Asia Pacific (APAC) Cyber Security Solutions Market Landscape

In the Asia–Pacific, the digital economy is rapidly becoming a larger percentage of national and regional GDP. As digital infrastructures expand their reach, often enabled by internet-connected mobile devices, new services are being made accessible to more people. Since the emergence of the internet, the Asia–Pacific has had a fundamental change in its financial evolution from one of the more economically immature regions of the world to one of the most dynamic international markets, in which almost every country is working to leverage the market opportunities presented by the online world. Growing adoption of digital technologies is increasing the number of high profile cyber attacks for past years in the region.

Cybercrime comes in a variety of forms ranging from denial of service attacks on websites through to theft, blackmail, extortion, manipulation, and destruction. The tools are many and varied, and can include malware, ransomware, spyware, social engineering, and even alterations to physical devices (for example, ATM skimmers). In 2016, Asia-Pacific (APAC) region came across maximum number of cyber attacks and over 25% of ransomware attacks were commenced.

Image for post
Image for post

This growing cyber risk is raising awareness and requirement to mitigate cyber threats in Asia-Pacific region. The APAC region is spending high costs on improving the cyber security solutions. According to Goldstein Research, a leading market intelligence & consulting firm, Asia Pacific (APAC) cyber security market estimated at USD 15.92 billion in 2016, which is anticipated to reach USD 48.7 billion by 2024, growing at a CAGR of 15.0% through 2024.

Asia–Pacific governments are increasingly engaging with cyber policy issues as the threats and opportunities in cyberspace are better understood by regional policymakers. However, the quality of policy development and implementation remains uneven, and many states have achieved minimal or poor-quality outcomes. Honglong, Singapore, Thailand, China, Vietnam and Indonesia have passed new legislation relating to cyber issues, particularly cybercrime, during the past year.

Image for post
Image for post

Asia Pacific Cyber Security Market Landscape


Legal Foundations: China does not currently have a national cyber-security strategy in place, although several government policies include advice on cyber-security. There is no one specific law that focuses on cyber-security in China, but there are many provisions under different laws that cover cyber-security, such as the State Secrets Law 2010.

Education: Creating a culture of cyber-security awareness through a series of promotional activities and education initiatives is one objective of the Indian National Cyber Security Policy 2013, which also includes a commitment to a comprehensive national awareness raising campaign on cyber-security

Additional Cyber law Indicators: China imposes a range of legal and policy restrictions on cyber-security service providers.


Legal Foundations: Singapore adopted a five-year National Cyber Security Master plan in 2013, and also is continuing to develop its critical infrastructure protection regime. Singapore has some broad legal infrastructure in place for cyber-security. The new Singapore Cyber-security Agency will begin operations in April 2015.

Education: The National Cyber Security Master Plan 2018, published in 2013, includes a strong commitment to cyber-security education.

Additional Cyber law Indicators: Singapore avoids undue legal and regulatory restrictions on cyber-security service providers.

South Korea

Legal Foundations: South Korea takes a national security and defense-focused approach to cyber-security. As such, the country’s Cyber Security Master Plan, issued in 2011, is more a cyber-defense strategy than a cyber-security strategy. There are some minor gaps in their legal framework.

Education: The Korea Information Security Agency is responsible for promoting the responsible use of the internet among users, and the agency conducts a range of online and broadcast awareness-raising campaigns

Additional Cyber law Indicators: South Korea places certain undue restrictions on cyber-security service providers, including Korea-specific testing rules.


Legal Foundations: Japan’s Cyber-security Strategy, adopted in 2013, is a comprehensive document that identifies not only proposed measures, but also address the roles of various stakeholders with regard to Japanese cyber-security. The legal framework supporting cyber-security is one of the strongest in the region, following the recent passage of the Basic Law on Cyber-security 2014. Japan also passed a new state secrets law in December 2013 that imposes much stronger security practices on the handling of sensitive information and stronger penalties in cases of unauthorized access.

Operational Entities: The operational entities in Japan that relate to cyber-security are all mature. The national cert, JCERT/CC, was established in 1996 and maintains a strong web presence. The Cyber Security Strategy Headquarters has also been established under the Basic Law on Cyber-security 2014

Public-Private Partnerships: Japan has a mature public-private partnership structure for cyber-security, including J-CSIP, whose members include representatives from government and private entities involved with critical national infrastructure.


Legal Foundations: Australia’s national cyber-security strategy was adopted in 2009 and is currently under review. While Australia has a strong legal framework for information classification, it enacts its information security through guidelines and similar policy documents as opposed to acts of Parliament, and there is no dedicated information security act or classified information act.

Education: Australia has a comprehensive cyber-security education strategy in place for all age groups, and has heavily invested in education materials and initiatives.

Additional Cyber law Indicators: Australia is largely free of country-specific restrictions on technology providers (e.g., mandatory technology requirements, local testing requirements, and requirements for the sharing of source code), but some restrictions and burdens do exist in the procurement space


Legal Foundations: India’s National Cyber Security Policy was adopted in 2013. It is a detailed plan that includes both high-level principles and targeted objectives and proposals. However, the plan has not been fully implemented and the legal framework supporting cyber-security remains weak.

Education: Creating a culture of cyber-security awareness through a series of promotional activities and education initiatives is one objective of the Indian National Cyber Security Policy 2013, which also includes a commitment to a comprehensive national awareness raising campaign on cyber-security.

Additional Cyber law Indicators: India has avoided several legal and policy burdens on cybersecurity providers, but it continue to impose local testing requirements in addition to international testing regimes.

This is an edited extract from “Asia Pacific Cyber Security Solutions Market Outlook, 2024” a study undertaken by Goldstein Research. The study was conducted using an objective combination of primary and secondary information including inputs from key participants in the industry. A systematic approach in order to estimate and project the market sizing has been followed keeping in mind all the on-going and upcoming trends of the market. For more information, visit

Written by

Goldstein Market Intelligence helping businesses to be successful at strategy and take informed decisions to grow the business in future.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store