The easing of the zero Covid policy in China and of the government crackdown on its Tech industry have obviously been a major positive as both Chinese Tech giants and local companies, that often fly under investors’ radar, enjoyed a significant rerating since the end of 2022. Specifically, cybersecurity firms, that were hit by a slower tendering activity last year (especially in government) due to Covid lockdowns, are now expected to record an acceleration in their top-line growth (from 10-15% in 2022 to 25-30% in 2023-24), setting them on a more attractive growth profile than their US peers and suggesting, in our view, that the rerating could continue.
With over 1 billion of 5G subscribers, more than 35% of total retail sales coming from e-commerce and half of the population using mobile payments, China has rapidly become the world’s largest digital economy. The digitization of services like healthcare (telemedicine) or education and the explosive growth of connected vehicles and smart cities (half of the world’s smart cities are already in China), just to name a few secular trends, are further accelerating the economy’s digitization process.
Obviously, such a disruptive process can only succeed if state-of-the-art cybersecurity layers are implemented. Thus, it is no wonder that cybersecurity has become, just like in the West, a top IT priority for local companies and the Chinese government, the latter representing nearly a third of the total Chinese demand for cybersecurity solutions and services.
Importantly, this secular demand is expected to get a boost from several government policies that will favor the domestic cybersecurity industry over the next couple of years:
- Xinchuang, a major policy introduced in 2022, is the Chinese government-led effort to replace foreign technology by local ones (“made in China”) and is crucial to support the development of indigenous innovation, including cybersecurity tools and services. Given that China counts (for how long?) two foreign companies among its top 5 cybersecurity players (Palo Alto at the top spot and IBM in third position), there is a significant market share gain potential for domestic players.
- In various policies introduced in 2022-23, the government has also promoted the development of a unified national data infrastructure and of a data security industry, proposing to build more established data security standards. This should result in increased spending on data analytics and security software, notably from the government. In recent months, domestic players have started to announce significant government deals for data security.
- China is also seeking to accelerate the development of a “digital government” with the release in 2022 of guidelines emphasizing the need for China to increase investments in cross-agency digital government services for citizens with enhanced cybersecurity.
- Finally, even it was already announced two years ago, it’s worth keeping in mind that the Ministry of Industry and Information Technology drafted China’s most comprehensive policy plan for the cybersecurity industry stating that significant industries like telecommunications should allocate 10% of their IT upgrade budget to cybersecurity by 2023.
All these government-driven initiatives will give a shoot to the Chinese cybersecurity market growth rate which is expected to expand at more than 20% per annum over 2021-25 according to IDC, above the US market which is expected to grow in the low teens.
Currently, the industry already counts more than 15 listed pure players for a combined market capitalization of over $100 billion. The aforementioned supportive environment will motivate many promising startups to be listed on the market as well, hence further attracting talents and funds into this thriving ecosystem. Also, the frenzy in western cybersecurity M&A (410 deals in 2022 alone…) and private equity transactions (162 backing deals) could well catch China given its fragmented domestic cybersecurity market. In all, this virtuous circle will confirm that China’s decade-long quest to become a relevant cyber power is starting to pay off.
Importantly, the Chinese domestic players are now able to cover almost every cybersecurity end market: local heavyweights like Venustech (a portfolio company) and Sangfor are covering the crucial aspect of Network Security which encompasses firewalls, intrusion prevention and detection. Cloud Security is addressed by DBAPP and Chinese hyperscalers like Alibaba Cloud and Tencent Cloud. VRV and private firms like Antyi Labs and Bangcle are offering top-notch products/services for the critical Endpoint, Mobile and IoT security segments. The “recent” emergence of Zero Trust Architecture security platforms, boosted by the Covid induced work-from-home period, is covered by leading companies such as Topsec or i-Sprint (private).
In brief, each cybersecurity sub-segment can be filled with at least two or three listed names and a dozen private companies, backing our belief that this industry is on the verge of consolidation.
In terms of valuation, the Chinese pure players appear attractive as they offer 30-50% discounts in terms of 2023 EV/Sales (around 4x on average) ratios compared to their western counterparts. This significant discount can be explained by a slower revenue growth when exiting 2022, lower profitability levels (2023 operating margins are in a 0%-14% range) and a higher risk on Chinese equities (government intervention…), but with both revenue growth and profitability expected to rapidly improve, the valuation discount should narrow going forward.
As we said above, we believe that some of these players will be able to kick the western companies out of the country based on their state-of-the-art AI-based products and services and not only because of any protective political and government enforced decision. However, given the state of the US-China relations and their ongoing cyberwar, we clearly rule out any expansion opportunity for these domestic companies outside of China.
This last point is not a big issue given the fact that the whole Chinese cybersecurity, which is expected to generate more than $20 billion in revenue in 2023, represents less than 10% of the world’s global cybersecurity revenue. Given China’s (relentlessly growing) digital economy size and its willingness to technologically “fly solo”, it is easily conceivable that the domestic cybersecurity industry will soon command a significantly bigger global share of this lucrative IT segment, hence deserving a higher weight in our portfolio.