Information security (Russian market)

Russia's policy in the field of international cybersecurity

Main article: Russia's policy in the field of international cybersecurity

Market segments

Information Security Hardware Market

Main Article: Information Security Equipment (Russian Market)

Information Security Software Market

Main article: software for information protection (Russian market)

Security Analysis Services (Russian Market)

Main article: Security analysis services (Russian market)

The largest information security companies in Russia

Main article: The largest information security companies in Russia

Trends in the Russian information security market

Main article: Trends in the Russian information security market

2023

The information security market in Russia will grow by 40%

Innostage predicts the growth of the information security market in Russia in 2023 by 40%. Its volume will reach 297 billion rubles and will be significantly more than in 2022 (then, according to TAdviser estimates, it amounted to 212 billion rubles). Innostage announced this on December 27, 2023.

Innostage analysts highlighted 6 key trends that influenced the development of the cybersecurity market.

Trend 1. More and more threats to CII

Innostage estimates that attackers have begun to pay closer attention to critical information infrastructure (CII) not only in the public but also in the commercial sector. Both the number and intensity of attacks on KII objects have significantly increased.

Trend 2. Attacks change qualitatively

In 2023, much more complex cyber attack schemes were recorded: sometimes organizations were attacked by organized hacker groups. Their actions were carefully planned, and the technique was almost flawless. At the same time, many hackers have learned to exploit vulnerabilities that, at first glance, do not pose a threat to the security of the IT infrastructure. Therefore, even small businesses began to urgently build protection for the IT perimeter. Companies in other segments have increased their demand for availability, resiliency, and IT continuity.

Trend 3. Import substitution of protective equipment is accelerated

On the one hand, this was led by the creation of new domestic solutions for information security and the expansion of functionality and integration opportunities among those already on the market. On the other hand, the emergence of new service companies engaged in the implementation and maintenance of protective equipment.

Trend 4. Legislative initiatives rule the ball in information security

In 2023, several regulatory legal acts appeared at once, increasing the responsibility of companies for ensuring information security and imposing requirements for the transition of CII entities to Russian IT solutions and means of protection. No less important result of 2023 was the awareness of information security market participants of the need to create unified principles for designing information security architecture.

The rapid pace of technology development requires not only constant updating of knowledge and skills, but also new approaches to ensuring information security. Many companies, including Innostage, are actively working to develop specific approaches to cyber resilience. Their joint efforts in the near future may lead to the creation of a technique that can cope with most cyber threats. This will be an important step towards a safe digital future for all of us, "said Evgeny Fedorov, head of the Innostage product department.

Trend 5. Big Players Combine Products into Ecosystems

So manufacturers, initially focused on the segment of firewall and/or cryptographic protection of communication channels, begin to enrich their solutions with the functionality of protecting workstations, elements of SIEM systems, WAF and some others. In turn, manufacturers with deep expertise in the field of network security - WAF, SIEM, DDoS, but without solutions in the field of NGFW, follow the path of their creation.

Network protection remains popular, but will receive the main growth in 2024. Various services and services in the field of information security were also in high demand. We expect that the security of data and applications will maintain its growth rate both in 2024 and in subsequent years. Most Russian companies are guided by Presidential Decree No. 250, so we are focused on building infrastructure management and protection systems, including the CII segment. We expect an increase in demand for import-substituting solutions of the server infrastructure, solutions for building data centers, as well as more active work on the formation of plans at KII facilities for the transition to trusted software and hardware complexes (PAC), - said Evgeny Fedorov.

Trend 6. Bagbounty programs are becoming massive

They not only became more widespread among businesses, but also began to arouse interest among the public sector, as they allow in real conditions to check the security of the IT infrastructure and take measures that exclude the possibility of implementing unacceptable events. The rapidly growing interest in bagbounty is caused by the need for businesses to check security systems in real conditions by people thinking like real hackers. Innostage experts note that the growth in demand for bagbounty in 2024 will depend on the development of the regulatory framework - in particular, on the legalization of the activities of "white" (ethical) hackers.

Summed up the results of the year of the information security market in Russia

The company Ideco on November 21, 2023 summed up the results of the changes in the market in the year information security. Every Russia year there Russia are more and more thefts from data the databases of companies: in the first quarter of 2023 alone, about 40 large-scale ones have already been noted. leaks of personal information Among the largest information abductions this year were (52.5 bonus program "Sberbank" million accounting pages), "" (46 Sportmaster million accounting pages) and (8.9 pharmacies "Zdravsiti" million accounting pages).

Director of Ideco Dmitry Khomutov spoke about the difficulties faced by the IT industry. According to him, the most important problem of 2023 was the increase in theft of personal information. In the first half of 2023 alone, the number of cyber attacks against domestic enterprises amounted to more than 85,000 precedents, comparing with the indicators of the same period in 2022 - 50,000 cases. This trend has greatly changed the lives of both large companies and small and medium-sized enterprises, forcing the introduction of current technologies to protect against hackers.

Due to the increase in demand for advanced information security solutions, at the end of 2022, the information security market was expected to increase to 17-18%. But in 2023, more than 90% the Russian of organizations introduced technologies to identify Internet threats, which increased the market size cyber security to 24%. The trend is expected to continue into 2024.

Due to the large number of fraudulent attacks, the departure of Western companies, the lack of information security specialists, the cybersecurity market in Russia has greatly rebuilt in 2023. First of all, we are talking about a complete transition to domestic software. According to the Decree, from January 1, 2025, Russian companies are prohibited from using foreign software at critical information infrastructure facilities. Each organization is obliged to switch to Russian software.

Switching to fully domestic software can be a difficult step for the company. In particular, due to its cost: Russian software has increased in price by 50% over the past year. Not every company is ready to allocate sufficient financial and technical resources to ensure a reliable information security system. But in general, the cost of Russian solutions is lower than foreign analogues that have left the market. The main difficulty lies in the insufficient compliance of domestic software with the requirements and objectives of the company. Organizations are forced to build infrastructure, use more solutions, therefore, the burden on the maintenance and maintenance of this infrastructure increases.

Only 3.5% of employees fully meet modern requirements (skills with Linux, cloud security, etc.). There are 2.8 million cybersecurity employees in the world, but another 4.07 million are missing. The level of personnel support in the field of information security is recognized as insufficient. This is also due to the relocation: over the past 2 years, more than 100,000 IT specialists have left Russia. In this regard, universities and educational institutions took care of the training of information security professionals. For example, there are courses that increase knowledge about modern Russian solutions, some vendors support student education, providing their products for free, other suppliers even create their own schools.

Due to the lack of responsible cybersecurity officials in organizations, domestic companies often face problems in the field of protecting customers' personal data. In 2023, the number of attacks on Russian information systems increased by 65%. Such a boom is also associated with the introduction of new provisions of the Personal Data Act related to the tightening of fines for companies. The maximum fine for leakage of personal information for legal entities is 500 thousand rubles.

The main difficulty for companies is invariably the rapid development and modernization of cyber threats. The number of attacks rose to ~ 2,507 per week, a 15% increase compared to the first quarter of 2022. Every day in the first quarter of 2023 alone, every 31 organizations in the world were subjected to cyber threats from scammers. Hackers are constantly looking for new "loopholes" and complicating their attacks, so companies need to regularly update their security systems to the latest version.

Information security market in Russia in 2022-2023: current estimates and prospects

The information security market is key to preserving technological sovereignty. In the context of the digitalization of the economy and industry, it is information security that allows you to maintain control over digital assets and prevent their destruction by external forces. At the same time, until 2022, Russia had a fairly large share of foreign solutions that set a certain bar for Russian manufacturers. Nevertheless, until 2022, the process of import substitution of solutions in the field of information security was not very fast.

Actually, the adoption of federal law No. 187-FZ "On the safety of CII" and the acts adopted for its implementation at one time has already become the regulatory framework for the import substitution process in information security. Those enterprises that belong to KII have long been engaged in both building a protection system on domestic products and creating information security services. For them, the events of last year in cyberspace did not come as a surprise. They "just" had to move the implementation time to the left.

Information Security Market 2022: Trend Reversal

The year 2022 was quite eventful. The bulk of the problems happened in the first half of the year, when foreign devices were turned off to protect the perimeter of organizations and filter DDoS traffic. Companies had to switch to domestic solutions and services for outsourcing the protection of corporate information systems in an emergency manner. Fortunately, the decisions made by the Russian departments responsible for security made it possible to form a domestic set of solutions and a service for coordinating efforts that were able to repel the most massive DDoS attacks.

In the fall, the situation changed - instead of mass attacks, targeted ones began. As a result, personal data from various information systems of domestic companies flowed. These leaks began to consolidate on the black market and are actively used in fraudulent activities.

BI.ZONE Product and Technology Director Muslim Mejlumov:

It was necessary: to quickly look for a replacement for the departed foreign players from among the domestic ones; apply measures that will give practical results in the field of protection here and now; Look for new cybersecurity approaches and solutions under the changing IT technology stack as IT developers move away; look for creative approaches to installing IT zoo updates. It is also worth adding here a significant increase in the cost (at least by 30%) of services and solutions due to the increase in salaries of specialists, complicated logistics and exchange rate differences.

Security Vision CEO Ruslan Rakhmetov:

The previous 2022 passed, no doubt, under the influence of geopolitical shocks and their consequences: a wave of mass cyber attacks, the departure of Western vendors, emergency import substitution became factors determining the long-term trajectory of information security in the country. Each of these factors, even individually, is essential, and their combination is, without a doubt, an extraordinary challenge that no state in the world has previously faced. At the same time, these factors mutually strengthened each other's negative influence: against the background of a multiply increased level of cyber threats, including from organized groups of hacktivists and pro-government hacker teams, the products of Western companies either ceased to be updated, or generally turned into a "brick" after the remote shutdown of functionality. At the same time, as they say, there is no hood without good: at the highest level, issues of ensuring digital sovereignty and a complete transition to domestic software and protective equipment were raised, and Presidential Decrees No. 166 and No. 250 were signed to create a regulatory framework for the implementation of these initiatives.

iTPROTECT Technical Director Maxim Golovlev:

Digitalization, being a global trend, has not disappeared anywhere, and continues to increase its pace, but sanctions and the departure of foreign vendors greatly complicated it, demanding serious measures to adapt and import substitution. Many companies had to revise corporate standards in the field of information security and adapt to global changes, both in their field and in the economy as a whole. They also required processing taking into account new realities and trends, road maps for projects, especially long-term ones, many of which were scheduled for 3-5 years. Many of them had to be rewritten under analogues, which do not always fully support the functionality inherent in foreign solutions.

Elena Rukhlova, leading analyst at Informzaschita: {{quote 'The year was dramatic but successful. The market rose about 10-15%. Market Growth Drivers
:

• growth in demand for information security services due to an increase in the number of cyber attacks
• occupation by Russian vendors of niches vacated after the departure of foreign vendors
• activity of regulators:

   • Presidential Decree No. 166
:       · Since March 31, 2022, customers are prohibited from purchasing foreign software under No. 223-FZ for CII facilities without the consent of authorized executive authorities
.       · From January 1, 2025, no government bodies and customers working under No. 223-FZ will be able to use foreign software at
CII facilities
   • Presidential Decree No. 250
:       · the responsibility of the first persons of organizations for ensuring their information security is introduced
   • Amendments to the 152-FZ On Personal Data.}}

Development Director of Webmonitorex Ekaterina Starostina:

2022 was an important period for the information security (IS) market. Several factors had the greatest impact on this market: Cybersecurity threats: In 2022, there was an increase in the complexity and scale of cyber threats. Cybercriminals began to use new and improved attack methods. The speed of the transition from zero-day detection to Proof-Of-Concept (PoC) formation has increased, supply chain attacks have become even more common, and social engineering techniques have become even more sophisticated. All this stimulated an increase in demand for information security solutions, as attacks on the infrastructure of the Russian Federation grew colossal due to high international pressure. Social factors: In 2022, public attention to information security issues increased significantly. Data leaks and cyber espionage attracted great attention from society and the media, which aroused increased interest in information security solutions in Russia and increased demand for domestic products. In general, the information security market continues to grow and develop under the influence of various factors related to cyber threats, regulation, technological innovations and social trends. It is important to note that these factors will have a further effect on the information security market in the future.

Deputy General Director of the Garda Group of Companies Rustem Khayretdinov:

The demand for protection against DDoS attacks and WAF, connection to SOC has grown. But, since demand was high, fast-moving cloud solutions were mainly bought, which did not give significant growth in money compared to on-site solutions. There was an increase in demand for cybersecurity services - investigations, recovery from attacks, associated mainly with a shortage of personnel.

Assessment of the volume and dynamics of the information security market in 2022

Most information security companies showed significant revenue growth. There are even entire segments that did not exist in Russia until 2022, and then they appeared. For example, these are Bug Bounty platforms - last year three platforms appeared at once, which picked up customers of foreign Bug Bounty platforms, which foreign customers refused to work with. In general, the market turned out to be a superpose of two trends: the departure of foreign developers from the market, which accounted for a significant number of sales, and active import substitution by domestic developers. The volume of the market for foreign developers was, according to various estimates, up to 80 billion rubles, and we lost it, but this niche was partially occupied by domestic developers - the budgets of large companies were already drawn up to foreign solutions, but last year they were spent on Russian solutions.

Analyzing the Russian information security market for 2022, TAdviser revised the methodology for its assessment. The list of companies whose indicators were investigated by analysts was also significantly expanded. The data of more than 150 Russian vendors and integrators developing information security products and providing relevant services were considered.

According to the results of the study, TAdviser estimated the volume of the Russian information security market for 2022 at 212 billion rubles, while the market dynamics amounted to about 10%. The market growth could have been greater, given the significant increase in revenue from many domestic information security companies, but the overall dynamics was influenced by the withdrawal of foreign players from the market. According to analysts at TAdviser, 2023 for the Russian information security market may end with an increase of 15-20%. In this case, the market volume will reach 244-254 billion rubles.

Director of the Information Security Department of Softline Group of companies Dmitry Vasiliev:

In 2022, the information security market showed positive dynamics, reaching, according to analysts of the consulting company B1 (ex. EY), more than 9% growth. In my opinion, the main factors that contributed to this growth were software and hardware, which played an important role in ensuring the safety of companies. In addition, the demand for information security services has also grown

Security Vision CEO Ruslan Rakhmetov:

According to our estimates, the information security market grew in 2022 by 20-25%, taking into account products and services. Product areas such as DDoS protection systems, SIEM solutions, vulnerability management systems, firewalls and intrusion prevention systems (IPS), cyber incident response automation platforms (SOAR) showed good dynamics. In terms of services, the supply of commercial SOC centers and MSS providers was in particular demand - it was they who became literally the only solution to the problem of quickly increasing the level of cyber security at reasonable costs.

iTPROTECT Technical Director Maxim Golovlev:

Most information security companies show approximately twofold revenue growth in their reports. Despite the impact of sanctions, a constant increase in the number of attacks and other factors, the positive trend continues. There are no factors that could greatly slow down or stop this, since digitalization leads to an increase in the number of vulnerabilities and threats. Also, the role is played by new laws and requirements of regulators, for example, Decree of the President of the Russian Federation No. 250, for the implementation of which a large amount of work is to be carried out to transfer organizations to Russian information security solutions.

Deputy General Director of the Garda Group of Companies Rustem Khayretdinov

The need for protection from corporate customers did not grow in 2022, since most of them were more engaged in import substitution of digital systems, redirecting cash flows not to their development, but to repeat the processes already implemented on Russian platforms. Thus, the objects of protection over the past year no longer became. According to our estimates, the information security market has not grown at least - Russian manufacturers last year failed to completely replace the offer of departed foreign users, so many customers continue to use the previously purchased funds without official support. Of the "left" by foreigners, 80 billion rubles over the past year by Russian producers were well spent, if half. At the same time, almost all Russian manufacturers grew multiples.

The situation on the information security market in 2023

Market participants feel only positive dynamics of market development in 2023. Although the rush demand for the transition to domestic products has ended, nevertheless, hacker activity is not decreasing, but is moving into other forms - more hidden, but also more dangerous for companies. From simple DDoS attacks and ransomware to spy companies with theft of valuable data and sale of details for access to corporate infrastructure. As a result, budgets allocated for information security have not decreased, and in most cases even increased. Now the company's information security budget can be about 7% of the IT budget.

Head of the Information Security Department of IVK JSC Igor Korchagin:

The information security market continues to gain momentum, and the dynamics of its growth remains. It is important to note that the following circumstances played a key role here: 1. Increased attention of the top leadership of the state to import substitution and the development of technological independence in the domestic IT industry, including in terms of information security. 2. Development FSTEC Russia , together with the expert community, of new information security requirements for highly demanded solutions in the field of containerization, for and virtualizations DBMS multifunctional firewalls. 3. Increase in the number of successful attacks on IT infrastructures of public and commercial organizations.

CEO of SayberOK Sergey Gordeichik:

If in 2022 there were still some illusions that everything could become "as before," then 2023 unequivocally showed that it was necessary to switch to new rails and build its cybersecurity without looking at Western vendors. This forced the main customers, large corporate customers, to revise long-term investment programs and begin close work with Russian developers to replace and develop existing solutions.

iTPROTECT Technical Director Maxim Golovlev:

Market growth continues, albeit not at such an explosive pace as in 2022. At the moment, the market is expected to add another 30% of the volume. New products, new Russian information security solutions appear, and many customers have revised their approaches to protecting their systems. This allows you to focus on longer-term projects and solutions, without the rush inherent in 2022, when the main task was to close all vulnerabilities left by foreign information security solutions that have lost functionality.

Head of Technical Expertise Department of Information Security MONT Igor Zaytsev:

As before, the main types of threats are attacks on the external perimeter of organizations, DDoS attacks, attacks on web services, the use of ransomware, ransomware. Only the area of ​ ​ attacks is growing, their complexity and, of course, the number. The risk of confidential information leaks, including personal data, has increased. The goal of the attackers is financial and reputational damage to the business.

Further prospects

The prospects for 2024 and 2025 for the information security market are determined by the requirement of the May Day Decree of the President of the Russian Federation No. 250, where a strict requirement has been established for the subjects of KII until January 1, 2025 to abandon the use of foreign software to protect their infrastructure. Therefore, import substitution of information security solutions will continue next year, and, most likely, in 2025, when the first checks and punishments for non-compliance with the requirements of this decree will go.

Moreover, by this time, the entire landscape of information systems of Russian companies may change greatly. The fact is that the optimal way to import substitution of all applications is to move to cloud and container environments where web applications will work. Such an application architecture can work both on foreign operating systems and on domestic, and the most diverse processor architecture. That is why the DevSecOps pipeline will become the main environment for enterprise applications, where security will be given an important place to check these applications for vulnerabilities. Moreover, container technologies and cloud services allow you to use both artificial intelligence technologies and many others: the Internet of Things, mobile devices, remote work, etc. All this will have to be protected, which will ensure the growth of the information security market.

Director of the Information Security Department of Softline Group of companies Dmitry Vasiliev: {{quote 'On the horizon until 2027, B1 analysts predict a 10% CAGR of the cybersecurity market. Experts argue that the information security services and solutions market will be one of the most dynamic IT markets. At the same time, Russian manufacturers have additional growth potential due to the replacement of the share of international vendors that have left the market. The strongest growth driver, according to the B1 analytical report, for the information security market will be the growth of regulatory requirements for ensuring information security and import substitution of software and equipment in this area. In my opinion, a slight decrease in growth rates is still possible compared to current indicators. This can be caused by a lack of budget funds on the part of customers who may limit their investment resources.}}

Security Vision CEO Ruslan Rakhmetov:

In light of the objectively large number of tasks assigned to information security in the current situation, as well as taking into account the chronic shortage of specialists, the development of systems for deep automation of all processes of the information security management system in companies seems to be a promising direction: This includes classic management of assets, vulnerabilities, configurations, and verification of compliance with legal requirements, and the construction of reporting and visualization of the state of information security, and automation of more advanced processes, such as cyber intelligence data management, proactive search for cyber threats, management of cyber incident response processes, cyber training and pen tests. At the same time, now many major global technology companies rely on machine learning methods and artificial intelligence systems: the increasing use of these technologies contributes not only to a multiple increase in the speed of software development and increase its security, but also ensures much faster adoption of effective, informed decisions, including when managing cybersecurity.

Development Director of Webmonitorex Ekaterina Starostina:

There is also a possibility of continuing to tighten regulatory requirements in the field of information security. Companies will be required to comply with new legal norms and standards related to data security, personal data protection and cyber protection. This stimulates the growth of demand for information security solutions. Technological innovations: The development of new technologies such as artificial intelligence, machine learning and data analytics will continue to influence the information security market. Companies will increasingly use these technologies to detect and prevent attacks, analyze threats, and improve the effectiveness of security systems. Development of cloud technologies: Cloud technologies will remain an important trend in the information security market. Companies will increasingly use them.

CEO of SayberOK Sergey Gordeichik:

Russian companies are now investing widely in R&D and this will undoubtedly bring results in the future of two years. We observe and participate in the formation of a new trend - the beginning of collaborations and joint R&D activity. Obviously, there are many tasks, and all are few.

Elena Rukhlova, leading analyst at Informzaschita:

Most likely, the market will continue to grow at a rate of 10-15% per year. Foreign vendors will almost completely leave the market (perhaps a small share will be replaced by Chinese solutions). Recall that from January 1, 2025, authorities and many organizations will be prohibited from using SMTs from "unfriendly countries," and in the future from other states. The market will become more consolidated, vendors will continue to develop ecosystem products. As the migration of companies to the cloud grows, the need to protect cloud technologies will grow. Also more in demand will be solutions for the protection of virtualization systems. Drivers will be both the organic development of the cloud market and, most likely, the return to digitalization programs, which were suspended due to the events of 2022. We can expect an increase in the use of the information security service model: the tasks of protecting information security are becoming more complicated, personnel will still be lacking, while information security service providers will increasingly increase expertise

Conclusion

In general, it can be noted that the information security market is one of the most knowledge-intensive and high-tech, since it requires both knowledge of the architecture of modern IT solutions and unexpected methods of attacking them, which hackers use to penetrate the information systems of companies. At the same time, information security solutions, indeed, allow the country to protect its digital sovereignty - countries that do not have their own information security technologies, it will be difficult to protect themselves from modern cyber armies and conduct an adequate confrontation in cyberspace. The volume of this market is difficult to estimate in money - after all, in an amicable way, all import substitution is aimed at preserving the security of domestic information technologies.

Actually, the entire information security market is based on errors in the design of processors, applications, information systems, specific devices. Buffer overflows, SQL and PHP injections, XSS attacks and phishing were all the result of developing IT solutions without regard to information security requirements. In an amicable way, you need to move from finding and eliminating vulnerabilities in already working systems to ensuring the security of the systems being created, as is implemented in the DevSecOps pipeline and cyber-immune, that is, safe by default, solutions. To create such cyber systems that are safe from the point of view of information security, you need to use more modern and reliable technologies, and we, Russia, in the process of import substitution, have the opportunity to abandon the cargo of legacy technologies and use more reliable basic solutions in our work to build IT that will be protected from cyberattacks by default.

Go to Overview Home > > >

The number of cybersecurity startups in Russia has doubled

On July 10, 2023, it became known that the number of startups in the field of cybersecurity has sharply increased in Russia. In particular, from January to June 2023, their number jumped twice compared to the same period of the previous year.

In the formed geopolitical situation, the demand for domestic software has risen, since many foreign suppliers have left the Russian market. In addition, there is an increase in the number of attacks on Russian companies and state organizations. This leads to the need to implement additional IT security measures. Other factors also influence the market expansion, including the development of the IoT and cloud platform segments.

==

==

2022

==

==

==

The Russian information security market in 2022 grew at the level of 10-20%, led their assessment in Positive Technologies at a meeting with the press on January 12, 2023. Maxim Filippov, Director of Business Development of the company, clarified that this is a preliminary assessment made on the basis of communication with manufacturers of protective equipment, partners-integrators, distributors.

At the same time, at the beginning of 2022, the company thought that the market as a whole would fall by about 20%, because Western manufacturers of protective equipment left it, Filippov says.

One of the reasons for the growth of the information security market in the company is called an unprecedented number of attacks that the infrastructure of the Russian Federation faced in 2022. Almost all companies felt them on themselves, and incidents needed to be quickly responded to.

The answer to this challenge was a sharp increase in information security services in the market - they grew significantly due to the fact that customers began to turn to experts more often. At Positive Technologies itself, the direction of services has grown more than 2 times in monetary terms, Maxim Filippov cited the data.

In a conversation with TAdviser, the business development director of Positive Technologies also noted that in addition to services, products that are designed to solve specific problems associated with an increased number of attacks on infrastructure showed high growth. For example, sales of a firewall to protect sites from Positive Technologies itself have grown 3 times, and the same number of times - sales of an application code analyzer for vulnerabilities in them.

The second factor where the information security industry is also a beneficiary is the greater readiness of the industry for import substitution than in the IT industry. And some of the customers' budgets were reoriented from IT to security, because they were required promptly.

There is also a third factor that contributed to the growth of the information security market, according to Positive Technologies: this is what happened with regulation. The state began to demand a result from cybersecurity - the absence of hacks and leaks, and not just, for example, certification of objects.

In 2023, the information security market will finally take shape as the market of a domestic manufacturer. If in 2022 purchases of Western-made protective equipment were still possible, and some companies went on them deliberately, then in 2023 such a story will definitely not exist. The deadline of January 1, 2025, defined in the 250th presidential decree, from which critical organizations are prohibited from using information protection tools produced in unfriendly states or organizations under their jurisdiction, directly or indirectly controlled by them, or affiliated with them, is not far off.

Large customers have an understanding that it is necessary to replace import solutions on a national scale, despite the fact that this is due to difficulties in restructuring business processes and additional costs, said Maxim Filippov in a conversation with TAdviser. By the end of 2022, only a few of them are ready to continue to purchase foreign information security solutions on gray import schemes - through other countries, such as, for example, Kazakhstan or Armenia.

And in this clearing, a very interesting battle will unfold among Russian players - technological, commercial, believes Maxim Filippov. Because now, in fact, all major market players capable of carrying out high-tech developments in the field of cybersecurity have gone into these developments.

Against this background, Positive Technologies itself decided to develop the next generation firewall (NGFW), which it does for about six months. The first commercial version of this product is expected at the end of 2023. In this segment of the market there will be strong competition between large domestic players, the company expects.

Positive Technologies will summarize its results of the year in March-April. In this regard, Maxim Filippov has not yet announced the dynamics of revenue for the 4th quarter of 2023. In a conversation with TAdviser, he noted that the turnover of Russian players in 2022 grew faster than the information security market as a whole. According to the results of the 3rd quarter of 2022, Positive Technologies reported revenue dynamics of 171%, and for 9 months of 2022, the total growth of its sales volume was 88%.

The situation on the information security market in 2022 and the "hot" topics of 2023

The events of 2022 had a very serious impact on the Russian IT market. The information security market, as part of it, also felt all the "charms" of Western sanctions hysteria. However, as a TAdviser survey conducted in the summer of 2022 showed, most domestic information security experts are inclined to believe that, in general, the information security segment in Russia should benefit from this whole situation, at least in the short term.

From 2022, representatives of information security companies expect growth, and some experts - growth is very significant. First of all, they associate this with the acceleration of the trend of import substitution, due to the departure of foreign participants in the cybersecurity market. Other drivers include increased attention of the country's top leadership to information security issues, high-profile security incidents and possible tightening of responsibility for them.

According to TAdviser, market growth in 2022 may be about 20%. The key beneficiaries of this will be Russian developers of information security tools.

Ruslan Rakhmetov, General Director of Security Vision, expects that the market dynamics in 2022 will be no worse than in 2021, since well-known events have given a new pace to the processes of import substitution and ensuring technological sovereignty, and the massive departure of Western vendors has led all their former Russian clients to domestic information security players. As a result, import substitution from the regulatory requirement has become an urgent need, and the range of protection tools that require prompt replacement is extremely wide - from network devices and hardware security modules to SIEM systems and antiviruses.

At Security Vision, we are seeing an active growth in demand for our products, especially in terms of SOAR, TIP, SGRC class systems, including working with operational risks, due to the departure of Western products, says Ruslan Rakhmetov.

Dmitry Romanchenko, head of the Rubytech information security department, adds that after the departure of foreign vendors from Russia, all the strongest competitors have disappeared from domestic information security market players. Taking advantage of the situation, many significant Russian manufacturers of information security solutions have noticeably raised prices.

It is impossible to say unequivocally whether this trend is positive or negative, since until recently domestic information security developers were clearly underfunded. Now they have the opportunity to attract investments to develop their own products. By the way, the level of development here is so high and complex that today a limited number of Russian companies can produce flagship solutions. And the fact that the effective capacity of the market has recently increased sharply is a favorable trend for our country, the Rubytech expert is sure.

The fact that the replacement of foreign solutions in connection with the departure of large foreign vendors from the market is a long-term trend, says Maxim Golovlev, technical director of iTPROTECT. According to him, this trend will definitely not stop - there will almost certainly be tougher requirements from regulators, which will also move forward.

For example, certificates are gradually being revoked from foreign products, also due to the suspension of Microsoft sales - most vendors will transfer security tools to Linux. In addition, cyber attacks are still in active mode, perhaps some tougher responsibility will also appear for this. And finally, the digital government will continue to develop. And with it, the information security market, because new services and the connection of new participants require protection, says the iTPROTECT expert.

Significant market growth is predicted by Vitaly Masyutin, Deputy Head of the IBS Platformix Information Security Expertise Center. The company, in particular, records an increase in the number of requests for information security solutions.

At least, the attention of the country's top leadership to information security issues, a series of high-profile resonant security incidents, popularization and polarization of the activities of hacker groups were added to traditional drivers. According to our own research conducted in late May - early June 2022 among more than 200 IT managers, more than half (55%) of participants feel an increase in attention to information security from top management. The overwhelming majority (82%) noted a noticeable increase in the level of cyber threats and recognize the presence of vulnerabilities (77%) in their information infrastructures, says Vitaly Masyutin.

Angara Security CEO Sergey Sherstobitov also expects the information security market to grow. However, according to him, the money available to independent commercial integrators will not become more due to the redistribution of budgets and projects towards state and corporate insourchers.

Despite the fact that most experts expect an increase in the market volume, it is worth voicing negative factors that in the near future may to some extent slow down the development of this area. First of all, we are talking about a shortage of "iron."

The events of 2022 literally turned everything "upside down," mixed cards and changed priorities. The key factor affecting the market this year will certainly be increased sanctions pressure. It manifested itself in the departure of foreign manufacturers from the domestic market, and, as a result, in the need to replace not only protective equipment, applied systems, but also operating systems and hardware. Another consequence of the sanctions will be a lack of hardware, which, in turn, will affect not only the ability of customers to increase IT capacity, but also the manufacturers of hardware and software protection tools. Thus, I would venture to assume that the market will grow slightly by the end of 2022. However, as in the past 2021, there will be companies on the market that will be able to get the most out of the current situation and significantly increase revenue, but there will also be those who continue to lose momentum, - believes Alexander Bondarenko, CEO of R-Vision.

Rustem Khayretdinov, Growth Director of BI.ZONE, adds that many companies have stopped digital development - either optimizing what they are or replacing foreign IT components. According to him, the objects of protection will no longer become, so there is a possibility that the cybersecurity market will not grow, although Russian manufacturers will strengthen their presence by tens of percent at the expense of departed foreign manufacturers - their share is estimated at more than 50 billion rubles a year.

A scenario is possible in which the market will grow by 10 percent. To do this, the state, against the background of critical incidents and leaks, should begin to demand significant investments in cybersecurity from the owners of digital systems and actively invest in the security of state services, the BI.ZONE expert notes.

We also note a number of the most "hot" topics that will require the attention of information security specialists in 2023. In particular, this is a register of unacceptable cybersecurity events that should be created by the Ministry of Digital Development. It will contain information on the most critical threats to different industries and will allow cybersecurity managers to create their own sets of unacceptable scenarios.

Another relevant area is associated with the implementation of Presidential Decree No. 250 "On Additional Measures to Ensure Information Security of the Russian Federation." It is assumed that this document contributes to a change in the approach to maintaining cybersecurity at Russian backbone and strategic enterprises, entities CUES and government agencies. According to the decree, the powers to ensure information security should be assigned to the deputy head of the organization, thereby raising cybersecurity in the company to a completely different level. At the same time, company leaders will bear personal responsibility for information security.

Go to the Information System Security overview home page > > >

The FSB cybersecurity center revealed information security threats that arose after February 24

The National Coordination Center for Computer Incidents (NCCC), subordinate to the FSBN, analyzed the trends and key features of threats to the security of information in Russia's information resources in 2022 and presented its findings at an industry forum on November 15. In the same place, FSTEC shared some of its assessments of the level of security of Russian organizations following the results of control measures .

The representative of NCCCA Sergey Korelov noted that the trends of this year began to appear immediately after February 24, while the landscape of threats and goals practically did not change. The changes mainly affected the increase in the intensity of attacks and the breadth of coverage. Manifestations of malicious activity that are recorded in the NCCC in 2022 include massive attacks on root DNS servers, disconnecting providers from large trunk channels, embedding malware in widely used elements of web pages, and mass revocation of certificates.

This also includes the termination of a number of imported security tools, the appearance of malicious code in updates to both commercial and free software.

Traditional attacks were also present. For example, DDoS. Their feature in 2022 was a very large number of real, "live" participants. Users from all over the world are involved in organizing and conducting such attacks. There are well-oiled mechanisms for attracting ordinary people to attacks on Russian information resources, and "they worked, unfortunately, effectively against us." In a short time, the attackers formed Telegram channels, where they established campaigning and briefing of participants, where coordination and target designation is carried out. In the same channels, tools for conducting attacks were distributed and continue to be distributed.

What was recently sold for money or distributed in closed Telegram channels, communities has become massively available for use in attacks, "said Sergei Korelov.

At the same time, DDoS attacks became a cover for more serious actions. Given the tense geopolitical situation, attackers began to pay great attention to attacks that could have a wide public response, from which an explosive information reason can be made. The objects of such attacks were the resources of the media, state organizations, large industrial enterprises.

A new specific trend has also appeared here - the use of software dependencies and program code. For example, there were publications in a number of media resources of anti-Russian slogans, which were implemented by replacing the code of the advertising banner. This was done by the author of the code.

Many computer attacks were aimed at penetrating the systems of organizations in order to steal information and disable technical processes, followed by making the achieved result public.

A lot of information is being published now about data leaks. NKCKI is forced to state that they are caused by a careless attitude towards services available on the perimeters of organizations. At the same time, it should be noted that in pursuit of an information reason and public resonance, attackers often publish various kinds of fake information about leaks, says Sergei Korelov. And this has its own consequences: for each such case, both organizations and regulators have to divert resources to sort out.

The situation with uncontrolled and unauthorized changes in the program code and in general the activities of developers also resulted in a number of incidents and threats, according to the NCCC. Firstly, as you know, many vendors of protective equipment, telecom equipment announced the termination of support for their products, revocation of licenses, etc. In some cases, vendors warned about these plans in advance, but there were cases when literally at night the products turned off with all their functionality, i.e. the device simply stopped working. This, for example, arranged Fortinet. In such cases, the perimeter of the organization simply crumbles.

There was also a serious threat of revocation of all certificates and disruption of services. For a time, only one single organization sold certificates. NCCCI recommends switching to the use of certificates issued by the domestic certification center at least in the main domain zones. Domestic browsers will support them, says Sergey Korelov, and this will keep the main services working in the most unfavorable situation.

Separately, the representative of the NCCCA dwelled on the actions of the "politicized unfriendly information security community." As you know, the International Community FIRST (Forum of Incident Response and Security Teams) has suspended work with Russian computer incident response centers.

This decision, as well as what is happening in the information space of the Russian Federation as a whole, only confirms the concern we have repeatedly expressed about the declarative nature of the approaches of some countries to solving the problem of creating a peaceful and safe ICT environment, "says Sergey Korelov.

The success of many attacks, as experience has shown, is due not to some sophisticated methods of penetration, but to flaws in the information security services of organizations, and sometimes in obvious places, he added.

As for the lessons that the NCCSC learned at the end of the year, the analysis of incidents shows that the main efforts of the owners of information systems are still aimed at protecting the perimeter. This is the cornerstone of the protection system, but today this is not enough, the representative of NCCC emphasized. Often logging, logging is carried out only there, but not inside. As a result, it is impossible to see how far the attacker has gone.

Attackers are currently using several major messengers to penetrate the organization's infrastructure. One of them is hacking services available on the perimeter. This vector accounts for almost half of all APT (Advanced Persistent Threat) attacks.

The second vector is phishing emails. Numerous Russian and foreign studies boil down to about one: on average, every 7th employee opens a phishing email. These statistics also take into account those organizations where information security issues are at a very high level. And where there are not enough personnel, the statistics are even worse - every 4th phishing email opens.

The third vector is attacks through contractors. According to the data available to NCCCA, the number of such attacks has grown 2 times over the year. Having gained access to the contractor's infrastructure, which, as a rule, is much less protected, attackers end up in the target system.

The fourth vector is a common malware, "which is also far from a trifle." Well-known software of this kind does not encourage information security services to look closely at their infrastructure. Often, response activities are limited only to eliminating this software itself. And, as experience shows, such an attitude is fraught with serious consequences.

These penetration vectors, according to the NCCCC, will remain relevant in 2023.

Deputy Director of FSTEC Vitaly Lyutikov said that according to the results of control checks in one of their areas of implementation of measures in 2022 in about 500 organizations, about 40% of them did not even bother to change passwords for privileged users. This is despite the fact that the relevant instructions were brought to them.

This very characterizes the situation, according to the FSTEC. According to Lyutikov, we still do not fully have an awareness of the importance of this process. Despite the fact that a shift has occurred, but if you take some company that is far away, "somewhere beyond the Urals," this realization did not come there, unlike, for example, Moscow, where these issues are discussed a lot.

From the point of view of attacks on contractors, there were several letters and recommendations from FSTEC on what measures should be implemented and how to work with the contractor - at least to determine the interfaces of interaction. But about 50% of organizations did not even start this issue, says Vitaly Lyutikov.

Estimates of perimeter protection are also very indicative. According to the FSTEC, 34% did not find the opportunity in the current conditions of an aggravated situation to conduct at least a scan of the perimeter, nodes to understand what are the vulnerabilities. This is primarily about industrial enterprises, said the deputy director of FSTEC.

FSTEK and Ministry of Digital Development took on a pencil suppliers of information security products that raised prices several times

FSTEC tried to figure out why prices for information security solutions rose so significantly, said Deputy Director of FSTEC Vitaly Lyutikov on September 23, 2022 at the BIS Summit conference. In February-March, not only solutions including hardware, but also software rose in price significantly . In some categories, prices for information security software products jumped as much as 10 times, says a representative of FSTEC. And the multiple increase in prices for software products raises the most questions.

According to Vitaly Lyutikov, one of the reasons for the rise in price in such cases, which was called by Russian suppliers of information security solutions, is "unbearable requirements" for product certification, which must be urgently done: deadlines, a requirement for a mass of documents.

In this regard, FSTEC first clarified, and now changes to the provision on the certification system, which shorten the deadlines, allow the failure to provide certain materials according to trust requirements, optimize the methodology for analyzing vulnerabilities in terms of the scope of work, etc. However, food prices do not fall, said the deputy director of FSTEC.

Another reason for this is the increase in salaries of IT specialists due to the fact that many have left. But in May, the authorities reported that many IT specialists, up to 85%, returned back^[1]. However, prices for information security products still do not fall.

You know, colleagues, it seems to me that here is banal "nothing personal, only business," Vitaly Lyutikov summed up.

In connection with the current situation, some actions will definitely be carried out, follows from his words.

The director of the security department cyber security Ministry of Digital Development Vladimir Bengin at the same event noted that the agency receives signals from the market that after February prices for information security solutions have increased significantly, and that in this situation it is necessary, rather, to write in. FAS The Ministry of Digital Development Industry itself has a list of those who have increased prices several times, he added.

The increase in prices was facilitated by the increased cost of iron, logistics, specialists in the field of information security: "salaries are off scale." At the same time, raising prices several times at once is not a mass story, says a representative of the Ministry of Digital Development.

In a conversation with TAdviser, Vladimir Bengin noted that in this situation, raising prices for some interest, tens of percent, is normal. And, in addition, it should be borne in mind that in the information security market, most large vendors do not raise prices every year. If, for example, they have not changed prices for three years, now an increase of, say, 30% can be considered a traditional increase.

He added that the information security market is now "radically growing," and not only because of higher prices, but also because a huge number of customers are now expanding the sets of funds they buy. Many were previously limited to antivirus and firewall, while there are 17 popular classes of solutions on the market.

We observe a large number of cases of a multiple increase in the costs of information security solutions of some vendor, but not because he raised the price tag many times, but because earlier they bought one solution from this vendor, but now they buy, for example, six solutions if this is a large vendor, and cover the entire infrastructure with them, "Vladimir Bengin explained in a conversation with TAdviser.

Forecast of significant growth of the information security market in Russia

Innostage Group of Companies predicts a significant growth in the information security market in Russia in 2022. In particular, in the Security Operations Center (SOC) segment. The company announced this on August 9, 2022.

Among the market drivers, the company's experts note increased attacks by cybercriminals. According to research, attacks on government agencies alone from January to May 2022 grew almost 10 times. In addition, attacks are becoming more perfect, and their tactics are more diverse. As a result, the needs of organizations for security tools and services are growing.

It greatly affects the market and the departure from Russia of foreign developers of protective equipment. Such as, McAfee PaloAlto,,, Microsoft, and IBM ESET Fortinet Inc. Cisco Systems The termination of activities to the country in foreign vendors has reduced the level of confidence in them of Russian enterprises and most of them are not ready to work with foreign solutions, even if their developers resume activities in Russia. This is evidenced by the statements of representatives of companies operating in, which industries Innostage is focused on.

The country's business for August 2022 is aimed at. import substitution software Even the rising prices of Russian developers do not stop him from buying domestic products. Also, companies very much expect the appearance of Russian analogues of foreign products under development. Moreover, they are ready to acquire them to test with weaker functionality than their counterparts. True, there is a condition - operational revision to the necessary state, - said Anton Kuzmin, head of the CyberART Cyber ​ ​ Threat Prevention Center of Innostage Group.

Even the increased delivery times and prices of Russian funds do not interfere with the active growth of information protection. to data the information security market. According to analysts, since March 2022 they have increased by more than 20%. However, the increase in information security costs did not come as a surprise to Russian companies. This is evidenced by the data of a study conducted PwC at the end of 2021. 65% of Russian companies assumed that in 2022 their defense costs information would continue to increase. At the same time, the reason for the increase in costs was unexpected for them: no one could predict the sharp departure of foreign vendors from Russia.

Antiviruses and vulnerability scanners are most in demand in recent months. Also in high demand firewalls (Next Generation). Firewall Secure remote access solutions are very popular, corresponding to the ZTNA concept - requiring confirmation of data from the user or device when requesting access. Orders for countermeasures, DDoS attacks Web Application Firewall, incident monitoring and response systems are also common.

The demand for Security Operations Center (SOC) services, situational information security centers, is significantly increasing. Such centers check around the clock how safe the organization's information resources are. They also monitor information protection tools and respond to cyber incidents. The high need for SOC services is due to the fact that businesses lack information security competencies, while the number of attacks is growing. The effectiveness of such centers is assessed using a standard set of parameters: the response time to an incident, its resolution and notification of the customer. However, now customers want to be more confident in SOC.

Business is waiting not just for security protection and security monitoring services, but for integrated cyber resistance. In most cases, companies receive reports of attacks already committed, - said Anton Kuzmin.

To offer the market comprehensive provision of cyber resistance, information security companies need more information security specialists, who, like representatives of IT professions, are sorely lacking in the market. Closer cooperation with universities can help solve this problem.

Ministry of Digital Development plans to separate cybersecurity into a separate industry

On July 5, 2022, it became known about the plans of the Ministry of Digital Development of the Russian Federation to separate cybersecurity into a separate industry. The corresponding initiative is being discussed with market participants, the department told TASS.

As TASS was told in the Ministry of Digital Development, this issue has two sides. Information security, being part of the IT industry, allows specialized companies to enjoy the benefits provided for the IT industry. On the other hand, the separation of these areas can give another advantage for participants in the information security market. For example, possible tax breaks only for companies from the information security sector assume a smaller amount of lost tax revenues.

The founder of Kaspersky Lab, Evgeny Kaspersky, made a proposal to separate the information security sector into a separate industry. In his opinion, this issue has matured due to the increase in the number of cyber attacks and, as a result, the increased significance of the problem of the development of cybersecurity in the country. Evgeny Kaspersky believes that cybersecurity as a separate industry should have its own regulatory regulation and budgeting.

The attention to cybersecurity that is now on the part of Russian business and industrial companies is very serious. Since cybersecurity issues have become so serious, can it become a separate industry? - said Kaspersky in early July 2022.

He also spoke about experiments on hacking the systems of the domestic and foreign automotive industry, which was carried out by his company, noting the importance of working towards the development of cybersecurity in Russia. The head of the Ministry of Industry and Trade Denis Manturov agreed with this statement, noting that, for example, unauthorized access to any production can turn into big problems.^[2]

Increase in the cost of Russian information security software by 20%

At the end of May 2022, Rostelecom-Solar published a study according to which Russian solutions for information security have risen in price by more than 20% since March.

According to market participants interviewed by Kommersant, the problem is mostly on the side of the customers themselves: they do not have enough computing power to switch to Russian solutions. Some protective equipment also requires foreign components.

The interlocutor of the publication on the cybersecurity market explained that many customers now want to supply hardware with the software. If this cannot be done, customers postpone projects until they find the necessary capacity.

According to experts from the Rostelecom-Solar company, commercial companies, where foreign products prevailed in early 2022, faced an urgent need to switch to domestic means of protection. In public sector organizations, the share of Russian means of protection was higher, which is explained by the state policy of import substitution and regulatory requirements in recent years. The transition to domestic means of protection in today's realities is complicated by the increased cost of solutions and increased delivery times. This is due to the shortage of hardware platforms that arose after the departure of a number of foreign IT vendors from Russia, as well as the logistical difficulties experienced by Russian cybersecurity manufacturers.

We see a spontaneously increased need for migration to domestic means of protection and in strengthening the security of companies as a whole, "says Ekaterina Surtukova, head of the business development department of Solar Integration at RTK-Solar. - The main focus is on replacing the basic means of protecting the infrastructure, network and perimeter - everything that represents the basis of security for any company and where the highest risks arise due to the departure of foreign manufacturers. Import substitution of more complex solutions, as a rule, is planned secondarily or even next year. Unfortunately, when migrating from foreign solutions to Russian solutions, it is not always possible to fully repeat all the implemented functionality of the products.[3]

2021

Results of 2021 - TAdviser data

Growth by 16% in 2021

The Russian information security (IS) market continued its growth at the end of 2021. This is confirmed by the results of the activities of companies implementing projects in this direction. Most of the vendors and integrators in the information security sector presented in the new rating showed positive dynamics. According to TAdviser, the volume of the domestic information security market at the end of 2021 increased by 16% and reached 125.1 billion rubles. Among the key growth factors is the increased attention of companies to cybersecurity due to the accelerated digitalization and restructuring of business processes caused by the pandemic.

Starting from 2020, enterprises had a noticeable impact on the Russian information security market remote work , which became a natural consequence. pandemics The massive transition to a remote format of interaction revealed a number of problems and risks in the corporate sector from the point of view of information security.

The exchange of sensitive internal information began to be carried out through the external perimeter of organizations through external often unprotected channels, while the number of cyber attacks increased by a multiple. Attacks through IT service companies have also grown significantly (these include software developers, infrastructure operators), which are usually integrated with serviced organizations, but historically are more poorly protected. This phenomenon is understandable, since in established practice, contractors in the threat model are usually trusted parties. If the level of information security of the contractor is not adequate to the level and scale of activities of the customer whom he serves, the risk of a hacker attack on him is extremely high. This trend gradually increased until 2021, - said Dmitry Romanchenko, head of the information security department at Rubytech.

In 2021, the development of the information security market was stimulated by intensive digitalization processes associated with the pandemic effect, while the landscape of cyber threats was also continuously transformed, adds Ruslan Rakhmetov, CEO of Security Vision.

To minimize current cyber risks, companies paid increased attention to cybersecurity, and this could not but affect the growth rate of the information security segment. The domestic market for cybersecurity products and services in 2021, in our opinion, grew by 10-15%, in monetary terms - to about 100 billion rubles, - he notes.

Rustem Khayretdinov, Growth Director of BI.ZONE, speaks about similar dynamics and key drivers. He estimates market growth at 15%, explaining this by the increased investments of companies in cybersecurity. This scenario, he said, was facilitated by accelerated digitalization caused by the pandemic. She, in turn, increased the number of protected digitalization objects and the amount of data that are processed in them.

Vitaly Masyutin, deputy head of the IBS Platformix information security expertise center, draws attention to another growth driver. It is associated with strengthening the requirements of legislation and increasing attention to information security issues.

Maxim Golovlev, technical director, iTPROTECT clarifies that the legislative changes that influenced the market include the emergence of a new methodology for modeling threats, FSTEC Russia which was released in 2021. This entailed several projects, especially to revise the protection of state information systems.

Also in 2021, the Central Bank adopted new Regulations with requirements for achieving levels of protection in accordance with GOST 57580-R, for example, No. 757-P. In addition, the entry into force of No. 719-P (from January 1, 2022), which came out in 2020, was approaching. This provoked quite a few projects to audit the processes of protection in banks.

And finally, in November 2021, a draft decree was issued President on the transition of facilities CUES to the predominant use of domestic equipment software and from January 1, 2023. Already at that time, the transition time was quite tight and this accelerated the process of import substitution, especially in the industrial sector, explains Maxim Golovlev.

The largest companies in the Russian information security market

The new rating of the largest information security companies in Russia, prepared by TAdviser at the end of 2021, gathered 85 participants. Their total revenue amounted to over 214 billion rubles. The rating includes vendors of software and hardware information security systems, integrators implementing projects in this area, as well as distributors of information security solutions.

The leader of the rating was Kaspersky Lab. At the end of 2021, its revenue in ruble terms amounted to more than 55 billion rubles. The second line was taken by Softline. According to TAdviser, its revenue from information security projects increased by 9.8% and reached 22.3 billion rubles. The top three also included the company "Rostelecom-Solar" with an indicator of 12.3 billion rubles. with an increase of 46.9%.

Go to the full version of the rating "The largest information security companies in Russia" > > >

The Russian information security market grew by 1 billion rubles

The volume of the Russian market for products and services designed to ensure information security (information security) in 2021 amounted to just over 24 billion rubles. This is about 1 billion rubles more than a year ago, but still corresponds to only 1% in total world spending on information security solutions. This is evidenced by data from analysts at J'son & Partners Consulting, published in January 2022.

The study notes that sales of cybersecurity technologies in the Russian Federation are growing more slowly than in the world as a whole, which experts explain by two main facts:

• extremely small size of dynamically growing cloud segment (SECaaS, security as a service);
• dynamics in the segment of hardware and software systems that are close to stagnation.

It is also noted that the extremely low level of availability of modern cybersecurity tools in Russia restrains the development of the cyber risk insurance market in the country, which, in turn, negatively affects the qualitative and quantitative growth of the Russian cybersecurity market.

In their work, the experts considered segments such as inter-network screens, unified threat management (UTM), URL filtering, web application protection functions, data leakage prevention, VPN gateways, etc.

As a share of the total consumption of the types of cybersecurity tools under consideration, the cloud model in 2021 accounted for 11% of the Russian information security market. According to analysts, the SECaaS segment in Russia is significantly lagging behind the global market in its development, without fully exploiting even the existing growth potential associated with the protection of public cloud environments. So, if in the world market the share of SECaaS in the segment of protective equipment public clouds is almost 80%, then in Russia it is almost twice as low. Such a lag in the development of SECaaS is only partly due to the lag in development in Russia/and IaaS,PaaS SaaS which are drivers of growth in demand for SECaaS, experts say.

According to the report, in the product context, a unique situation for the world market is the hypertrophied large segment of specialized hardware crypto-gateways that implements encryption according to Russian GOST. Excluding the crypto-gateway segment with GOST encryption, Russia's share in the global consumption of network security products is less than 0.7%, which is half the share of Russia in the global gross product (1.5%). Continued regulatory innovation-driven growth in crypto-gateway consumption exacerbates imbalances in market structure and slows growth in other segments.

J'son & Partners Consulting believes that the Russian market until 2025 inclusive will not be able to realize the existing potential for explosive growth in SECaaS consumption both due to objective macroeconomic difficulties and due to subjective, represented by the peculiarities of regulation and negative perception of the cloud model of providing security functions by large enterprises and organizations in Russia.

At least a five-year delay in the deployment of 5G networks and edge computing infrastructure (MEC) in Russia and services based on these networks focused on industrial applications will also have a negative impact on the quantitative and qualitative development of the cybersecurity market.

According to analysts' forecasts, the volume of the Russian market for information security solutions in the period from 2022 to 2025 will increase by an average of 7% per year and will reach 32 billion rubles by the end of this period of time.^[4]

The Russian information security market grew by 8%, to 98.6 billion rubles

The volume of the Russian information security market (IS) at the end of 2021 reached 98.6 billion rubles, an increase of 8% compared to 2020. This is evidenced by the data of Rostelecom-Solar, disclosed on December 23, 2021.

The company "Informzaschita" agreed with the 8 percent growth of the market, but named another indicator in monetary terms - 81.5 billion rubles. According to the results of 2020, the company estimated the costs of information security solutions in the Russian Federation at 74.4 billion rubles, Kommersant reports.

The growth of the information security market by 8% is a "rather pessimistic forecast," says Pavel Adylin, executive director of Artezio. According to preliminary estimates of Kaspersky Lab, the growth of the information security market in 2021 amounted to 10% or even more, the managing director in Russia and SNGMikhail Pribochiy told the newspaper. Positive Technologies also believes that the information security market grew by 10-15% in 2021.

According to a study by Rostelecom-Solar, the public sector remains the main driver of the information security market with a total average annual growth of 13%: by 2025 it will reach 43.8 billion rubles with a total market volume of 131.8 billion rubles.

According to Yulia Kosova, head of the Rostelecom-Solar research group, in 2021, regional government agencies of the executive branch (ROIV) increased cybersecurity spending by 14%. About a quarter of the state segment in 2020 was made up of projects on the digital economy, in particular federal and departmental digitalization, in which investment is also expected to increase in subsequent years.

Technologically active regions, such as Novosibirsk and Yekaterinburg, are digitalized almost at the speed of Moscow, others are lagging behind - accordingly, the issue of cybersecurity fades into the background and the pace differs from the federal ones, explains the commercial director of InfoWatch Group of Companies Amir Dautov.

According to the survey, the results of which are given in the report, representatives of the public sector are more likely than others to fear DDoS attacks, and when choosing solutions, they pay attention, first of all, to value for money, as well as feedback from colleagues and opinion leaders about those solutions that meet regulatory requirements.

By the end of 2021, the largest contribution in terms of information security budgets is made by companies in the B2E segment, which also demonstrates the highest degree of maturity. The most promising sectors in terms of the totality of parameters are finance, oil and gas, as well as transport, Kosovo said.

According to analysts at Rostelecom-Solar, the growth dynamics of the cybersecurity market in Russia is conservative, but has the potential for outstripping growth. Among the key mechanisms that favor the development of the industry are an increase in the dependence of the state and business on digital technologies, an increase in the number of information security incidents that cause critical damage to the activities of organizations, as well as strong state support: the implementation of the national Digital Economy program and digital transformation strategies in government organizations, strengthening regulation and favorable tax policy for IT companies. The main restraining factors are the personnel shortage and low maturity of a number of industries in the field of cybersecurity.

According to experts of "Rostelecom-Solar," the key points of application of the efforts of large business to protect against cyber threats remain sites and web applications, as well as workplaces of employees. The main criteria for choosing suppliers in a large business are the availability of complex offers and the scalability of solutions. In turn, representatives of the segment cite serious non-aversive incidents and critical vulnerabilities found in solutions as the main reasons for replacing information security solutions.^[5]

Key drivers of the information security market in 2021

All participants in the Russian information security market surveyed by TAdviser, without exception, expect continued growth by the end of 2021. According to the majority, the level of demand for information security solutions and services remains approximately at the level of 2020. At the same time, some of the surveyed experts expect positive, but nevertheless not as high dynamics as it was a year earlier, follows from the TAdviser survey conducted in August-September 2021.

Sergei Sherstobitov, founder and CEO of the Angara group of companies, predicts growth rates similar to last year by the end of 2021. He believes that the level of demand for information security set a year earlier will remain. In addition, he said, the development of the industry will be influenced by government support and regulation measures, as well as the evolution of its own software development industry.

The expected change in the demand model and the continuation of the import substitution policy as a tool for the implementation of the national strategy will become incentives for investing the funds now received in the production of competitive Russian products. The market will be spurred by the further deployment of the Digital Economy program, one of the main areas of which is to ensure the sustainability and security of IT infrastructure. In this regard, information security and countering cyber threats will become the key links of a competitive business development strategy for the coming years, - Sergei Sherstobitov is sure.

R-Vision CEO Alexander Bondarenko expects that by the end of 2021 the market will show growth at the level of 25-30%. In his opinion, factors such as a pandemic, the transition to remote work, high-profile incidents influence the market. In addition, it spurs the development and serious attention of political leaders and top managers of companies to information security issues.

According to Dmitry Shamonin, Technical Director of Smart-Soft, the key growth driver is the adaptation of the business to the pandemic and suppliers/integrators to new realities.

Lev Matveev, chairman of the board of directors of SearchInform, adds that for the information security market, the crisis is almost always a driving factor. Everyone begins to think about protecting assets, and if they start to save money, then not on protective solutions.

TAdviser discussed what other drivers are noticeable on the Russian information security market with experts from IT and information security companies.

Requirements of regulators

Traditionally, the main growth factor for the Russian market is the mandatory implementation of the requirements of legislation in the field of information security and relevant regulatory requirements. The regulatory framework in terms of information security in Russia is being improved, so customers and suppliers (manufacturers of information security products, integrators, auditors, consulting and service companies) need to ensure compliance with current requirements.

One of the significant "drivers" of the market now is the cumulative factor, which includes, on the one hand, the market's awareness of the reality of the presence and relevance of threats of destructive impact and damage to critical information infrastructure (CII), on the other hand, accordingly, the need to comply with the requirements of the Federal Law "On the Security of the Critical Information Infrastructure of the Russian Federation" No. 187-FZ and strengthen control over the fulfillment of requirements by regulators, - says Elena Zamyatina, Development Director of the STC "Volcano."

In particular, in 2021, at large enterprises that are subjects of CII, work continues to ensure security measures for significant critical information infrastructure (OCI) facilities and comprehensive projects are being implemented to create OCI protection systems, which include modernization of information protection tools and subsystems, adaptation, development and implementation of a set of organizational security measures for significant OCI, creation of processes and systems for regular security control.

Dmitry Luchko, head of system integration at Digital Design Group of Companies, also believes that one of the growth factors in the Russian information security market in 2021 is the transition from "paper" security to steps to implement information protection systems in compliance with 187-FZ requirements.

According to our observations, the process of categorizing CII objects in accordance with the 187-FZ was completed by many organizations only in 2019-2020, and before a planned audit by regulators, it is necessary to show the results on the implementation of information protection systems. According to the results of 2021, we expect positive dynamics of the information security market in Russia from 20 to 50%, says Dmitry Luchko.

Fyodor Dbar, commercial director of Security Code, adds that the area of ​ ​ information security for critical information infrastructure is a large piece of the information security market that is just beginning to develop, although the law was adopted back in 2018.

A new technological level of enterprises and increased risks of damage from cyber attacks

Companies are moving to a new technological level, which also affects information security requirements.

According to Anna Kirsanova, head of the marketing department of Garda Technologies, the technological level of economic-forming enterprises as a whole is growing at an unprecedented pace, which spurs the development of the information security market as a related infrastructure.

In the OTR group of companies, they add that the number of companies that have reached such a level of maturity in the field of information security in their development, in which managers and decision-makers realize that financing an information protection organization on a residual basis is unacceptable. Moreover, a well-built information protection system will allow you to preserve assets, it does not matter, tangible or intangible, for example, such as reputation.

Best Practices Solutions (BPS) notes that the pandemic and its consequences have affected all areas of business and brought accelerated "digitalization" to our world. More and more companies, if not completely transformed, then greatly change their business processes taking into account new requirements: this is both remote work, and the transfer of a number of internal services of companies to external access, and the complete transition of business to a new format of work (such as retail or education).

All this brings new requirements for security systems that must quickly follow these trends. First of all, this concerns an increase in the share of a "risk-oriented" approach to security - companies pay more attention to pressing problems than to fulfilling simple requirements, and within a limited budget pay attention to priority needs, "says Kristina Anokhina, BPS system analyst.

Elena Zamyatina, Development Director of the Vulcan Research and Development Center, adds that the growing relevance of threats related to the implementation of cyber attacks on enterprise infrastructure, data compromise, and the possibility of sensitive information leaks (including due to changes in the organization of the activities of many companies and the corresponding changes in their IT infrastructures when transferring a significant share of personnel to a remote mode of operation), has become a factor for both large and small and medium-sized businesses to comprehensively approach the issue of ensuring the required level of information security based on a risk assessment.

According to her, organizations are investing in modernizing the subsystems for protecting corporate information resources and solving the problems of raising staff awareness in the field of information security, improving information security management processes, and beginning to more actively attract specialized specialized specialized companies that provide services in the field of practical security analysis, as well as services in the field of threat analytics, monitoring and analysis of events, detection and investigation of incidents.

Delayed Projects and Bug Work

Multiple postponed infrastructure projects that have started again in 2021 also contribute to the confident growth of the Russian information security market.

According to Andrey Yankin, director of the information security center of Jet Infosystems, IT is growing due to the pandemic, and this leads to an increase in information security. For example, there are projects in the framework of which not temporary schemes of secure remote work are being built, but full-fledged systems. In addition, a lot of attention is paid to information security at the state level. Therefore, the company expects steady market growth in 2021.

Andrei Sharonov, Deputy Head of Information Protection at ICL CT, also notes that the pandemic has contributed to an increase in demand for a remote format of work, which is still relevant to this day. If last year many market participants managed to quickly switch to this model, today customers come to the realization that the mass transition exposed the existing problems in providing information security for companies. Many tasks are not implemented at a sufficient level. As a result, such companies have 2021 under the sign of working on errors, namely, correcting these errors and obtaining maximum efficiency from already implemented information security solutions.

According to Lev Matveev, Chairman of the Board of Directors of SearchInform, with the spread of remote work, information security departments have the task of monitoring the effectiveness of personnel, and this is also a driving factor.

Our purchases of the working time control module in the first months of remote control increased by 56%, - he explains.

Information security services from the cloud

Experts note that in 2021, against the background of a general trend towards further cost reduction amid a pandemic, companies will look for additional opportunities to save money and therefore pay close attention to outsourcing and outstaffing services for part of the functions. The desire of customers to move to various types of outsourcing will be a new serious challenge in terms of information security, including protection against data leaks and other current cyber threats. The answer to this challenge will be, in particular, the growing interest in information security services provided from the cloud: the demand for cloud platforms that provide "everything as a service" will increase, as they will reduce costs - thanks to competition, cloud information security services will become more and more accessible.

Ramil Khantimirov, CEO and co-founder of StormWall, believes that one of the drivers of demand growth for information security cloud services will be a decrease in the cost of tools for cyber attacks while increasing their power. Providing quality protection against them in-house using traditional tools will be very expensive and problematic for companies. But it will be able to provide elastically scalable and quite affordable cloud services.

Very soon, companies will prefer to build hybrid information security systems in which local solutions will be closely integrated with cloud services, says Ramil Khantimirov.

New technologies

In 2021, the introduction of new technologies will continue, which will also require their solutions to ensure information security. According to Nikolai Domukhovsky, Deputy General Director of the UTSB for Scientific and Technical Work, these include, in particular, networks without borders (now no one will refuse remote access), new generation 5G communication networks, various smart everything class solutions - houses, streets, entire cities.

There are more and more such systems, which means that the issues of information security are becoming more and more relevant, - says the expert of the UTSB.

Alexandra Savelyeva, coordinator of AV Soft projects, adds that the protection of the "smart city" and "smart devices" is becoming more and more popular, because when creating intellectual equipment, the main forces are directed to the implementation of functionality, and less attention is paid to security. The increase in the number of successful cyber attacks on smart devices is also accompanied by the ease of their implementation compared to other potential victims in more secure market sectors. Therefore, Deception-class systems will gain great popularity.

Import substitution

In addition, in 2021, the acceleration of import substitution of software and hardware platforms is expected. As Fedor Dbar notes, historically the information security market was seriously imported, but now there should be a further decrease in the share of foreign vendors in network solutions. All these factors will ensure market growth, he is sure.

Nikolai Domukhovsky from the UTSB believes that the implementation of the import substitution policy is especially relevant for authorities and state corporations subject to Government Decree No. 658 "On Centralized Purchases of Office Software, Budget Accounting Software, and Information Security Software." The main articles of the resolution, according to him, were suspended until the end of 2022, but for painless migration to domestic means of protecting information, work must begin now.

Factors for the future growth of the information security market

Information security experts interviewed by TAdviser identify 7 key factors that will expand the domestic information security market in the near future. This will partly be a continuation of the trends and drivers that operate on the information security market in 2021.

Digitalization

The ongoing digitalization of the Russian economy will irreversibly lead to an increase in the number of information security incidents, the emergence of new attack vectors and the growth of cybercrime.

According to Dmitry Luchko, head of system integration at Digital Design Group, for the same reason, issues related to information security are becoming more transparent and understandable for business, and the priority of allocating a budget will shift from basic infrastructures to information security services.

Andrei Sharonov, Deputy Head of Information Protection at ICL CT, adds that information security is a necessary component of this process in the digital transformation program of the Russian economy, which will play an even greater role in the foreseeable future than it is now.

IB-services

Accelerating the process of moving IT systems to the clouds will also be associated with information protection.

As the founder and general director of the Angara group of companies Sergey Sherstobitov notes, migration will strengthen the demand for replicated cybersecurity services - this promising segment has already shown excellent growth rates in the Russian market and outstanding dynamics in other countries. Suppliers will have to solve the problems of improving the reliability and quality of such services, as well as reducing their cost, the expert believes.

Alexander Bondarenko, CEO of R-Vision, adds that customers are increasingly willing to consume information security according to the service model from the so-called MSSP providers, and this trend will only intensify.

Such a model is more economical and has a lower entry threshold, which will contribute to the spread of information security services and market expansion, he believes.

Nikita Semenov, head of the information security department of Talmer, adheres to a similar position.

The Russian information security market will grow due to the digitalization and centralization of information security services, the popularization of Managed Security Service Provider (MSSP) and the transition to mass digital information security. Such trends are already observed abroad and are beginning to appear in Russia. The process of IT transformation, the transition to cloud platforms and cloud computing, which create a foothold for the development of information security as a service on cloud platforms, is important, he notes.

Import substitution

Another factor in further growth is import substitution.

The current course on import substitution in Russia should be considered as another "engine" of the Russian information security market (in the segment of state organizations and enterprises with state participation), the implementation of which inevitably leads to changes in IT landscapes and the corresponding correction of information security infrastructures of organizations, - says Elena Zamyatina, Development Director of STC "Volcano."

Dmitry Kovalev, head of the information security department at Syssoft, notes that the state is actively stimulating companies to switch to domestic information protection tools.

We see how the information security culture is growing, this is directly related to the maturity of Russian business, he adds.

Export of information security solutions

A number of experts are confident that one of the growth drivers will be the export of Russian security software.

According to Lev Matveev, chairman of the board of directors of SearchInform, information security is one of not very many sectors that can get a good result in other countries.

You need to compete in what you are the best at. There are doubts that AvtoVAZ will catch up with Mercedes, Toyota and everyone else, but Russia has always been strong in software, he notes.

Vladimir Ulyanov, the head of the analytical center, Zecurion also expects that strong Russian stories will develop abroad and even potential sanctions and cold attitude from individual countries will not interfere with this.

"Sanctions regions" can be compensated by other markets, for example, there is interest in Russian products in Africa, Asia and the Middle East. Do not perceive these regions as purely third world countries. ICT is already well developed there, therefore, interest in cybersecurity products is also high., - the expert notes.

Konstantin Chernikov, Managing Partner, General Director of Aktiv, adds that many Russian solutions are becoming in demand abroad due to their professional execution and competitiveness. He notes that the state has significantly multiplied efforts that will help businesses enter foreign markets.

We expect that the growth of the information security market will be not only due to domestic consumption, but also due to foreign expansion, - sums up the general director of the company "Aktiv."

Requirements of regulators

The development of the Russian information security market will continue to be influenced by the development of the regulatory framework in the field of information security.

As Elena Zamyatina from the Vulkan Research and Development Center notes, changes in the existing and emergence of new regulatory requirements will inevitably lead to an increase in the costs of organizations to ensure the required level of security of information infrastructures, as well as improvement by suppliers of offered information security products and services, taking into account current regulatory requirements.

Mikhail Ivanov, General Director of S-Terra CSP, confirms this:

Russian law is changing, demanding more and more serious security of data and communication systems. We, as a manufacturer of information protection tools, in accordance with these requirements, offer users new, more advanced, devices and software. Our competitors are doing the same. And the information security market is growing and developing.

Information security solutions for the Internet of Things

The IoT market is one of the fastest growing in the world. At the same time, according to Nikolai Domukhovsky, Deputy General Director of the UTSB for scientific and technical work, the information security market for the Internet of things is forced to grow even faster in order to manage to equip the created services based on the Internet of things with information security systems. According to Markets & Markets estimates, the global growth rate of the information security market for the Internet of Things is about 24%.

These incredible market growth figures will also affect Russia - we are slightly behind in the pace of implementation of solutions such as the Internet of Things or the industrial Internet of Things, but this only means that global trends will come to the Russian Federation with a slight delay, says the UTSB expert.

Dmitry Shamonin from Smart-Soft also includes the Internet of Things as future growth factors in the information security market. In his opinion, the growth in the number and quality of projects in such areas as the Internet of Things and Smart City can be attributed to the main driving trends.

Significant increase in cyber fraud

In recent years, experts from the Russian information security market have observed a significant increase in cyber fraud, which, in turn, affects the needs for information security solutions.

It is natural that the growth of the information security market, both global and Russian, is due to an increase in demand from the state and business for tools and protection systems, which, in turn, continues to increase with an increase in the intensity and number of cybercrimes committed by cybercrimes, as well as as as technologies and methods of cyber attacks improve, - notes Elena Zamyatina (NTC "Volcano").

2020

Growth of the market volume by 7% to 92 billion rubles excluding VAT

Rostelecom-Solar conducted a study of the Russian cybersecurity market in 2020. In the costs of end users, the market volume amounted to about 92 billion rubles excluding VAT, demonstrating an annual growth of 7%. By the end of 2021, approximately the same indicators are expected. Although almost half of the market fell on projects in the largest commercial companies with revenues of more than 60 billion rubles, market growth was achieved mainly due to an increase in the number and scale of projects in the public sector.

According to analysts at Rostelecom-Solar, the growth dynamics of the cybersecurity market in Russia is conservative, but has the potential for outstripping growth. Among the key mechanisms that favor the development of the industry are an increase in the dependence of the state and business on digital technologies, an increase in the number of information security incidents that cause critical damage to the activities of organizations, as well as strong state support: the implementation of the National Program "Digital Economy of Russia" and digital transformation strategies in state organizations, strengthening regulation and favorable tax policy for IT companies. The main restraining factors are the personnel shortage and low maturity of a number of industries in the field of cybersecurity.

We predict stable growth of the information security market in Russia in money until 2025. The public administration segment can become its main driver. About a quarter of the segment in 2020 were projects on the digital economy, in particular, federal and departmental digitalization, in which investment is also expected to grow in the coming years. In the meantime, the largest contribution from the point of view of budgets for information security is made by companies in the B2E segment, which also demonstrates the highest degree of maturity. The most promising industries in terms of the totality of parameters are finance, oil and gas, as well as transport, - Yulia Kosova, head of the Rostelecom-Solar research group, commented on the results of the report.

Experts expect that the cumulative average annual growth rate of the share of information security projects in the public sector from 2020 to 2025 will remain at the level of 13%. In this case, demonstrating growth above the market, the B2G segment (FOIV and ROIV) will have the greatest impact on the development of the cybersecurity industry.

In 2020, state organizations spent about 24 billion rubles on protection against cyber threats, accounting for about a quarter of the market. At the same time, 81% of information security purchases in the public sector were carried out by federal executive bodies. The total costs of regional government agencies amounted to cyber security only about 4.5 billion rubles. According to to data the survey, representatives of the public sector fear more often than others - and DDoSattacks when choosing solutions, they pay attention, first of all, to the ratio of price and quality, as well as feedback from colleagues and opinion leaders about those solutions that meet the requirements of regulators.

Big business remained the main generator of demand for cybersecurity solutions in 2020. Companies in this segment spent about 40 billion rubles on protection against digital threats, their market share was 44%. Rostelecom-Solar experts predict a cumulative CAGR of the segment at 7%. Thus, by 2025, the total costs of the largest Russian organizations for information security will amount to just over 55 billion rubles.

According to the Rostelecom-Solar study, sites and web applications, as well as employees' workplaces, remain key points of application of large business efforts to protect against cyber threats. The main criteria for choosing suppliers in a large business are the availability of complex offers and the scalability of solutions. In turn, representatives of the segment cite serious non-aversive incidents and critical vulnerabilities found in solutions as the main reasons for replacing information security solutions.

The segment of medium and small businesses brought the industry 22.8 billion rubles, but most of the costs - approximately 12.5 billion - belong to the largest organizations with revenues of more than 5 billion rubles. According to analysts at Rostelecom-Solar, the low maturity of small businesses in the field of cybersecurity, as well as small budgets allocated for protective equipment, will not allow the segment to grow by more than 3% in the next four years. The respondents from this segment named the value for money as the main factor in choosing information security solutions. For the smallest companies, where there is no dedicated role of IT/information security director and senior management is responsible for choosing a supplier, the convenience of communication with the vendor and the ease of pilot implementation are also important factors.

The share of solutions for cybersecurity of end users and individual entrepreneurs turned out to be the least - about 6% of the market or 5.2 billion rubles. According to forecasts, the total volume of the segment in money by 2025 will amount to 6.6 billion rubles.

Information security market in a pandemic: from freezing projects and general uncertainty to rapid growth

2020, many participants in the Russian information security market are divided into three conditional periods. The beginning of the year was marked by planned activity related to the implementation of existing projects among customers. The second quarter, which just fell on the all-Russian lockdown and the stage of the most severe restrictions, became a period of certain waiting.

Customers have become very careful. In the spring and summer, sales slowed down in almost all directions due to a high share of uncertainty. Even without a formal freeze on budgets, holders were in no hurry to spend money, - comments Vladimir Ulyanov, head of the Zecurion analytical center.

But starting from the third quarter, active demand growth began. Information security companies claim that in general they were ready for such a development of events.

The growth in demand for us has become expected: the vast majority of customers have implemented projects to transfer workers to remote work, which required the implementation of additional cybersecurity measures. State organizations and customers of the corporate sector, including backbone industries, solved the problems of creating and improving information security systems in accordance with current threats, and, accordingly, the growing requirements for ensuring the security of critical information infrastructure, etc., - says Elena Zamyatina, Development Director of NTC "Volcano."

According to Nikita Semenov, head of the information security department of Talmer, the global situation threw the state of the information security sector back several years, forced to rethink budgets and renegotiate costs, focusing on those things that were not very relevant before.

Of course, this is about protecting employees working remotely, protecting data migrated to the cloud. However, this should not be regarded as the degradation of information security, rather it is a change of priorities and a transition to a neighboring development path with a different goal and a different level of maturity, he notes.

According to Yuri Mironov, Deputy Technical Director for Information Security at SATEL, as a result of the restructuring of business processes and the transition to remote work of many organizations, the demand for means of protecting communication channels, computers and phones, a system for controlling the leakage of confidential information and monitoring the activities of employees transferred to remote operation has increased.

Innostage CEO Aydar Guzairov adds that all those decisions that seemed temporary in April 2020 in December of the same year became permanent and familiar.

At the same time, how quickly the business reorganized to a new reality, cybercriminals found opportunities for themselves so rapidly.

If we talk about hackers as a business, then the reaction of this business to the covid crisis was instant and very successful. Research by information security companies showed that the nature of cybercrimes in the covid crisis did not change much and retained the main vectors for ransomware, direct financial theft and mega-leaks, while attackers used the topic of covid as a tool to achieve their goals, mainly for social engineering and phishing, - says Aydar Guzairov.

It is worth noting that the sphere of cybersecurity did not stand still. According to the general director of Innostage, the entire industry reacted very quickly, and then the public sector became quite active. The topic of universal digital literacy has become a trend for literally two months. As a result, the attitude of business towards information security has changed a lot.

We can say that until 2020, cybersecurity costs were allocated according to the residual principle, for the sake of a tick. Now these are very conscious investments, and spending on information security is growing, despite the crisis. All because the cost of information security began to be considered as an investment, says Aydar Guzairov.

Anton Lensky, Deputy Director of the Department of Technical Service "RASSE" (GC), "I-Teco" adds that in 2020, information security officers increased their expertise and gained additional experience in ensuring security. Business has increased interest in assessing the real consequences of possible cyber threats, and the industry has increased the number of sites for cyber training.

There have been changes from the regulators of the information security market. So FSTEC Russia he presented a new methodology for modeling threats, where the fundamental principle is the company's understanding and its management of the unacceptable consequences of, cyber attacks as well as the likely scenario for the development of such an attack in the infrastructure.

Elena Zamyatina, Development Director of the Vulkan Research and Development Center, notes that the number of requests from large and medium-sized businesses with requests for comprehensive information security audits, as well as expertise of design solutions in the field of information security, has increased significantly.

We regard this as one of the factors in the growth of market maturity, when a comprehensive study of projects becomes important for customers, the choice of optimal security solutions balanced in terms of minimizing information security risks, taking into account the specifics of business processes, compliance, scalability and cost, she explains.

Market dynamics estimates and major players

The results of 2020 for the Russian information security market were more than successful. The main growth factors, of course, were projects in the field of ensuring safe remote work, as well as tightening regulatory requirements. Some uncertainty of the spring-summer period was replaced by rapid growth in the implementation of information security projects in the second half of the year.

Representatives of IT and information security companies interviewed by TAdviser agree that the year as a whole has become successful for their field of activity, despite a slight reduction in certain market segments. Estimates of the dynamics of the Russian information security market by its participants range from 15 to 40%. If you look at the revenue of the companies included in the rating of the largest suppliers of information security solutions in Russia, then you can see a good growth in most players. At the same time, many companies showed dynamics of more than 50%. Only in the top 10 there are four of them - Rostelecom-Solar, Security Code, Positive Technologies and the Innostage Group of Companies.

Despite the desire to reduce the amount of IT costs in 2020 due to the pandemic, the information security market according to our statistics and statistics of large analytical centers showed an average growth of 15-20%. First of all, this is due to the need to organize safe remote work, an increase in the number of threats and the improvement of the legal framework for information security, - notes Dmitry Luchko, head of system integration at Digital Design Group.

For us, 2020 was very successful, we achieved two-fold growth in our sales. I think that the entire information security market also showed very significant results. Due to the pandemic, there has been an explosive increase in demand for products to protect information infrastructure. According to my feelings, the information security market has grown by no less than 20%, "says Mikhail Ivanov, General Director of S-Terra CSP.

According to various estimates, the Russian information security market in 2020 grew from 20 to 25%. This is not surprising, because according to a Russoft survey, 57% of Russian companies during the pandemic made cybersecurity one of their strategic priorities, - notes Lev Matveev, Chairman of the Board of Directors of SearchInform.

According to CROC estimates, in 2020 the Russian information security market grew by 20-30%.

Unlike most industries, the pandemic rather had a positive effect on the growth of the information security market: in a short time, companies transferred up to 100% of their staff to work from home, provided employees with the necessary technological means and, of course, protected the security circuit, - said Andrei Zaikin, director of the Information Security department of CROC.

The founder and CEO of the Angara group of companies Sergey Sherstobitov assesses the results of the year even more positively:

The growth of the Russian information security market at the end of 2020 at least twice exceeded the dynamics of 2019 and amounted to 35-40%. In physical terms, its volume is approaching 120 billion rubles.

Alexander Bondarenko, CEO of R-Vision, speaks about similar dynamics. According to his estimates, the market showed dynamics at the level of 35-40%, and it was very multidirectional.

There are those who rushed in growth by more than 50%. And there are separate segments and companies that have shown very modest growth, stagnation, and sometimes a significant drop in revenue, "he says.

Against the background of generally positive assessments of market dynamics, the opinion of Dmitry Shamonin, technical director of Smart-Soft, stands out.

My qualitative assessment is that the Russian market has shrunk. Enterprises tend to sacrifice information security during a crisis, he said.

Almost all participants in the rating of the largest suppliers in the domestic information security market showed steady growth.

Go to the full version of the rating "The largest information security companies in Russia" > > >

The expenses of the Russian public sector on information security increased by 12%, to 74.3 billion rubles

The expenses of the Russian public sector on information security in 2020 amounted to 74.3 billion rubles against 66.4 billion rubles a year earlier. This is stated in a study conducted by Informzaschita.

According to Kommersant, citing this report, about 37.3 billion rubles in 2020 were spent on cyber protection of government agencies (purchases under 44-FZ) and 37 billion rubles - companies with state participation (223-FZ).

Federal and regional authorities spend the most on information security in 44-FZ and 223-FZ (20.4 billion and 11.5 billion rubles in 2020, respectively), and the defense and defense industry occupies only third place - 8.7 billion rubles in 2020.

Regional information security budgets for the year rose from 13.9 billion to 20.4 billion rubles. And Moscow Moscow region in 2020 accounted for 8.3 billion rubles, the St. Petersburg Leningrad region - 1.3 billion rubles, the remaining 72 constituent entities of the Russian Federation - 7.7 billion rubles.

As noted, in their calculations, experts did not take into account the closed contracts of the military-industrial sector. But even taking into account them, the budget for information security in this area will be less than that of federal and regional executive bodies, according to Informzaschita.

According to Informzaschita, in 2020, 17.7 thousand state contracts in the field of information security were concluded against 18.5 thousand and 19.5 thousand a year and two years earlier, respectively. According to experts, the market is becoming more consolidated, and it is increasingly difficult for small companies to break into the government order market.

Departments are trying to unite into groups and form some kind of internal IT integrators, - confirms the commercial director of the company "Security Code" Fedor Dbar.

He also said that defense enterprises in information security are already two to three years ahead of the public sector in the number of different systems. Power structures all the time live in conditions of additional information security requirements, as well as in them there are much fewer "points of contact" with open networks, which makes it possible not to spend money on expensive means and protection services, explains Pavel Goncharov, Deputy Director for Business Development at Solar JSOC "Rostelecom-Solara," so outwardly visible costs are not so high. The costs of checking computer equipment and peripherals, certification of protection and other elements are included in the creation of specialized information systems and overlap the amounts indicated in purchases under 44-FZ and 223-FZ, the expert believes.

Among the leading market players supplying protective solutions for government agencies, Informzaschita names the following companies:

• Softline;
• Step Logic;
• "Jet Infosystems";
• «CROC»;
• «LANIT»;
• Solar Security.

According to experts, government spending on information security products and services will continue to grow in 2021, including due to the security law of critical information infrastructure - from July 2021, FSTEC begins to check such facilities, which will be an additional incentive for them to take care of security. According to Rostelecom-Solara, every tenth critical infrastructure for Russia has been compromised.

Karen Ghazaryan, General Director of the Institute for Internet Research, in a conversation with Kommersant, expressed the opinion that the tendency to enlarge the information security market in the public sector will continue. As a rule, it is much more difficult for small companies to go through licensing procedures, and therefore the threshold for entering the state order market for them will be higher, the expert believes.

The landscape of the information security market in Russia is changing due to the release of new by-laws of the FSTEC, which, on the one hand, establish requirements for solution providers from the point of view of licensing, and on the other, motivate departments to purchase more and more solutions in this area, he added.^[6]

The Russian information security market during a pandemic: who lives well on it, and who has "sadness-sadness"

On May 29, several Russian companies operating in different segments of the information security market shared the results and impressions of their work on the market during the pandemic. Someone has high sales dynamics against this background, and someone has significantly sagged.

How different segments feel

Evgeny Kurtukov, director of strategic development at Axoft, a distributor of IT solutions from different vendors, believes that the information security segment looks the most advantageous compared to other segments of the IT market now: it is growing better than others in monetary terms. Based on what the company observes in its work, some IT projects are postponed against the background of the coronavirus crisis, while information security is now a priority for customers, Kurtukov says.

It comes to the amazing. We have a block of solutions in the direction of network performance. It would seem that this topic should now be "hot," because many have gone to the remote, the load on the network is increasing. But even projects in this area are shifting due to information security, - said a spokesman for Axoft. - The thesis is controversial, but now it is clearer for the owners of information security budgets.

Kaspersky Lab is doing well in terms of revenue, said Mikhail Pribochiy, managing director of the company in Russia, the CIS and the Baltic states. Some segments showed a drop, but since the beginning of the year, Kaspersky Lab's business has grown by "tens of percent." Nobody saves on information security now, says Pribochiy. Sales in some segments in the first quarter of 2020 showed an increase to 30-50% year-on-year.

Mikhail Pribochiy explained to TAdviser that sales through service providers and corporate solutions show growth of this level. In the case of providers, we are talking about Kaspersky xSP Value Added Services. More than 300 companies are involved in this Kaspersky Lab program. On this channel, sales are due to the fact that many employees began to work from home, and if earlier the worst thing that they risked is the loss of the archive, now the PC is a window into the world, Pribochy explained. Accordingly, it was necessary to strengthen their defense.

In the enterprise sector, where endpoint protection used to be enough for many, customers are now forced to strengthen infrastructure protection. From March to April, the growth of attacks on infrastructure increased by more than 50%, a representative of Kaspersky Lab quoted TAdviser as saying.

However, in April, "falling" business areas appeared, says a company representative: retail sales of "boxes" decreased by about 60%. But it is understandable, since the stores are closed. In addition, sales in the medium and small business segment decreased slightly. This is due to the fact that here many companies are now either going bankrupt or have no money, says the managing director of Kaspersky Lab in Russia, the CIS and the Baltic states.

The representative of Kaspersky Lab also noted that employees have recently increased their work significantly: against the background of the pandemic, cyber attackers have become as active as possible. The number of attacks has grown by about 35%. At the same time, the criminals are also swinging at the "holy" - medicine, says Pribochy.

And the developer of DLP solutions Infowatch, on the contrary, is not so rosy. Konstantin Levin, vice president of sales for the company, says that in the first quarter of 2020, Infowatch noticed a decline in sales. And from the 2nd quarter, according to him, came "sadness-sadness," although not total. If the company fulfills at least 70% of the plan for the 2nd quarter, this will be a successful result for it, says Levin.

April was sad, May was dead. All hope for June. This is due to the fact that our main customers are a large corporate sector, and those areas that we strongly hoped for are now stagnating. The energy sector is now underpaid, the oil industry has serious discrepancies in the cost of oil from the expected prices. Government agencies have slowed down somewhat in terms of announcing tenders and signing contracts due to the fact that now many employees work remotely, - explained Konstantin Levin.

But not only Infowatch is in a similar situation, a company spokesman said. Among the participants in one of the IT associations in which Infowatch participates, a survey was conducted, which revealed that more than 80% of companies have fallen revenue. And the Central Bank, having analyzed the cost items that go through their payment system, and revealed that in relation to the 1st quarter, the decrease in payment receipts under the item related to IT and information security was 47%, Konstantin Levin cited the data.

Maxim Filippov, director of business development at Positive Technologies in Russia, said that their company's situation is still good. The company is growing more than 2.5 times in relation to the same period in 2019. The role in this was played by 2-3 large contracts, which were originally planned for a later period regardless of the pandemic, and the pandemic forced their implementation. Growth is provided mainly due to the public sector and companies with state participation, added a representative of Positive Technologies.

But 50% of the company's income usually falls on the 4th quarter, therefore, whatever the dynamics now, everything will be decided in the 4th quarter, Filippov noted.

At the same time, in April and May, the company observed a decrease in dynamics according to the XSpider decision - a vulnerability scanner, a representative of Positive Technologies noted. The company attributes this to the fact that demand from the SMB segment has significantly weakened. The company also notes a decrease in demand in the regions.

Our regional sales are showing positive dynamics, but there are already negative trends. We associate this with the fact that the regional leaders on the part of the government were given a certain indulgence to dispose of budgets in terms of eliminating the consequences of the current situation. And it is obvious that here the information security budgets of some of them became a bargaining chip: they either slowed down or moved to future periods, - explained Maxim Filippov.

In addition, the company is increasingly faced with requests from customers for deferred payments, the provision of special discounts, justifying them with the current situation. A similar phenomenon is observed in Kaspersky Lab.

Customers sometimes require discounts, deferrals, free deliveries, even without motivating them. Simple, because the crisis, - says Mikhail Pribochiy.

Year-end expectations

The meeting participants also discussed forecasts for financial results for their companies for the whole of 2020. Kaspersky Lab conducts an audit of current sales once a month and makes forecasts for the near future. The company did not change its expectations for the year, deduced even before the coronavirus crisis, said Mikhail Pribochiy. So far, the company is exceeding the plan by an average of 3-5%.

The word "forecast" in Infowatch has become abusive, says Konstantin Levin, because it will be difficult to answer for it. An adequate forecast in the current circumstances can be made no more than in the future for 3 months, he said. As for the end of the year, the representative of Infowatch believes that the market will still enable their company to win back from the expected sales at best 70%, at worst - about 60%.

This is due to the fact that many Infowatch sales are tied to budgets, and budgets are laid, and if there is no effort on the part of the state to return this money, then there will be an opportunity to play these figures, Levin explained.

Maxim Filippov from Positive Technologies said that initially at the end of 2020, the company set itself a growth bar of at least 30% and as of the end of May continues to adhere to it.

Ministry of Digital Development plans to regulate public purchases of antiviruses

On February 7, 2020 TAdviser , it became known that Ministry of Digital Development, Communications and Mass Media of the Russian Federation it had prepared a draft order#^[7] of the Ministry of^[8], which defines the form and procedure for presenting information centralized purchases. anti-virus software The project was published on February 6, 2020. More. here

2019

Market trends

In 2019, the Russian market for information security systems continued to grow steadily. Among companies, there was a trend towards an increase in the level of understanding of information security risks and the consequences of related incidents.

An increasing number of companies, when building information security systems, sought not only to formally comply with all the requirements of legislation in the field of information protection, but also additionally audited information security in order to identify weaknesses and vulnerabilities in their own network, "says Vitaly Orlov, executive director of Smart-Soft.

New players and new solutions appeared on the market, existing information protection tools were updated and improved, and relevant legislation was improved.

The market is trying to meet the needs of its consumer, who sees the picture of the day, adequately perceives risks and threats, which are only increasing year after year, - notes Dmitry Elfimov, head of the Kaluga Astral Information Security Directorate.

Thanks to the efforts of the state, the tendency to gradually displace purely Western solutions with Russian developments has become even more noticeable. The main consumers of information security tools are the public sector and large business. Moreover, many of the largest companies are partially controlled by the state.

The efforts of the FSTEC of Russia, the FSB of Russia, the Ministry of Industry and Trade, the Ministry of Telecom and Mass Communications are aimed at reducing the dependence of our state on products and solutions that are controlled by other countries, says Dmitry Gorelov, commercial director of Aktiv.

Over the past year, solutions have appeared on the market that represent a high-quality domestic alternative to foreign ones, says Alexey Sukhov, commercial director of Garda Technology. In his opinion, the import substitution policy provides ample opportunities for the development of the domestic market of the IT industry and information security in particular.

Dmitry Donskoy, Development Director of Echelon Technologies, believes that the import substitution policy adopted in our state not only contributes to the growth of the information security market, but also forces domestic developers to fulfill the constantly growing requirements of customers, which ultimately improves the quality of products.

Softline experts at the end of 2019 noticed a significant increase in interest in the implementation of projects in the field of information security. According to Vladimir Lavrov, head of the information security department of the Softline group of companies, more and more customers are realizing the importance of an integrated approach to information security, including the introduction of reliable means of protection against intrusions and internal work to increase information security literacy of personnel.

This is partly due to an increase in the number of threats, both external and internal. For example, in 2019, a number of high-profile events occurred at once related to leaks of personal data from large organizations, he explains.

Another incentive for the development of the industry is the tightening of legislation. The number of projects related to bringing information security infrastructure in line with the requirements of regulators is growing: projects in the field of protecting critical information infrastructure, fulfilling the requirements of GOST R 57580.1 − 2017 for financial organizations, as well as the tightened requirements of the FZ-152 "On the protection of personal data" regarding the localization of data of citizens of the Russian Federation in the country.

One of the important trends inherent in the entire IT market is the transition to a service model of service consumption. As Vladimir Lavrov notes, the cyber defense market is a little slower, but still steadily moving in the same direction. In 2019, the share of services was small: according to Softline's experience, the ratio of customer investments between information security services and the purchase of software and equipment was usually 20% and 80%, respectively.

It can change in one direction or another depending on the maturity of the customer: the more developed the information security system, the more money is spent on services. According to our forecasts, in 2020 this trend will develop, - said the Softline expert.

According to R-Vision CEO Alexander Bondarenko, customers have become calmer about transferring some information security issues to. outsourcing This gives impetus to the development of MSSP providers and companies offering relevant services.

Market Estimates and Major Players

According to TAdviser, the volume of the Russian information security market at the end of 2019 increased by 14% and reached 90.6 billion rubles. Market representatives interviewed by TAdviser also notice positive dynamics.

At the end of 2019, the market demonstrated two-digit growth rates, - said Dmitry Pudov, Deputy General Director for Technology and Development of the Angara Group of Companies.

The Russian information security market has grown from year to year, on average, by 10% over the past 3 years. If expressed in numbers, then this is about 90 billion rubles at the end of 2019, - said Alexey Gorelkin, CEO of Phishman.

According to the experts of our company, the market for Russian information protection tools (IPS) in 2019 grew by about 10%. The growth of the information security market as a whole can be estimated at about the same level, - said Andrey Shpakov, head of the technical consulting department at S-Terra CSP.

The dynamics of information security industry growth in Russia is similar to the global one - according to Fortune Business Insights, before the crisis, this area grew by an average of 12.5% per year, "says Sergey Voinov, CEO of EveryTag.

According to our estimates, the volume of the Russian information security market has been steadily growing over the past 10 years. 2019 was no exception - the total volume of the domestic market amounted to about 100 billion rubles, the dynamics - at the level of 15%, - said Ruslan Rakhmetov, General Director of the Intellectual Security Group of Companies (Security Vision brand).

The above dynamics is also confirmed by the positive financial results of information security companies. The total revenue of the 20 largest information security companies that provided TAdviser with data on the results of their activities in 2018-2019 increased by almost 18%. The new ranking lacks the leader of past years - Kaspersky Lab. At the end of 2019, she did not disclose her financial results.

Go to Full Rating > > >

2018

TAdviser data

According to the results of 2018, the Russian market for information security systems showed positive dynamics. This can be confirmed by the financial results of domestic companies specializing in the field of information security. Most of the participants in the rating of the largest Russian suppliers of information security solutions showed revenue growth.

Go to the full version of the rating "The largest information security companies in Russia" > > >

The total result of the Top 20 in 2018 exceeded 100 billion rubles (+ 13%). However, it should be borne in mind that the rating indicates the global revenue of Kaspersky Lab, since the company did not disclose financial indicators separately in Russia.

The volume of the Russian information security market, according to TAdviser, at the end of 2018 increased by 10% and reached 79.5 billion rubles.

Domestic experts primarily associate the growth of the information security market in Russia with the emergence of new requirements of various regulators.

In connection with the active activities of regulators and taking into account the general trend towards import substitution of decisions in the field of information security, the Russian information security market is now on the rise, - said Yegor Bartenev, director of the information security department at Satel.

The information security market in Russia continues to gain momentum for a year, partly a reflection of global trends, and partly a result of the emergence of new requirements of various regulators, "says Alexander Borisov, an expert in the field of cybersecurity at ICL Group.

The information security market in Russia is actively developing, this is facilitated by the tightening of requirements by regulators, the emergence of new federal laws, by-laws, orders, - explains Dmitry Livshits, General Director of Digital Design.

He also recalls that in March 2019, the FSTEC of the Russian Federation announced new "information security requirements that establish levels of trust in information technical protection tools and information technology security tools," which are mandatory for all developers of protection tools. These requirements, in his opinion, contribute to the displacement of foreign manufacturers from the market, the monopolization of the market of Russian means of protection of both software and hardware.

Given the fact that the requirements are tightening, threats to information security are growing, and we are one way or another moving towards import substitution, ― the market for Russian information security solutions will develop intensively. There are no prerequisites for a decrease in market volumes, says the general director of Digital Design.

Vasily Stepanenko, director of the DataLine cyber defense center, recalls that on January 1, 2018, the 187-FZ "On the Security of Critical Information Infrastructure" came into force.

13 industries fell under this law, and we can say that in general it concerns the safety of automated process control systems (APCS). When protecting APCS, the priority is the use of domestic means. Now Russian information security companies are developing superimposed (embedded) security tools: various devices, sensors, ransomware. Thus, the release of the law provoked the emergence of the vendor market, as well as the compliance market: service providers offer, for example, to develop a list of critical objects, - says the DataLine expert.

Alexander Bondarenko, CEO of R-Vision, speaks about the trajectory of confident growth in the Russian information security market.

Starting 10 years ago with the emergence of the law on personal data, at the moment the market has several drivers pushing it up at once. This is an active expansion of legislative requirements (CII, State system of detection, prevention and elimination of consequences of computer attacks, Central Bank Standards, etc.), high-profile security incidents, and the steady digitalization of almost all spheres of life, as a result of which the requirements for reliability and information security are seriously increasing, - he says.

The technological dependence of business, the state and end consumers is higher than ever and continues to gain momentum. The vector for the digitalization of society is a very powerful factor for the development of the information security market.

Information security is becoming more noticeable both in the business environment and at the state level. This allows us to say with confidence that the information security market will grow in the coming years, - said Sergey Sherstobitov, CEO of Angara Technologies Group.

Every day there are fewer companies with a low level of IT penetration: digitalization opens up new business opportunities that allow you to outstrip competitors. At the same time, the number of cyber threats is growing, says Oleg Shaburov, head of the information security department at Softline. Therefore, the construction of modern and effective protection of information resources is the most important task facing companies in all sectors of the economy, he is sure.

Dmitry Elfimov, head of DITiZI of Kaluga Astral, believes that the information security market is growing and will continue to grow in the wake of increased activity of external threats, violators. At the same time, the need for reliable domestic software from the point of view of information security is growing. And more and more company leaders are thinking about the need to protect infrastructure, communication channels and information.

Andrei Zaikin, head of information security at CROC, adds that the increase in the number of information security incidents in all sectors of the economy is associated with an annual decrease in the threshold for entering the cybercrime market. Hacking technologies become more accessible, malware appears that works according to the service model, and so on.

At the same time, technologies are developing: more and more companies are switching to online business schemes, therefore, for them the issue of ensuring information security is becoming one of the most important, "adds Zaikin.

Dmitry Volkov, CTO Group-IB, notes a significant increase in the number of targeted attacks aimed at espionage and obtaining direct financial benefits.

The so-called "digital weapons" or cyber weapons that can stop production processes and disable networks of critical infrastructure and large commercial enterprises are actively used. This is a serious problem. The arsenal of pro-state hackers is now periodically published in the public domain, and anyone can download all this, customize it for themselves and start using it. The number of cyber attacks will increase and it will be more and more difficult to attribute these attacks, he says.

Information is gaining more and more value, especially in the field of government regulation. This is influenced by both the amount of information and its quality. Therefore, information protection becomes one of the main tasks of government customers.

In this regard, the demand for information protection tools, solutions using such tools increases many times over. Our company, like many companies operating in the information security market, fully feel the growing demand, "says Elena Golovanova, Advisor to the General Director of the Profit Center "Swemel "

An additional factor in the growth of the information security market in Russia is federal targeted programs with initiatives in the field of information security. Many departments are preparing programs for specific projects within the framework of the Digital Economy program.

When these projects are at the stage of implementation, we expect the market to grow more strongly, "said Fyodor Dbar, Commercial Director of Security Code.

According to Denis Kalemberg, CEO of SafeTech, interest in the information security area continues to increase, both from the state and from the business.

Moreover, those people who make decisions and generally manage business are closely involved in information security issues, so it is safe to say that the information security sector will remain in a good winning position in the coming years, he believes.

The confident growth of the market is predicted by Nikolai Zabusov, Director of the Information and Network Security Department of Step Logic:

The state of the information security market largely depends on external factors. Thus, crisis phenomena in the economy, volatility of the national currency lead to a sharp reduction in information security costs. Epidemics of ransomware viruses and the emergence of other dangerous threats - to the rise caused by the need for a comprehensive response to intrusions. Legal changes are also the "engine" of progress. This year will be held under the flag of the implementation of legislative initiatives, which is why the information security market, according to our forecasts, expects strong growth.

Traditional industries, where in recent years the main budgets for information security have been concentrated - the financial sector, oil and gas, the public sector, telecom - can be attributed to conservative ones. Here, according to Andrei Yankin, director of the Information Security Center of Jet Infosystems, we are unlikely to see significant changes in the near future. Growth will be supported primarily by regulatory requirements.

In his opinion, from the point of view of information security, most likely, industry will grow at a significantly high pace. This is affected by awareness of the risks and requirements of the 187-FZ. A number of industries are still on the "bench." Information security risks are significant there, but the business still invests in security solutions relatively little. These, for example, include retailers and insurance companies, which, among other things, are actively mastering e-commerce.

Problems of the Russian information security market

Personnel deficit

There is a strong shortage of qualified information security personnel on the market. According to Andrei Yankin, so far there are no prerequisites for the situation to change for the better in the coming years.

Andrei Tymoshenko, information security manager at Accenture Russia, adds that due to the lack of qualified specialists within companies, the demand for services of consulting companies and integrators will grow in the information security market in Russia in the near future.

First of all, we are talking about the lack of technical specialists who are able to design and configure protection tools, identify possible vulnerabilities and threats and eliminate them, - explains Tymoshenko.

Change of "foundation"

The information security market, although it is separated into a separate ecosystem, cannot exist without IT markets, legal services, and business consulting. Accordingly, the information security market is influenced by the same factors and trends that affect these markets and the country's economy as a whole. As Vladimir Balanin, head of the Information Security Department of the I-Tec o Group of Companies, notes, in fact, the information security market is now undergoing a change in the "foundation" from the one affected by the sanctions, but satisfying any business requirements imported to the domestic one, which may require a revision of the established IT architecture of companies.

According to him, there is a certain imbalance in the market: we are doing well with software solutions and services, but we are far behind in the element base and in the creation of high-performance hardware platforms on which this software should function.

"Paper" security

Vyacheslav Medvedev, a leading analyst at Doctor Web, believes that after reducing budgets over the past five years, the overwhelming number of customers have no money for anything other than antivirus and current system maintenance. At the same time, the market, he said, is influenced by legal requirements that require large investments. This includes the protection of critical facilities, the Spring Law, the requirements of the Bank of Russia, requirements for ensuring the security of the Russian segment of the Internet, the complicated requirements for the protection of personal data, and requirements for import substitution.

Unfortunately, all these requirements have a weak effect on the real security of companies, which often remains only on paper. This is due to the missing (albeit long-promised) methods of regulators in the field of ensuring protection and the lack of the necessary funds for the purchase of all the necessary solutions in the field of information security, and the lack of business desire in practice to deal with information security issues. Evidence of paper security - the shaft of databases of various companies and organizations discovered on the Internet, the facts of using proprietary software in the formal fulfillment of requirements in the field of import substitution, the absence of a real proposal for many solutions that should replace imported ones, - says Medvedev.

In the coming years, in his opinion, the situation with information security will not be corrected.

Imperfection of standards and legislation

Leonid Ukhlinov, Vice President, Executive Director of Informzaschita, believes that there is still a large amount of work to be done to create and implement uniform standards for the work of security specialists who serve organizations. At the same time, even the perfect legislation, in his opinion, does not always affect the real safety of users and organizations that live and work in Russia.

For example, the law on personal data is not fully perfect and creates a number of inconveniences associated with the need to constantly distribute consents to the processing of their personal data, which, it happens, also contains consent to transfer them to the whole world, the expert notes.

Leonid Ukhlinov believes that in the near future the legislative framework regulating the operation of the information security market will be finalized and improved.

This will serve as an impetus for new projects, processes and, most importantly, as in the case of the implementation of the law on CII, the creation of a base of precedents for projects to categorize CII subjects, and in the future - typing this process and becoming it "on the rails," he says.

Market unavailability for standardization of information security services

More and more companies are looking towards information security services. Nevertheless, the domestic market is not ready to standardize such services, says Vasily Stepanenko, director of the DataLine cyber defense center.

Of all industries, perhaps only banks have a single set of systems that require specific equipment. Most companies use a variety of solutions that are difficult to fit into template services. The market also lacks public cases and well-known best practices. On their basis, it would be easier for service providers to work with customers than to work out and build solutions from scratch every time, "he explains.

Unfinished "patchwork" products

Customers are trying to "filter out" the mass of new generation startups in order to find rare pearls among the many solutions in the field of information security. Frequent changes in the legislative framework lead to the fact that unfinished "patchwork" products focused on solving private problems are brought to the market.

"Zoo" of dozens of disparate products leads to uncontrollability, the high cost of owning infrastructure and in reality creates more difficulties than benefits. At the same time, most of all problems in the field of information security are solved by the presence of ordered and regulated processes. It is more profitable for customers to purchase mature products of those vendors who expand the composition of their protective mechanisms within the framework of a single solution, - said Nikolai Zabusov, Director of the Information and Network Security Department of Step Logic.

10% Market Growth - Positive Technologies

In 2018, the volume of the Russian information security market grew by 10% compared to 2017. This was reported on December 19 by Positive Technologies.

One of the main catalysts for this rise, according to experts, was the launch of certain federal-level projects in the field of digitalization, as well as the activity of a number of large companies in the field. cyber security

The number of information security incidents has grown significantly due to a significantly reduced threshold for entering cybercrime: an attacker no longer needs to have a high level of knowledge in the field of IT - it is enough to buy ready-made tools and instructions in DarkWeb, experts say.

Positive Technologies also listed the main trends surrounding cybercrime in 2018.

• Industrial espionage is back in vogue. During the year, the Positive Technologies Security Expert Center (PT Expert Security Center) recorded in Russia and the CIS countries the activity of 12 different APT groups aimed specifically at obtaining information.

• Phishing has become the main method of penetration. It was used in 61% of attacks on banks in the first half of 2018. Phishing is often used by such large hacker groups as Cobalt and Silence.

• More and more vulnerabilities in automated process control systems (APCS ). Their number by the fall of 2018 exceeded the indicators of the previous year by 10%.

• Information theft as a multifunctional service. Passwords and logins from various accounts and bank card data occupy about 80% of all information sold on DarkWeb. The average cost of one card data with a balance of several hundred dollars is only $9. The text of an SMS message containing a one-time code for making a payment can be promptly received for $250.^[9]

Orange Business Services and IDC Forecast to 2022

International service provider Orange Business Services and research company International Data Corporation (IDC) in February 2018 announced an analysis of the corporate market for cybersecurity services in Russia. The study examined segments such as managed security services and managed remote security services, cloud-based enterprise security services, and consulting services.

According to IDC research, the total volume of the above market segments in 2016 reached $81.88 million, which amounted to 58.2% of the total corporate market for security services in the Russian Federation. According to analysts, the volume of the corporate security services market will approach 6 billion rubles in 2021, and by 2022 the average annual growth rate of these segments will be 3.9%. The service market is increasingly stimulating the information security market and continues to attract new players, previously known in other IT areas.

In the next 5 years, the highest growth rates are expected from the security consulting market. According to the forecast, the CAGR of penetration testing and vulnerabilities will reach 4.7%, while security strategy planning will show even more impressive results - 5.9%. Consulting helps increase the transparency of the company's internal processes and reduce the shortage of qualified personnel. The driver of the sector's growth is the lack of the ability of companies to hire high-quality specialists due to a shortage in the labor market or due to the high cost of services in this area.

The growing complexity of threats, the digital transformation of the business sphere, and the dynamic, often updated regulatory framework have contributed to the rapid development of segments of the managed security services market: UTM (Unified Threat Management) managed devices and security and vulnerability management. The average annual growth rate of the first segment until 2022 will be 3.7%, and the second - 4.3%.

The demand for corporate cybersecurity services in Russia is highest in finance, industry and power.

Financial sector will remain the leader in demand for IT security services, with most of the most sophisticated and advanced malicious attacks in the past few years targeting financial institutions. So, the attack with the help malware Buhtrap led to the theft of 1.8 billion rubles. The level of complexity and sophistication of attacks is growing, which means that the damage caused by them will increase. As a result, the total demand for security services will grow not only in the financial sector, but also among insurance companies pension funds, experts say.

In industry and power, a critical information infrastructure is used for work, the components of which are. APCS Powerful attacks on the infrastructure of enterprises in this area can lead to a catastrophe, as exemplified by the worm attack, Stuxnet which demonstrated almost complete insecurity in both sectors and resulted in huge losses.

Corporate security is also relevant for retail. The interest in legal services in wholesale and retail to trade is due to the industry's tendency to outsourcing to expertise in IT security, as well as the growing threats associated with the application of new technologies in trading and the development of the e-commerce network.

One of the main conclusions of our joint research with IDC is the shortage of qualified IT personnel, primarily "security workers," in many companies in various industries. We are seeing an increase in interest in our fully managed security services among our customers, but due to the lack of specialized specialists and the constant growth in the number and complexity of threats, many of them are looking not just for a service provider, but a full-fledged partner in creating their information security strategy. We strive not only to provide solutions out of the box at the request, but to suggest what exactly business needs to fully protect against emerging threats, "said Elena Krayushkina, Director of Business Solutions and Innovation, Orange Business Services Russia and the CIS.

2017

Government spending on cybersecurity increased by 35%

At the end of 2017, the volume of public procurement in the field of information security amounted to 56 billion rubles, which is 35% more than in 2016. This was reported by the company "Informzaschita."

According to the company, most state-owned enterprises increased budgets by. cyber security The exception was made only by oil and gas companies. The increase in costs is mainly due to legislative requirements for safety, critical information infrastructure as well as an increase in the number. cyber attacks

According to statistics, the total volume of purchases of government agencies and state-owned companies in the field of information technology in 2017 amounted to 664 billion rubles, an increase of 24% over the year, and purchases in the field of information security (IS) increased by 35% and reached 56 billion rubles. At the same time, purchases that do not fall under the Federal Laws of 44-FZ ("On the contract system in the field of procurement of goods, works, services to meet state and municipal needs") and FZ-223 ("On the procurement of goods, works, services by certain types of legal entities"), or constituting state secrets, were not taken into account.

In total, budgets for IT infrastructure have grown mainly in the sectors of finance, communications, the military-industrial complex, transport and power. In the field of transport, costs increased by 54%, to 73 billion, in banking - up to 152 billion rubles. In turn, the oil and gas industry has reduced such costs.

Key Drivers, Events and Forecasts

In 2017, the growth of the Russian information security market continued. Its dynamics was influenced by both the development of the legislative framework and major incidents that affected more than one company and brought real losses in the form of direct financial losses, reputational harm and suspensions of activities.

Epidemics such as WannaCry, NotPetya and BadRabbit have clearly demonstrated the vulnerability of IT infrastructures and the need to create a proactive security system. And this will require new investments and a review of the approach to building an information security function. At the same time, the law on the security of critical information infrastructure adopted in 2017 will also have a serious impact on the market in the future.

Legislative changes

Dmitry Biryukov, head of the information security department of the Asteros group, believes that in the current economic situation, the Russian information security market continues to show a slight stable growth, and in the coming years, in his opinion, such positive dynamics will continue.

In many ways, the reason for this is the rather serious rationing of the industry recently. For example, from January 1, 2018, No. 187-FZ will come into force regarding the protection of the critical information infrastructure of the Russian Federation from computer attacks, and the national standard of the Russian Federation GOST R 57580.1-2017 "Security of financial (banking) operations" prepared by the Central Bank of the Russian Federation has already been approved. Information protection of financial institutions. Basic set of organizational and technical measures. " Such serious legislative initiatives are serious drivers of information security market growth in our country, he believes.

Nikolai Domukhovsky, Director of the System Integration Department of the UTSB, believes that in recent years the Russian information security market has returned to a state of some stagnation, which was observed until 2006 (the year the law on personal data was adopted): there were no incentives for development on the part of the legislative bodies, the previous market drivers (the same law on personal data) had already ceased to radically influence development and, plus, problems in the economic situation in the country led to the curtailment of most investment projects (which usually includes the development of information security).

Therefore, the period 2014-2017. was some period of bringing to mind what was previously done: services for audits, support of the protection system and consultations were in demand on the market, he notes.

At the same time, according to him, the situation began to change from the end of 2016. Information security issues began to be widely covered in the news: the ubiquitous "Russian hackers," attacks on the energy networks of Ukraine, attacks by ransomware viruses around the world, etc. The result of such a "hype" topic of information security was the adoption of a new Doctrine of information security of the Russian Federation, as well as the operational implementation in three readings and the adoption of a law on the security of critical information infrastructure (CII) of the Russian Federation, which has been "lying on the shelf" for the past 5 years.

Nikolai Domukhovsky calls this law the main driver for the coming years.

The adopted law on the security of the CII of the Russian Federation will definitely be the main driver of the information security market in the coming years: firstly, almost any enterprise can be the object of CII (this is far from only industry - CII facilities can include, among other things, banks or hospitals), and secondly, by-laws of the law on CII security strengthen another trend in recent years - import substitution in the field of information technology and information security. So, starting from 2018, I expect a fairly serious growth in the information security market: both in terms of the consumption of services (audits, consultations) and in terms of capital investments (the creation of new information security systems, the purchase of domestic information protection tools, including replacing existing imported ones), - says the expert of the UTSB.

Maxim Filippov, director of business development at Positive Technologies in Russia, also talks about the importance of the KII security law.

This year was held under the auspices of the adoption of federal law N 187-FZ "On the Security of the Critical Information Infrastructure of the Russian Federation." New regulations will be aimed at practical security: the defenders are tasked with responding competently to computer attacks. This is what we have been actively promoting and helping our customers implement over the years, "he notes.

I agree with my colleagues and Sergey Terekhov, director of the competence center for information security of Technoserv. He also calls the main drivers the law on the security of critical information infrastructure and the introduction of new standards by the Central Bank in terms of new mandatory information security requirements.

The Russian information security market as a whole is quite stable and growing, regardless of external events - the constant demand for information security is provided primarily due to active rule-making activities and control checks by regulatory bodies. However, according to the results of 2017, there is a clear trend towards accelerating market growth, - said the representative of Technoserv.

The Impact of Cyberencedents

In addition to legislative changes, massive incidents such as Wanna Cry, Petya, BadRabbit will have a significant impact on market growth, according to Sergei Terekhov. They, according to market experts, provoked an increase in interest in information security products and services.

As Maxim Filippov, Business Development Director of Positive Technologies in Russia, notes, the sensational epidemics WannaCry, NotPetya, BadRabbit have demonstrated that focusing on complex solutions and ignoring simple truths (such as, for example, timely software updates) can have catastrophic consequences.

According to Ilya Timofeev, head of the direction at the Center for Industrial Safety of the Informzaschita Group of Companies, high-profile incidents with ransomware viruses forced many companies to think about the effectiveness of their protection and move from paper security to real one.

Sergey Sherstobitov, CEO of Angara Technologies Group, adds that an updated generation of cyber attacks is emerging, including cryptolokers:

The acclaimed WannaCry and NotPetya are replacing other, more advanced ones, such as Bad Rabbit. Methods and approaches to cyber attacks will continue to develop, which will require adequate information protection. These processes will stimulate the demand for information security solutions and services in the coming years. The Russian information security market will grow intensively, offering proactive methods of protection against cyber threats, he said.

Information security as part of the digital economy

Another important point is the course towards the digital economy. Maxim Filippov from Positive Technologies believes that the adoption at the state level of a benchmark for the digital economy, covering all areas from healthcare and education to transport and finance, affected the growth of the IT technology sector in general and the field of information security in particular.

Maria Voronova, head of consulting at InfoWatch Group, clarifies that information security is one of the five key areas under the Digital Economy program.

Change in relation to information security

Sergey Lapenok, Marketing Director of X-Com, believes that the driver of intensive growth is traditionally the state order, extensive - commercial structures related to the financial sector or high-tech production. Several apart are enterprises of the military-industrial complex and resource mining companies. The former are obliged to use solutions that meet the standards of state-owned enterprises, so they follow the well-trodden path. The second has the opportunity to invest in the development of information security, but there is not always an understanding of the tasks facing them, so the fleet of solutions is very heterogeneous.

In the foreseeable future, the growth trend of the information security market will continue, but its structure will undergo certain changes, - said Sergey Lapenok. - State customers will give preference to more technological solutions than the expansion of their assortment and the growth of availability in the "mass" segment will suffer. Commercial companies will implement various solutions, each of which effectively closes a certain bottleneck in information security.

According to Maria Voronova from InfoWatch, more and more organizations and companies are thinking about building integrated information security management systems, which include both a technological component and a methodology, and increasing the culture of cybersecurity in the team.

Alina Hegai, head of the information security department at Lanit-Integration (part of Lanit Group of Companies), notes that more and more companies are no longer perceiving information security only as a cost center.

We see more and more requests for audits and assessment of the real security of corporate information systems. I think that in the coming years the growth trend will continue and manufacturers will begin to increasingly adapt information security mechanisms to the growing demands of IT and business, for example, in cloud environments with automation capabilities, in machine-to-machine interaction, virtual reality. At the same time, of course, the classic security market will remain with compliance projects, the need to protect, including the information presented on paper, with the basic security mechanisms of IT infrastructures, especially since most vectors still remain open to attacks. But in this regard, we see positive shifts in the policies of many companies, "says Alina Hegai.

Anton Samoilov, CEO of EveryTag, notes that the business is already beginning to realize the need for comprehensive work to ensure the safety of all work processes. Along with this awareness, the demand for more complex and expensive solutions is also growing.

It should be noted that the more complex and intelligent the solution, the more useful it is for business. Such decisions go beyond information security in the related areas of economic security, countering industrial espionage, protection from internal "sabotage." Therefore, security IT systems should not be limited to information protection alone. But it is between different "safety" that there is a gap in competencies that inhibits the development of the entire market, he says.

The UEBA fashion term?

Recently, the topic of UBA/UEBA (User and Entity Behavior Analytics, behavioral analysis of users and entities) has been gaining popularity and many developers are betting on this concept.

At the same time, as Lev Matveev, chairman of the board of directors of SearchInform notes, there are two opposite points of view on this matter. Some analysts believe that the UEBA market will grow and by the end of 2017 will amount to $200 million. According to others, this is just a fashionable term and soon the noise around it will settle down, since there is not enough technology for its development yet.

I think that the problem with the modern information security market is that they speculate a lot on it with words. Some take advantage of the client's desire to get a red button with the inscription "find a scoundrel." However, gradually this naivety disappears, and in order to continue marketing discussions, someone comes up with new terms. Classic cases that are considered in the context of behavioral analysis can already be performed by the DLP + SIEM bundle. It turns out that they are trying to sell us a bicycle under a different name and more expensive. I, together with my team, am convinced that the analysis of user behavior is a psychological thing, you need to try to understand people's motives in order to predict threats. Technical statistics, which is now being built on the basis of logging systems, are not able to solve this problem - but this is the essence of all existing UBA systems. Yesterday, an employee sent 10 messages, today 100 - how can something be said on the basis of this data? It is necessary to analyze the statistics not separately, but together with the context. Thus, UEBA and UBA are pure marketing, - said the chairman of the board of directors of SearchInform.

Irreversible market growth

Dmitry Gorelov, commercial director of Aktiv, believes that due to the increase in the speed of data transmission through communication channels, the need for information security tools and cryptographic information protection tools will only increase.

The more information, the more protection is required. And as the volume of data stored in information systems grows, and as the transfer of this data grows in projects such as smart homes, APCS systems, the Internet of Things, the information security market will only grow. There will never be a reverse process - protection will only need more and more, he notes.

2016

TAdviser data

According to TAdviser, the volume of the information security market in Russia in 2016 reached 66.3 billion rubles. The growth compared to 2015 was 7%. Companies gradually began to move from a survival strategy to a growth strategy, as a result of which budgets for the development of information security systems began to appear.

At the end of 2017, TAdviser expects growth of 10%, the market volume should not exceed 73 billion rubles.

According to market participants, in 2016 the economic situation in Russia as a whole stabilized.

Already at the end of 2015, the volume of the information security market showed an increase in ruble equivalent, albeit small. In 2016, growth continued in rubles, positive dynamics was also in foreign currency, - said Andrey Zaikin, head of information security at CROC.

According to Dmitry Gvozdev, CEO of Information Technologies of the Future, the market volume in 2016 amounted, according to various estimates, from $0.6 billion to $1 billion.

It is not always possible to clearly determine what exactly belongs to the "clean" information security market. In the future, there is reason to assume market growth, since the topic of information security is in the focus of public attention, he added.

Nikolai Domukhovsky, director of the System Integration Department of the UTSB, believes that it is not easy to estimate the volume in absolute numbers, but rather we can talk about relative dynamics.

2016 showed normal growth in comparison with 2015: the information security market grew at about the growth rate of the economy as a whole. It was well seen that most enterprises began to master in a new economic situation (sanctions, weakening of the ruble) and began to gradually move from a survival strategy to a growth strategy (accordingly, budgets began to appear for the development of information security systems, and not just for maintaining their current state), - he noted.

Ilya Timofeev, head of the department at the Industrial Safety Center of Informzaschita Group of Companies, based on a comparison of the company's financial indicators and existing internal analytics, estimated market growth in 2016 at 22-27%.

Alexey Zaletsky, head of the information security department of Amtel-Service, believes that at the end of 2016, the growth of the Russian information security market amounted to about 20%, largely due to the growth in demand for services.

This is due both to the refinement of the regulatory framework by regulators, and accordingly to the need to adapt existing systems to these requirements, and to the tendency to outsource some information security functions. Also, the growth of the market is facilitated by the emergence of new solutions and means of protection, the expert believes.

2014

TAdviser data

According to the estimates of the analytical center TAdviser, the volume of the information security market in Russia in 2014 amounted to 59 billion rubles, showing a slight growth of 8%. Kaspersky Lab continues to be the leader among domestic players, the top five also include Softline, Acronis, Optima and Informzaschita.

Sergey Zemkov, Managing Director of Kaspersky Lab in Russia, Transcaucasia and Central Asia, says that negative factors were noticeable already in the second half of 2013: slowing sales, reducing budgets (and above all among state customers), etc. "In 2014, the influence of all these factors increased, while additional difficulties were added against the background of a difficult macroeconomic and political situation," he says.

The sharp fall of the ruble played a twofold role. According to Andrei Golova, General Director of Security Code, on the one hand, the cost of component elements has increased significantly, prices for foreign protective equipment, services for their technical support and updating have increased. In such conditions, the commercial sector sequestered information security budgets and frozen projects. According to Sergei Zemkov, on average, the reduction in budgets for information security projects for most companies ranged from 15 to 20%.

On the other hand, due to sanctions and the course on import substitution, state-owned companies were forced to strengthen information security by launching new projects. According to Dmitry Ogorodnikov, director of the information security competence center of Technoserv, the public sector and state corporations today account for 2/3 of the information security market of the Russian Federation.

According to Alexander Kovalev, Deputy General Director of the Zecurion, the sanctions changed the structure of the information security market and strengthened the position of serious manufacturers. As a result, the information security market is one of the few IT areas that shows positive dynamics. After all, incidents caused by forced savings can lead to even more costly consequences, affecting the main activities of the company.

Zemkov from Kaspersky Lab adds that information security is a highly regulated industry, where many protective products must be introduced to comply with legal requirements. In part, it provides market growth.

In 2015, according to the TAdviser forecast, the information security market in Russia may show zero growth, remaining at 59 billion rubles.

Russian companies already account for about 50% of the software market and about 30% of sales in the hardware solutions segment. The exchange rate for import substitution and the high exchange rate of foreign currencies can further weaken the position of foreign vendors. Lawmakers are also ready to support the domestic manufacturer. For example, Vladimir Putin in June 2015 signed a law that provides for the creation of a register of domestic programs and the possibility of restrictions on the use of foreign software in the presence of a corresponding domestic analogue.

Andrey Golov from Security Code notes that the profit of his company in 2014 was reinvested mainly in the development and production of new products. The peak of the appearance of new Russian information security products, in his opinion, should be expected in late 2015 - early 2016.

According to Sergei Zemkov, customers, and especially for the public sector, are thinking about more efficient use of existing funds. Long-playing projects are being curtailed, existing resources are being audited and optimized to solve the same problems without new overly large-scale investments. "Many companies are beginning to consider existing domestic counterparts that they haven't taken into account before. Customers are starting to choose manufacturers and suppliers more carefully, and competition among them is intensifying. In general, the market is now redistributing towards more professional services and services, which will benefit the market, "he adds.

The state order for the development of priority IT solutions will be able to come to the rescue of the domestic manufacturer , Zemkov believes: "This will give a new opportunity for the development of the domestic development industry. We are talking not only about software supplies, but also about services for migration, adaptation and configuration, personnel training, etc., which will allow Russian integrators to also use this trend to maintain their business. "

Import substitution will lead to the fact that the key trend, and maybe a real fact, will be a reduction in Russia's technological lag from Western countries, experts hope. "Paradoxically it sounds, but the growth of the Russian information security market is just laid in the most technological lag from the West. In any case, we try to maximize our technological advantages. We will have to look for new niches, develop new markets, including foreign ones, and to do this successfully, we need competitive technologies, "explains Andrey Golov.

Read more in 2015 Information System Security Overview

IDC data

According to preliminary estimates of IDC, announced by the agency's representative in November, by the end of 2014, the information security market in Russia, the segments of equipment and software for information protection will show a decline in dollar terms, and only the segment of information security services will grow.

The fall in the information security hardware market will be even more significant than in 2013, when their supplies decreased by 10.5%. Analysts predict that by the end of 2014 the volume of this segment will be about $187 million, which means a reduction of 15.4%.

Among the reasons for the decline in IDC are sanctions and a decrease in confidence in foreign suppliers. At the same time, against the background of the general fall of this market segment, analysts predict an increase in sales of complex security solutions (UTM) by 9%.

The volume of the information security software segment, according to IDC forecasts, by the end of 2014 will amount to $396 million, which is 4.1% less than in 2013. Here IDC notes the continued steady demand for network security software, vulnerability control, mail scanning, which grew by more than 30% in 2013.

The information security services segment, in turn, by the end of 2014 will show an increase of about 4.8%, to $540 million, predicted in IDC. Analysts call the complication of the nature of threats as a stimulating factor in this segment, which increases the demand for information security consulting and subsequent implementations of information security.

According to IDC, implementation services make up the majority of the information security services segment - 44%. It is followed by consulting, the share of which at the end of the year in the total structure of information security services will grow slightly - from 22% to 24%.

Data from J'son & Partners Consulting (including forecast to 2018 )

According to the analytical report J'son & Partners Consulting (Jason & Partners Consulting), published in March 2015, in 2014 the volume of the Russian market for funds and services in the field of information security increased in nominal ruble terms by 13% to 51 billion rubles. This is slightly higher than the overall nominal growth rates of the IT market in Russia (10% according to Rosstat). In the total volume of the Russian IT market, the market for information security tools and services, according to analysts, occupies about 7%.

The devaluation of the ruble and the rise in prices for information security imports caused by it, which became especially noticeable in the fourth quarter, led to a largely positive dynamics of the domestic information security market. Analysts at J'son & Partners Consulting (Jason & Partners Consulting) note that a similar situation has not been observed since 2009. The information security market in Russia showed close to zero growth, if we take into account comparable ruble prices.

Analysts note that the main segments of the Russian information security market remained the same: network security tools and antivirus protection tools (together occupy more than 70% of the market).

Structure of the Russian information security market, 2015

In 2015, the main effect of the rise in the cost of imported information security products caused by the devaluation of the ruble will be noticeable. This will cause a fall in the Russian information security market in comparable prices.

Despite the absence of dramatic changes both in the dynamics and in the structure of the Russian information security market in 2014, the likelihood of such in the period up to 2018 is estimated as high. At the same time, the predicted consistently negative macroeconomic background will become one of the main drivers of structural changes in the IT market in general, and the market for information security tools and services in particular.

The share of information security services by 2018 will grow more than 4 times compared to 2014. These services will occupy up to 40% of the market, and the total market volume in comparable prices will decrease by 15%. In the structure of services, a significant share will be occupied by intelligent information security services provided under the Security as a Service (SECaaS) model.

The customer structure of the market will also undergo significant changes. For example, if large customers now prevail (customers from the state, financial and energy sectors), then by 2018 the structure of demand for information security products will shift towards small and medium-sized trade and service enterprises, as well as private consumers. The sales model of information security products will also change: service providers will become their main consumers.

The change in the structure of Internet traffic in favor of smart subscriber mobile devices will become the main technological factor of dramatic changes in the information security market. Thus, the share of traffic in mobile devices compared to 2014 will grow 10 times, to 40% by 2018. The share of traffic of stationary personal computers and laptops will decrease: from 90% in 2014 to 50% in 2018.

Security Code: The volume of the NDS market from NSD decreased by 21% to 746 million rubles

On December 17, 2015, the Security Code company announced the results of a study of the Russian market for information protection against unauthorized access (IPS from NSD), according to which the market volumes of this software will depend on the number of computers sold and the activity of customers from the public sector.

The study presents information on the CSR market capacity from NSD and the shares of the main vendors in the period 2012-2014. Analysts' estimates are based on open data published on the public procurement website under contracts for the supply of these products. The report provides a price and functional comparison of the solutions on the market, analyzes the factors contributing to the growth or decrease in demand for certain products, makes forecasts regarding the prospects for the development of the segment as a whole.

The volume of the Russian SMT market from NSD at the end of 2014 is estimated at 746 million rubles. This is 21.82% lower than in 2013 (954 million rubles). The negative dynamics can be explained by a decrease in the level of sales of personal computers in Russia in 2014. The volume of EPI sales from NSD directly depends on the volume of the PC market, and in 2014 it decreased by 22.7% in physical terms, according to IDC. At the same time, the information security market as a whole grew in 2014: the growth was 8%, according to TAdviser.

The report says that the use of means by customers to protect workstations and servers from unauthorized access is dictated by the need to comply with legislative requirements for protection, including:

• personal data;
• state information systems;
• confidential information;
• state secrets.

All these requirements apply to information systems in public sector organizations, as a rule. And therefore, the share of purchases made by state-owned companies exceeds 80% of the volume of this market.

The means of protecting information from unauthorized access can be conditionally divided into software products and hardware and software complexes (trusted download modules, AMDZ). The requirements for them are determined by the governing documents of the FSTEC of Russia. As a result, the same protection mechanisms are implemented in all systems, the main differences are in the control principles for software IPS from the NSD and the number of supported boards - for APMDD.

Analysts of the "Security Code" provide a price comparison of the solutions under consideration in the report. In particular, with comparable functionality, the range of product prices may vary more than twice.

At the beginning of 2015, 22 main NSDs developed by 17 vendors from NSD were on the market. Of these, 15 are software and hardware complexes, 7 are software tools. The market is weakly segmented. The largest share in 2014 (67%) belonged to the Security Code company, the four largest suppliers are closed by Gazinformservice, whose market share was 3%.

According to the study, according to the total sales volume of the Security Code solution - SSI from NSD Secret Net and the trusted download module of the Sobol PAC - have been leading over the past three years.

The second largest market share was the Dallas Lock product developed by Confidence, which showed rapid growth - from 5% in 2012 to 21% in 2013 - and strengthened its position by 1% in 2014. The market share of Blockhost-Network K, which closes the top 3 in 2012-2013, fell sharply in 2014. The company's successes in the previous two years were driven by multi-million dollar contracts with the Federal Internal Revenue Service.

Assessing the trends in the development of the SMT market from NSD, analysts of the Security Code note that in this period of time - December-January 2015-2016, players do not have the opportunity to increase sales due to the natural growth in the number of personal computers. Therefore, Russian manufacturers are focused on a qualitative change in their decisions. One step in this direction is to add new functionality. Gradually, products begin to "grow" in adjacent functions. Vendors add firewall and antivirus functionality to them.

For example, the complex solution of the "Security Code" Secret Net Studio is positioned by the company as a product for protection against external and internal threats, where the functionality of IPS from NSD is an integral part. And TSS has added virus and rootkit protection mechanisms to the Diamond ACS solution.

In the short term, the usual market for information protection against unauthorized access expects serious changes. The products will become complex. And the emergence of multifunctional solutions will affect the landscape of the market for protecting workstations and servers in general.

author = Yulia Dudkina, Marketing Director of Security Code The company systematically strengthens its own analytical expertise. In particular, a new study of the "Security Code" became the second in 2015. Earlier, we assessed the readiness of Russian companies for import substitution in the field of information security, and the results of this report were repeatedly cited by experts. Determining trends in the information security market gives us the opportunity, based on the identified trends, to build effective business strategies when developing our own products.

2013

According to J'son & Partners Consulting (Jason & Partners Consulting), the information security market amounted to 46 billion rubles. Total sales of software security solutions in 2013 amounted to more than $412 million, exceeding the same figures of the previous year by 9.2%. The demand for these solutions was largely ensured by the continued strengthening of state regulation of the information security sector in Russia. This trend is expected to continue into 2014.

The endpoint security software segment still accounts for more than 50% of the entire security software market. In second place are solutions for monitoring vulnerabilities and controlling security in corporate networks. On the third - software complexes for identification and access control. Home users remain the largest consumers of security software, providing almost a quarter of the total market volume. They are followed by the state and financial sectors.

Kaspersky Lab "retained its leading position with a share of more than 30% of the market. ESET retained second place. But in third place, significantly ahead of Symantec, the Russian company Positive Technologies, specializing in security control solutions, broke out.

Peculiarities of demand for information security in the public sector

In 2013, government agencies spent about 4.8% of IT budgets on protecting information resources. Such data were provided by the company "Security Code."

Structure of Government Departments' Costs for Information Security by Product Class

Source: "Security Code," 2013

The most popular products in government agencies are FW/VPN class solutions and antiviruses. The share of information security products of domestic production in public procurement in 2013 was more than 90%.

Products of foreign vendors competed with domestic ones in only two categories: IDMPKI systems//SSO (43% belonged to foreign vendors) and information leakage prevention tools (83%).

2012

According to Ilya Shabanov, founder of the Anti-Malware portal, in 2012 the antivirus segment of the Russian information security market was the largest and ahead of other segments (for example, the network security segment) at least several times.

"The total turnover of this market in 2011 amounted to $334 million, and in 2012, according to preliminary data, reached $400 million. At the same time, it retains an upward trend. This is against the background of a reduction in the same segment in some countries, in European Union particular in Greece, Italy and (Spain up to 20% per year). The main market players at the moment are Kaspersky Lab,,,,, " Eset he Symantec "Dr.Web" Trend Micro noted.

In May 2012, Denis Mateev, head of the Russian representative office of the antivirus company Eset, announced that the volume of the Russian antivirus software market in 2012 could reach $330. "I don't think the antivirus market will grow much this year. We predict a 10 percent increase, "he said. Mateev estimated ESET's share in the Russian antivirus software market at 30%.

2011

According to IDC, the volume of the Russian information security services market in 2011 amounted to $445 million, which was 43% higher than the same figures a year earlier. About 30% of the Russian market was controlled by five companies: Asteros, CROC, Informzaschita, LETA and Jet Infosystems.

The development of the information security services market stimulated a quantitative and qualitative increase in threats, as well as the requirements of laws and standards governing this area - in particular, the federal law "On Personal Data." According to IDC analyst Pyotr Gorodetsky, the growth of consumer awareness in information security issues was also an important factor contributing to the growth of this market.

The leading consumers of information security services were, first of all, organizations that process large amounts of personal and financial data - financial and telecommunications companies, as well as government agencies, the IDC noted. They also recorded increased interest from enterprises in the industrial sector, which began to pay significant attention to threats aimed at production infrastructure.

In 2011, the direction of information security services within the Asteros group showed a serious increase, adding about 55%. The company estimated its share in this segment at 10%, Sergei Konoshenko, director of the Asteros Information Security (formerly Cabest) information security department, told TAdviser. According to him, in addition to legislative and regulatory initiatives that were important to the market, comprehensive projects for information security management, security in cloud environments and on mobile devices acquired a large role.

The general director of Informzaschita , Sergei Sherstobitov, told TAdviser that his company occupies about 5% of the Russian market for information security services. Among the trends, he noted the growth of customer professionalism. "The vast majority of our customers understand the need to protect information. And they have long moved away from solving local problems, moving to the level of business processes and business applications, "the top manager explained.

Mikhail Bashlykov, head of information security at CROC, said that in 2011, the direction of information security projects in the company increased by 51%. Among the most popular technologies, he noted solutions to protect against fraud and leakage of confidential information, as well as the growing popularity of an integrated approach to security issues.

Igor Lyapunov, director of the Jet Infosystems information security center, estimated the company's share in the Russian information security market as a whole at 12-14%. "However, you need to understand that the information security market in Russia is very not homogeneous. Our company focuses primarily on the open market of system integration and services - on it we receive 95% of our revenue. And in this market we are leaders, "he added.

According to Igor Lyapunov, if in 2009-2010 the main drivers of the information security market were regulators, including their requirements for the protection of personal data, then in 2011 such pressure decreased. "On the other hand, business interest in information security issues has significantly increased. And this began to impose additional and very serious requirements on the activities of information security services, "the expert said. According to him, the business requires a clear financial justification of certain expenses, the argument about the "general reduction of information security risks" has ceased to work. Leaders began to demand transparency from information security. Issues related to the fight against fraud and internal fraud began to fall into the field of view of information security services.

2010

According to the IDC Russia IT Security Services 2011-2015 Forecast and 2010 Vendor Shares report, the volume of this market in 2010 amounted to $312 million. Leading suppliers - Asteros, Jet Infosystems, Informzaschita, CROC and Leta IT-company - controlled more than 30% of the market. According to IDC estimates, in the projected five-year period, the Russian information security services market should have grown annually by an average of 27.4%.

The information security services market has significant potential for further growth, analysts said. The main stimulating factor in its development was to be the desire of companies to comply with various regulatory requirements and information security standards, the report said.

According to Anti-Malware, the total volume of the Russian market in 2010 exceeded $270 million, which is 24% more than in 2009. The market size in 2010, according to the report Russia IT Security Services 2011-2015 Forecast and 2010 Vendor Shares, amounted to $312 million. Leading suppliers - Asteros, Jet Infosystems, Informzaschita, CROC and Leta IT-company - controlled more than 30% of the market. From 2010 to 2015, according to the IDC forecast, the Russian information security services market will grow annually by an average of 27.4%. The main stimulating factor in the development of the market will be the desire of companies to comply with various regulatory requirements and information security standards, the report says.

2009

Full text of the study of the information security market of Russia in 2009 (Leta IT-company)

• The volume of the "open" market in 2009 amounted to $561 million. The "hidden" information security costs (including "pirated" and other costs that are not classifiable), according to Leta experts, are approximately equal to open ones.
• 2008 - $552 million.

The main share in the structure of information security costs in 2009 continued to hold software ($369 million, 66%), although the share of services increased significantly (from $140 million to $175 million, 31%).

The most striking market trend in 2009 was the emergence of 152-FZ requirements for personal data. The cost of bringing the information systems associated with the processing of such data into compliance with the requirements of the regulators in 2010 amounted to about $110 million (according to Leta). The total volume of the information security market in 2010 was supposed to be $610 million. Thus, about 18% of revenue in the segment will be for work related to 152-FZ requirements.

The segment of personal data, according to analysts, in 2010 was supposed to grow by 37%, and in 2011 - by another 27%. At the same time, the entire information security market in 2010 was supposed to increase by only 9%, and in 2011 - by 13%.

The approval by the regulators (FSTEK, Roskomnadzor, FSB) of the new version of the Central Bank standard was assessed positively by researchers: "The banking community will receive documents that are adequate and adapted for the industry that will allow work to protect personal data." According to Leta estimates, from 2011 to 2013. only one bank had to spend more than $60 million on implementing the requirements of the standard.

Analysts were confident that with a general decrease in information security costs in 2009, the rejection of updates and the transfer of work for which system integrators were previously invited to internal IT services, customers nevertheless did not switch to pirated software (in the field of information security, it is alleged that the share of licensed software remained the same) or open source products. "If some home users really switched to" free "and open source products, then the corporate sector considered that the risks associated with the transition were not justified," the report said.

The main consumer of information security was large business (42%), but in the future its share should have decreased (to 33% by 2013). The share of state customers, although it decreased slightly (from 22% to 25%), but in the future it is steadfastly kept at the level of about one quarter of total revenue. The importance of the medium and small business segment grew, by 2012 it was supposed to become more significant for information security solution providers than large corporate customers, analysts said.

Notes

See also

• Protect information on workstations and servers
• Information security
• Information