Small but mighty
Cybersecurity was a comparably small segment in China, but its relevance was significant. The software industry generated an annual revenue of almost 11 trillion yuan, with cybersecurity accounting for only around 140 billion yuan. Despite its size, however, the industry played a crucial role in every aspect of the country, since the costs of cybercrime exceeded one trillion yuan per year. Moreover, the forecasts suggested that they would increase exponentially in the upcoming years.As a response to the increasing threats from the cyberspace, the Chinese government enacted several pieces of legislation. Within the state apparatus, the Ministry of Industry and Information Technology (MIIT), the People’s Bank of China, the Cyberspace Administration, and the Ministry of Public Security are responsible for overseeing the digital space. As a regulatory framework, policymakers in Beijing introduced legislation, including the Data Security Law, the Cybersecurity Law, and the Personal Information Protection Law, which clearly illustrated the government’s awareness of the issue.
The fog of digital war
China finds itself in a precarious situation in the global cyberspace. On the one hand, adversaries accuse the country of state-sanctioned hacking that target other countries' infrastructure as well as companies. On the other hand, Chinese companies and individuals are vulnerable to the same threat as everyone else. Many crimes were committed by domestic criminals, often from the safety of being in Myanmar, Cambodia, and Saudi Arabia. However, foreign threats are also present. For instance, in November 2023, one of China’s biggest banks, ICBC, became the victim of a ransomware attack by the cyber gang Lockbit.In cyberspace, the borders of nation-states and associations of crime groups become blurry. The fact remains that cybercrime is not going to lose relevance. On the contrary, its costs and risks are only going to increase. For Chinese companies and individuals, it means propping up their digital defenses. However, from the perspective of companies in the industry, it’s good for business. As regulations tighten and awareness grows, the country has to rely on the cybersecurity industry to provide security in the form of services, solutions, and hardware.