Recently, as cyber attacks have become more frequent, the importance of security has increased; however, the domestic security industry has not been able to rise above a small-scale level. While overseas security corporations are expanding through aggressive mergers and acquisitions, the domestic security industry struggles with a lack of talent and funding, making it difficult to achieve annual sales of 200 billion won.
Security has become a necessity rather than an option in the age of artificial intelligence (AI), and the industry argues that there is a need for policies to enhance the competitiveness of the security industry. However, this year the government's budget for security-related matters has decreased, and the presence of security policies in the major presidential candidates' pledges is minimal, highlighting serious concerns about the government's and political circles' 'security apathy.'
According to the security industry on the 27th, among the major domestic security corporations, only AhnLab (260.6 billion won) exceeded annual sales of 200 billion won last year. WINS reported 101.5 billion won, SecuOne, a subsidiary of Samsung Group, 151.7 billion won, ESTsoft, 102.8 billion won, and IGLOO Corporation, 111.2 billion won, all recording sales in the 100 billion won range.
Additionally, Raonsecure (62.4 billion won), Genians (49.6 billion won), and Fasoo (46.1 billion won) remain at around 50 billion won in annual sales.
This contrasts with the fact that global cybersecurity corporations, such as Palo Alto Networks, Fortinet, and Okta, are making substantial revenues in the trillions. Palo Alto Networks, the largest cybersecurity company in the world headquartered in the U.S., reported a sales figure of $8 billion (about 10.9 trillion won) last year, marking a 16% growth compared to the previous year. Fortinet also saw a 12.3% increase in sales during the same period, totaling $5.96 billion (about 8.13 trillion won).
The industry expects that the demand for security solutions will increase following the recent hacking incident involving SK Telecom; however, it argues that for the domestic security industry to grow to compete in international markets, there needs to be active government support and a societal recognition of security as an investment rather than an expense.
Big tech corporations are expanding their security investments, recognizing that data center and cloud security will become increasingly important in the era of AI. Alphabet, Google's parent company, acquired the cybersecurity startup Wiz for $3.2 billion (about 46 trillion won) last March. This is considered the largest merger and acquisition in the company's history.
The leading security companies are also engaged in 'expansion through mergers and acquisitions.' Palo Alto Networks acquired the American AI security firm ProtectAI for approximately $500 million, and Fortinet recently bought the Israeli software-as-a-service (SaaS) security startup Suridata this month. Fortinet has been accelerating its mergers and acquisitions, having acquired three security companies last year.
According to PitchBook, a global market research firm, there were a total of 46 mergers and acquisitions in the U.S. security industry in the first quarter, a 31.4% increase from a year ago (35 cases).
In contrast, domestic corporations are passive about security investments. According to the Korea Internet & Security Agency (KISA), the average information security investment amount of domestic corporations was only 2.9 billion won over the past three years. Only large corporations like Samsung Electronics and KT invested over 100 billion won in security.
Cisco Korea noted, 'Only 3% of domestic corporations have a 'mature' state of security readiness.'
Security awareness remains low. According to the '2024 cyber security workforce supply and demand survey' conducted by the Korea Information Security Industry Association (KISIA), only 8.7% of the responding corporations stated that they need cybersecurity personnel. Among the 79,509 cybersecurity personnel in domestic corporations, 63.6% were engaged in additional jobs, and more than half of them earned less than 50 million won annually.
Experts argue that for the domestic security industry to grow in the current poor reality of private sector security awareness and treatment, there must be institutional support from the government. However, this year, the government's budget for cyber threat research and development (R&D) is 104.9 billion won, an 8% decrease from the previous year.
In the key pledges of major presidential candidates, security policies are either absent or sidelined. Only Kim Moon-soo, a candidate from the People Power Party, included cybersecurity-related policies among the top 10 pledges, but this is only part of the broader commitment to strengthen 'North Korean nuclear deterrence.'
Cho Young-cheol, the chairman of KISIA, stated, 'Presidential candidates have promised to invest 100 trillion won to achieve the goal of becoming an 'AI powerhouse,' but an AI powerhouse without supporting security cannot exist.' He emphasized the need to elevate the information security industry to a national strategic industry, advocating for allocating 10 trillion won to information security R&D, which is 10% of the total AI investment budget, while also pursuing strategies to activate mergers and acquisitions, including the establishment of large-scale funds to ensure the sustainable growth of the domestic industry.