report18
Security
Vendors
Distributors
Managed
Security Service
Providers (MSSP)
Resellers /
System
Integrators
Description
Development of
security solutions
across different IT
functions
Channel distributor
Delivering and
managing the
security, hosted or on
premise
Deployment and local
support of security
solutions for
enterprises
Providers
⢠A rising number of IT service providers are entering the cyber-security market as they look to diversify
product portfolio and to meet a growing demand for security across enterprise IT services.
⢠The security value chain is characterised by a number of international security vendors who largely rely on
local system integrators and resellers to deploy and support their security products and services.
⢠Due to the rising number and sophistication of cyber-attacks, enterprises are increasingly looking to
outsource some of their management some of their security functions to external providers (MSSPs).
Source: Frost & Sullivan
Cybersecurity Supply and Demand Value Chain Structure, South Africa, 2017
19. CYBERSECURITY
TOPICS
1. A GLOBAL PERSPECTIVE OF CYBERSECURITY
2. CYBERSECURITY SERVICE AND TECHNOLOGY TRENDS
3. IMPLICATIONS AND FUTURE OPPORTUNITIES FOR TEAM FINLAND
Future Watch Report19
20. CYBERSECURITY
0.5
0.7
0.8
0.8
0.8
0.8
0.8
0.9
0.9
0.9
0.9
0.0 0.2 0.4 0.6 0.8 1.0
South Africa
Finland
France
Georgia
Australia
Mauritius
Estonia
Oman
Malaysia
USA
Singapore
Score
Rank Country Score out of 1
1 Singapore 0.925
2 USA 0.919
3 Malaysia 0.893
4 Oman 0.871
5 Estonia 0.846
6 Mauritius 0.830
7 Australia 0.824
8 Georgia 0.819
9 France 0.819
16 Finland 0.741
58 South Africa 0.502
⢠Cybersecurity has become a key priority for the
South African government to enable technology
adoption. Through initiatives such as competence
centres, government has looked to cultivate the
development of the local cybersecurity market
⢠However, the government has struggled to meet this
target due to the lack of a cohesive strategy to drive
cybersecurity across the private and public sector
and a lack of skills locally to meet security needs
⢠Finland on the other hand ranks amongst the most
committed countries to cybersecurity as rated by the
Global Cybersecurity Index (GCI). The index is based
on five key pillars, including technical capability, the
legal framework, cooperative frameworks and
capacity building with respect to cybersecurity
⢠As cybersecurity is a national priority for South Africa
in terms of policy and industry development, it is
important to have engagement at a governmental
level to enable exports of security products,
information sharing and skills transfer
Future Watch Report20
FINLAND HAS TAKEN GREAT STRIDES IN SKILLS DEVELOPMENT AND POLICY
AND THEN CAN BE AN IDEAL CYBERSECURITY PARTNER FOR SOUTH AFRICA
Source: ITU Frost & Sullivan
Global Cybersecurity Index, Global , 2018
21. CYBERSECURITY
WITH ITS HIGH DIGITAL CAPABILITY, FINLAND IS WELL-POSITIONED TO
LEVERAGE DIFFERENT TECHNOLOGIES TO MEET CYBERSECURITY NEEDS
Future Watch Report21
Cybersecurity Trends Shaping Opportunities for Finnish Companies, South Africa, 2017
Regulatory
Framework
Interact
Evolution of
Ransomware
Transact
Popularity of
Blockchain
⢠Local enterprises need
to remain cognisant of
the POPI Act and the
General Data Protection
Regulation (GDPR).
They require security
and consultancy
services that ensure
they are compliant.
⢠Service providers
have the opportunity
to leverage artificial
intelligence (AI) and
machine learning
(ML) to more
accurately predict
and identify attacks
as a preventive
measure.
⢠Ransomware attacks
are worsening as the
number of malicious
attacks continue to
grow. Enterprises are
however still not
protected, with the
disaster recovery as
a service (DRaaS) an
emerging solution.
⢠There is a growing
opportunity for end-
point and network
security as South
African enterprises
across sectors take
up IoT, which calls for
the connectivity of a
range of devices.
⢠As a growing disruptor
across a number of
verticals blockchain is
yet to be established
and is expected to open
opportunities for
solutions such as
security in the medium
to long-term.
Emergence of AI
and ML
Threat Arising
from IoT
Source: Frost & Sullivan
Finland ranks among the leading countries on digital competitiveness and for utilization of IoT in the world.
Moreover, the country is developing capabilities in AI and regulation and governance for cybersecurity. As a
result, Finland is well-positioned to leverage different technology trends to meet the demand for cybersecurity.
22. CYBERSECURITY
FINNISH VENDORS CAN PARTNER WITH LOCAL IT PROVIDERS TO BUNDLE
SECURITY WITH CLOUD FOR MANUFACTURING, RETAIL AND SME
⢠Manufacturing companies such as Nampak, Apollo Tyres,
Astral Foods, who are at varying stages of digital
transformation, have highlighted security as a concern
for the relatively slow adoption of IT in their processes
⢠Apollo Tyres and Astral Foods in particular are
considering moving a lot of the IT functions into the
cloud but still remain uncertain due to security. This is a
growing theme among manufacturers in the market
⢠Retail and small and medium enterprises (SMEs), which
are a growing segment for cloud solutions are as a result
becoming a key opportunity for cybersecurity
⢠Leading operators Vodacom and MTN are expanding into
enterprise solutions such as cloud and managed security
targeted at SMEs. They do not however, have in-house
security solutions and rely on international partners
⢠Finnish firms could consider partnering with local system
integrators and managed services providers such as BCX,
EOH and Networks Unlimited, who bundle products of
international security vendors in their solutions targeted
at some of the larger retailers and manufacturing firms
Future Watch Report22
⢠Providers such as Codenomicon, now part of
Synopsys, can leverage its strong reputation in the
market and offer relevant network and end-point
security services in South African industries taking
IoT services.
Source: Frost & Sullivan
Top Cloud Inhibitors for Enterprises Survey, South
Africa, 2016
53%
60%
67%
75%
78%
0% 25% 50% 75% 100%
Integration issues
Lack of control
Bandwidth
Constraints
Legal and
Compliance
Data security
Percentage of Respondents
CloudInhibitors
23. CYBERSECURITY
AI AND ML CAN BE LEVERAGED TO COMBAT THE EVOLVING THREAT OF
CYBER-ATTACKS FACED BY ENTERPRISES TAKING UP IOT
⢠Network security remains an important solution for
enterprises in South Africa, within manufacturing,
retail and healthcare as they take up cloud and IoT
solutions
⢠However, the challenge the market is facing is the
growing sophistication and continuously evolving
cyber-attacks, which enterprises and some of the local
providers are not able to prevent
⢠There is a lack of skills to build solutions with AI and
machine learning (ML) capability locally that can
proactively track and prevent attacks on the networks
of enterprises that are adopting IoT
⢠Providers of business services, Cliffe Dekker Hofmeyr
and low-cost airliner Airlink are among the leading
local enterprises to take up security solutions AI and
ML technology
⢠There is growing uptake of more advanced security
solutions in retail in particular as more retailers take
up IoT, with retailers Massmart and Lewis Group
adopting AI-based cybersecurity solutions
Future Watch Report23
Utilities &
Smart Cities
Transport &
Logistics
Healthcare
Manufacturing
& Mining
Retail
Leading Adopters of IoT by Sector, South
Africa, 2017
Source: Frost & Sullivan
24. CYBERSECURITY
CONSULTING AND SUPPORTING SERVICES ARE A GROWING OPPORTUNITY
FOR SECURITY SERVICES IN SOUTH AFRICA
Future Watch Report24
⢠In addition security products rising digital
transformation is driving the demand for
consulting and other supporting services
⢠Some of the key consulting focus areas for
local providers include i) regulatory
compliance, ii) security training and iii)
governance services
⢠Customer protection policies such as GDPR
and POPI has compelled local companies
trading globally to consider regulatory
compliance services
⢠The lack of security skills, mainly for mid-tier
companies is driving the demand for security
training and governance services
⢠Tertiary institutions are also exploring short
courses for professionals to provide them
academically accredited skills
Regulatory Compliance
Local business services, e-commerce and
Fintechs need compliance services for
GDPR to meet regulatory requirements
for services they offer in Europe
1
Governance Consulting Services
Fintechs such as Mobile Financial
Services looking to attract equity
investment have indicated a need to
improve their security governance
3
Security Training
Rhodes University and the University of
Pretoria are aiming to partner with the
private sector to offer accredited
security courses for professionals
2
Source: Frost & Sullivan