Log in

Cyber security in middle- and high-income countries

10 October 2019 | Research

Igor Babić

Video and podcast | Cyber Security

In this podcast, we will hear from Analyst, Igor Babić, who has been looking at the results from our recent business survey. He will talk about how security requirements vary by country.

Listen to or download the podcast

Podcast transcript

Analysys Mason recently conducted a survey of almost 3000 small and medium-sized businesses worldwide (by this, we mean companies with fewer than 1000 employees).

The results, some of which I'll talk about in this podcast, show that businesses in middle-income countries (such as India or Indonesia, for example) and high-income countries (such as the USA and Germany) have similar cyber-security requirements, and share similar views on the threat landscape.

Despite this, the challenges that businesses in these two country groups face in developing their security capabilities vary considerably. Vendors that want to grow in middle-income markets need to understand that the prices and complexity of their standard solutions are significant barriers to adoption. They should address this problem by adapting their offerings.

Our survey shows that businesses in middle- and high-income countries have similar views on what will affect their cyber-security plans. For example, 31% of the surveyed businesses in high-income countries and 28% of those in middle-income countries have ranked "shifting more applications to the cloud" as one of the top three factors that will have an impact on their cyber-security plans in the next 12–18 months.

Businesses in both country groups perceive the need to protect their customers' privacy and data as the main factor that will have an impact on their short-term cyber-security plans (44% of the surveyed businesses in high-income countries and 43% of those in middle-income countries have ranked this as one of the top three factors). This comes as no surprise; 32% of businesses in middle-income countries and 22% of those in high-income countries experienced a security incident involving theft of data during the last 12 months, according to our survey.

Our survey also asked about the barriers that businesses face in developing their cyber-security capabilities. The results were starkly different by country income level.

A lack of awareness of vendors and the products available in the market is the biggest problem for businesses in the UK and the USA, for example. In all of the middle-income countries surveyed, this is the least significant barrier for the adoption of security solutions. In these countries, factors under vendors' control (such as solution pricing, solution complexity, the guidance provided and vendors' ability to provide optimal solutions) are all perceived to be more important barriers.

A lack of specialist security staff is a problem for businesses in both middle- and high-income countries, but again, a higher proportion of the surveyed businesses in middle-income countries listed this as a challenge. It is notable that European businesses (those in France, Germany and the UK) are the least worried about this issue.

Security vendors should see the challenges that businesses in middle-income countries face as an opportunity. These businesses may be unattractive targets to vendors for many reasons, such as their security spend being lower than that of companies in high-income countries and pricing being a more important factor in purchasing decisions, but they represent a growing market that vendors can serve with existing capabilities.

Few security vendors report their regional revenue splits, but from the revenue of those that do, we can conclude that revenue growth is significantly faster in the rest of the world than in North America, easily the largest region currently for many vendors.

To address the growing opportunity in middle-income markets, security vendors could consider providing lower-cost versions of their standard offerings. Solutions would need to be less-complex and faster to implement, and would need to come with an appropriate level of guidance (given that around a fifth of the surveyed businesses in middle-income countries reported that the lack of guidance around solutions was a challenge, and that a quarter stated that they lack specialist security staff).

Vendors could also experiment with freemium models in such markets, allowing businesses to use specific features of their solutions free of charge. If businesses are satisfied with the level of service offered for free (particularly in terms of simplicity to use), they may be easier to convert into paying customers.

If you liked this podcast and want to hear more, please subscribe to our podcast feed. It can be found in Apple Podcasts, Google Podcasts and other podcast applications.


Article: Business survey 2019: cyber-security trends in high- and middle-income countries