Caixin reported on August 31st (Reporter: Wu Xin), A-share half-year reports have been disclosed, and the overall situation of the cybersecurity industry in the first half of the year has been outlined. According to Caixin reporters' statistics, in the first half of the year, out of the top 20 companies in the information security industry by revenue, only 3 were profitable, and all of the top 10 experienced losses; As for ROE, the median value of the 20 companies has dropped to -3.49%.

Regarding the reasons for industry losses, many cybersecurity manufacturers mentioned project cyclicality and seasonal payment factors in interviews with reporters, but the overall industry growth pressure is an undeniable fact. In the context of significant funding pressure and declining purchasing power among G-end customers in the downstream, the cybersecurity industry still needs to expand more market-oriented customers as a new growth point.

Payments are concentrated in the second half of the year, and profitability may improve.

Caixin reporters found that in the cybersecurity industry, the losses of Qihoo 360 (688561.SH), Sangfor Technologies Inc. (300454.SZ), and 360 Security Technology Inc. (601360.SH) in the first half of the year reached 0.82 billion yuan, 0.592 billion yuan, and 3.41 billion yuan, respectively, making them the top 3 most loss-making companies among the top 20 by revenue. In addition, Topsec Technologies Group Inc. (002212.SZ), CETC Cyberspace Security Technology (002268.SZ), and NSFocus Technologies Group (300369.SZ) all had losses exceeding 0.2 billion yuan, while CSI Information Security Index (688201.SH), Beijing VRV Software Corporation (300352.SZ), Surfilter Network Technology (300311.SZ), and others had losses ranging from 30 million yuan to 0.1 billion yuan.

The cyclical nature of project settlements and the seasonal payment factors are considered important reasons for the losses in the first half of the year. Beijing VRV Software Corporation expressed that the company's order backlog and business volume in the first half of this year were basically flat compared to the same period last year. Mid-term revenue and performance have seasonal characteristics, and among the disclosed industry companies, most are experiencing losses. CETC Cyberspace Security Technology also mentioned in its announcement that this is mainly due to the current complex macroeconomic environment and a more severe industry development situation, with a significant impact on demand for major customers such as the government due to slowing funding. Project implementation cycles have lengthened, leading to a decrease in income.

Caixin reporters learned that the downstream customer base of the cybersecurity industry is diverse, including government agencies and institutions, central enterprises, and operators, with the G-end being the main customer group. IDC data shows that in terms of end-user investment, the government is the industry-leading spender on cybersecurity, accounting for 24.9% of spending in 2024.

Considering only the cyclical nature of projects and payment factors, the industry's profitability situation may improve in the second half of the year. A person from the investor relations department of Venustech Group Inc. (002439.SZ) told reporters, "These customers generally apply for the full-year IT budget at the end and beginning of the year, conduct tenders in the middle of the year, and then implement installation. The entire project cycle is quite long. Based on the normal business pace, tenders are carried out in the first half of the year, installation is conducted, and user training is confirmed, and generally income arrives by the end of the year."

Yang Hua, Vice President of Beijing VRV Software Corporation, also told Caixin reporters that the second half of the year is the peak period for cybersecurity, "definitely stronger than the first half of the year."

Zhang Yi, Chief Analyst of iimedia Consultancy, analyzed to reporters, "The overall situation in the second half of the year may be slightly better. One reason is that companies may increase their efforts to reduce costs and increase efficiency, and projects will also be completed. But overall, I personally don't think this year's situation is particularly optimistic."

Industry growth is under pressure and needs to find new space.

In the short term, due to centralized payment and settlement, the profitability of the cybersecurity industry may improve to some extent in the second half of the year. However, in the long term, it is an undeniable fact that the industry's growth is under pressure.

According to reporters' statistics, the average year-on-year growth rate of revenue in the cybersecurity industry of Changjiang Securities can still reach 22.38% in 2021, but it is only 0.70% in 2022 and as low as -2.72% in 2023.

According to a report from iimedia Consultancy, the growth rate of China's cybersecurity market size was 21.5% in 2019, but from 2020 to 2023, the growth rate has fluctuated and declined, and the growth pace is expected to continue to slow down in the coming years.

The aforementioned Venustech Group insider also told Caixin reporters, "At present, the third quarter has not shown stronger market demand than the second quarter, nor has there been more market expenditure release. The downstream demand will remain weak in the next 1-2 years."

Finding new growth points is the top priority. Zhang Yi said, "The main products of the cybersecurity industry are all in line with the government and other related fields, with a slow payment cycle and a significant impact from government fiscal expenditure. In the long run, we should increase efforts in product innovation and target customers more towards the market-oriented sectors, such as smart home, smart automobile, and smart factory."

Based on the iteration of technology upgrade and replication and deep cultivation among clients in different industries, as well as the exploration of more market-oriented customers outside the G-end, it is seen as an important path for the cybersecurity industry to find new growth space. For example, Beijing VRV Software Corporation recently revealed in a research summary that the company "will continuously adjust the customer structure, focus more on 2C-end customers, in order to improve the collection situation".

According to Beijing VRV Software Corporation, in the first half of the year, the company launched the overseas version of Linkdood with integrated AI technology, which achieved real-time simultaneous translation function for the C-end market. In addition, there are also the Quantum version of Linkdood, and the "Little Black Box" version, mainly used for protecting personal privacy and commercial secrets, ensuring communication security.

Beijing VRV Software Corporation recently won the bid for the customization development sub-system consulting and implementation services of the "Network Security Emergency Command System Project" of Kunlun Smartech Co., Ltd. The project is mainly based on the development of a network emergency command and disposal platform using the "VRV Secure Instant Communication Base" to ensure the coverage of network security emergency command and disposal for multiple key information infrastructures. It is reported that the "VRV Secure Instant Communication Base" has been widely used in the military client previously and may be replicated in energy clients based on the cooperation model with Sinopec.

In addition, expanding into new application scenarios and enterprise clients is also a key focus of cybersecurity vendors. For example, Qihoo 360 Technology Co. Ltd. revealed in response to investor inquiries in May that the company has conducted attack and defense technology research in the network security of low-altitude aircraft in recent years and has accumulated a certain amount of experience in network security construction.

On the other hand, Topsec Technologies Group Inc. has set its sights on the integration of smart automobiles and smart road networks. The company has publicly stated that it has formed an integrated security protection system for cloud, management, end, and edge in the field of car-road-cloud integration security, covering scenarios such as environmental security and data security. The company has also launched smart connected car security solutions, car-road-cloud integrated security defense solutions, and has implemented multiple projects.