China is working on a plan to boost its cybersecurity industry as the country grows more concerned about the safety of its data in response to increasing global tension and rising calls for better individual protections.
The country’s Ministry of Industry and Information Technology (MIIT) released the draft of its most detailed strategy yet for the development of China’s cybersecurity industry on Monday for public comment, mandating that key industries such as telecommunications devote 10 per cent of their IT upgrade budget to cybersecurity by 2023.
“China has been building – almost from scratch – legal mechanisms in the cybersecurity space since 2017 and is now in the late phase of their inception,” said Ivan Platonov, an analyst at EqualOcean. “With the Data Security Law becoming effective in September, it‘s crucial to develop a broad strategy that will nudge the country’s enterprises to increase their spending on data security.”
Do you have questions about the biggest topics and trends from around the world? Get the answers with SCMP Knowledge, our new platform of curated content with explainers, FAQs, analyses and infographics brought to you by our award-winning team.
By supporting the development of, and boosting demand for, products and technology like data security monitoring and AI threat detection, the ministry expects the sector to be worth more than 250 billion yuan (US$38.6 billion/HK$299.73 billion) by 2023.
Cybersecurity threats have made headlines around the world as the Covid-19 pandemic forced everyone online, allowing hackers to leverage the technology supply chain as a point of entry to conduct attacks like those on Kaseya, Colonial Pipeline, SolarWinds and FireEye, according to Kenn Yee, a policy analyst at Access Partnership.
“Regulators are scrambling to protect their critical assets by raising cybersecurity protections as a whole throughout their digital ecosystem. China’s three-year cybersecurity plan is such an effort,” said Yee.
Cybersecurity is becoming synonymous with national security and state sovereignty, according to Yee, with both China and the US pouring effort into the field.
“China’s three-year cybersecurity plan is also China’s cyber defence plan, which aims to harden China’s digital assets in its push for a resilient digital economy,” he said.
Ride-hailing giant Didi Chuxing was the target of a cybersecurity review only two days after its mega New York IPO in late June with its app taken down from app stores. Three more online services have been put under review over data security risks and national security by the Cyberspace Administration of China (CAC).
Regulators have also been working on strengthening consumer data protection including punishing apps that collect too much data after rampant data leaks in the country exposed the information of millions of online users.
At the same time, the country has been plugging holes in its legal framework governing data with a new Data Security Law, set to come into effect in September, and the draft Personal Information Protection Law (PIPL).
Last year, the MIIT said that China’s cybersecurity industry reached 170 billion yuan ($25.8 billion) in 2020. The global cybersecurity market is projected to grow from US$217.9 billion in 2021 to US$345.4 billion by 2026, according to figures from Research and Markets, with the highest growth expected in the Asia-Pacific region.
“To date, China accounts for only around 1 per cent of the global cybersecurity service expenditure,” said EqualOcean’s Platonov. “With the cloud/SaaS industry rapidly growing, [investment in cybersecurity] is getting essential.”
More from South China Morning Post: