Understanding the Cybersecurity Industry Chain

Understanding the Cybersecurity Industry Chain


The world has been changed dramatically by COVID-19, and one of the most significant changes is working and learning remotely. As it has become the new normality, it has also posed more challenges for cybersecurity. Due to the relatively weak cybersecurity environment at home, many cyberattacks on various industries have emerged, making cybersecurity a major challenge for enterprises.

According to IDC’s report in 2022, spending on cybersecurity industry in the Asia-Pacific region will exceed $31 billion in 2022, a growth of 15.5% over 2021, and it is expected to reach $57.6 billion in 2026. Among these are the main customers of finance, telecommunications, and government agencies.

Understanding the Cybersecurity Industry Chain
Source: IDC

Moreover, the report also mentioned that Taiwan’s cybersecurity-related spending in 2022 will reach $894 million and is expected to have a CAGR of 18% by 2026, which is expected to bring great business opportunities for third-party information security companies. This article will explore Taiwan’s engagement in cybersecurity and break down the cybersecurity sectors, providing the most detailed and easy-to-understand analysis of the cybersecurity industry!

Taiwan’s actions

Firstly, the Financial Supervisory Commission (FSC) has requested that publicly traded companies allocate appropriate human resources to plan, monitor, and execute information security systems. The establishment of information security personnel should be done in three phases, focusing on appointing a Chief Information Security Officer (CISO) and other information security specialists.

Secondly, companies themselves need to obtain relevant security certifications such as ISO 27001. See why ISO 27001 matters here:

Purchasing relevant security systems and obtaining security certifications are common practices to strengthen security protection. However, as a quote by A. Ezekiel goes,

“Time is what determines security.

With enough time, nothing is unhackable.”

Companies’ network security has constantly been challenged; companies need to cooperate further with third-party security firms to fill the gap. This is expected to bring business opportunities for the cybersecurity industry.

Therefore, we integrated the revenue of all the companies with cybersecurity DNA. The data were retrieved from the TEJ database, financial statements, annual reports, and official websites of companies. By observing the trend over the past five years, we can determine whether the cybersecurity issue will impact the revenue of cybersecurity firms.

Cybersecurity Firm
Source: Integrated from the TEJ database

The CAGR of the cybersecurity industry has been roughly 12% over the past five years, which has grown even more rapidly after the pandemic. TEJ help you further classify companies based on their business nature. The fastest-growing sector is the applied software industry, with a five-year CAGR of up to 20.45%. Where does it in the industry, and why has it stood out in the past five years? Let’s introduce the “Cybersecurity Industry Chain” to you!

Cybersecurity Industry Chain

The Relation of Each Stream in the Cybersecurity Industry Chain
Source: Integrated from the STI’s 2021 annual report

According to STI’s 2021 annual report, the cybersecurity industry is divided into software and hardware suppliers (upstream), channel distributors or agents (midstream), system integrators, and consultants (downstream), with end users consisting of government, enterprises, and individuals.

In terms of business nature, upstream manufacturers focus on the R&D and production of information-related products, while midstream channel operators prioritize promoting the market and establishing marketing channels, thus requiring more salespeople. Downstream service providers offer services such as delivery, maintenance, and technical support to end-users, requiring professional technical personnel. This is where STI is.

However, this chain is centered on the information industry and only includes some sectors benefitting from cybersecurity opportunities. To better understand the cybersecurity industry trends, TEJ has compiled the complete cybersecurity industry groups below. We will elaborate on their business nature, companies, and trends.

The Universe of Cybersecurity Industry. Source: Integrated from the TEJ E- Journal

Integrated Service Provider- CAGR:9.5%

Integrated Service Providers can aggregate different information devices and software to construct a system, solving enterprise software and hardware construction issues in one go. Most companies outsource their security systems to Integrated Service Providers for setup and long-term cooperation, with maintenance services becoming a long-term source of income for these companies.

During this period, the revenue of Integrated Service Providers mostly shows a growth trend. For them, this cyber security event will boost revenue in the short term and lead to continuous maintenance income, becoming a long-term source of income for the industry. Among them, ACSI (6690. TWO), the most prominent domestic cyber security monitoring center, has seen the most revenue growth from 2020 to 2022, with revenue in 2022 almost doubling that of 2021. As its biggest customer, the Taiwan government, was attacked numerously by international hackers in 2022, the government expanded its expenditure on security protection, thus boosting ASCI revenue.

Applied Software Provider- 20.45%

The Applied Software Provider mainly distributes foreign software or provides its own software to downstream system integrators. The software includes cloud, cybersecurity, and information-related software. A few companies also offer software and installation services to end consumers.

In 2021, the Applied Software Provider showed a growth trend in revenue, mainly since companies adopted work-from-home policies and purchased a large amount of cloud protection software. However, as work-from-home incentives disappeared, companies reduced the purchase of cloud software. Instead, they turned to purchasing office protection software, resulting in a slight decline in revenue for Zero One Tech (3029. TW), whose primary clients are large companies. On the other hand, for Galaxy Software Services (6752. TWO), whose primary clients are financial institutions, revenue showed a growth trend in 2022 due to an increasing frequency of hacker intrusions into banks and online transactions, which has led to a greater emphasis on cybersecurity issues in the financial industry.

Industrial PC, Modem, Telecom and IDC- 11.23%

Manufacturers of industrial PC and modems provide related information equipment to system integrators or end customers, including network security and servers. Telecommunications and IDC also play a mid-to-down-stream role, integrating upstream software and equipment and providing cloud platform services to end users.

The revenue of the three components all showed signs of growth in 2022. The main reason is that industries returned to pre-pandemic living patterns in 2022, coupled with the frequent occurrence of cybersecurity incidents, which led to a significant increase in demand for office cybersecurity equipment. However, since the demand for cybersecurity equipment is primarily short-term, there will only be periodic maintenance or replacement of new equipment in the long run.


Now, it has become mandatory for listed companies to have a dedicated CSIO and offer cybersecurity education and training courses. In addition, partnerships between companies and third-party cybersecurity firms can enhance firewall capabilities as well as continuously update defenses, allowing companies to be better prepared against ever-changing cyber-attacks.

To sum up, short-term revenue is expected to grow apparently for all the cybersecurity industry sectors; moreover, companies in specific sectors can also secure long-term revenue by signing maintenance contracts or providing subscription services. As a result, it’s without a doubt cybersecurity issues have led to the new prosperity of the cybersecurity industry.

TESG Sustainable Dataset offers all the necessary ESG information, including events regarding cybersecurity! Please refer to the link below to see why ESG matters and what our dataset provides …

Read More:

About us

⭐️ TEJ Website
⭐️ LinkedIn

✉️ E-mail: finasia@tej.com.tw
☎️ Phone: 02–87681088