In 2001, the United States IT security software market endured the 'perfect storm' - the combination of the economic recession and the events of 09/11. The year began on a good note, with the major players all reporting strong year-over-year growth from 2000. However, by midyear, the economic recession in the United States had started to take its toll. The double whammy of the recession and events of 11 September drove down revenue even more, while the software market also had to adapt to the growing trend toward the deployment of security appliances.
BMI-TechKnowledge, African ICT research house, has conducted the South African IT security hardware and software forecast and analysis (2001-2006) to gauge the size and influences of the local IT security software market. Internationally, the IDC believes the IT security software market will rebound in 2002 and continue to show strong growth through 2006, while estimates indicate that the total market will reach US$14,6 bn by 2006, representing a 20% CAGR. However, international trends are more often than not irrelevant to the South African market. The report states that many SA vendors were not affected by the recession in the US or the events of 09/11, and indications are that any slump in sales was rather created by the dramatic drop in the R/$ exchange rate in 2001 (especially internationally-based vendors).
Heinrich Booysen, BMI-TechKnowledge analyst and author of the study, asserts that the South African IT security hardware and software market was valued at R291 million in 2001 and is expected to grow by a CAGR of 20% to 2006. The report is segmented into five discrete IT security hardware and software markets, including the following: secure content management (antivirus and content filtering software), Firewall/VPN software, security 3A software (authentication, authorisation, administration), and encryption software and intrusion detection (intrusion detection and vulnerability assessment).
"Antivirus and firewall/VPN products still dominate the South African market, showing the deep penetration these solutions are achieving, with antivirus software making up approximately 90% of the secure content management revenue. It is also becoming evident that in some sub-segments there is a move towards a hardware/software-integrated appliance (eg firewall/VPN and intrusion detection). 3A software dominates the worldwide market but has not achieved significant market share locally. This is due to the fact that many companies are satisfied with Microsoft embedded security solutions and that PKI (Public Key Infrastructure) products have, as yet, not been embraced locally in any significant way. Encryption software is still very much in its infancy in SA and shows the lowest growth rates of all segments worldwide. However, it is expected that PKI products could possibly erode this market in the future. Intrusion detection and vulnerability assessment software are starting to gain momentum and will be closely linked to the success of managed security services (MSS)," says Booysen.
Products sell, services slow
Another local phenomenon is that IT security vendors and service providers still derive most of their revenues from products (software and hardware) rather than from services. This is contradictory to international markets where services contribute more than 40% of total IT security revenues. BMI-T believes this is indicative of the immaturity of this market in South Africa.
Furthermore, local legislation is beginning to bear down on corporate governance and is therefore having an effect on all areas of the market. The King II Report on Corporate Governance for South Africa 2002 has been developed as an initiative of the Institute of Directors in Southern Africa. It represents a revision and update to the initial King Report first published in 1994, in an attempt to keep standards of governance, applicable in South Africa, current with changing circumstances internationally and at national level.
"The part of the King Report that has an impact on IT security is the section on risk management. In this section the board of an organisation must inter alia answer the following question: 'Does the risk management and internal control and framework adopted, provide the board reasonable assurance on the safeguarding of the organisation's assets, including information?' The implication is that directors of a company must become more aware of the safeguarding of proprietary information. We believe this will have an indirect influence on the IT security market," explains Booysen.
Additionally, the report states that the E-commerce Transaction Bill currently being approved by government could also have a significant impact on this market, especially on the security 3A market where PKI and other authentication products will be positively influenced when the legality of digital signatures and transactions are addressed by this legislation.
"Overall, the level of education in South African companies regarding IT security is slowly changing, and it is a certainty that the South African IT security market will start experiencing significant growth in the near future," concludes Booysen.