IDC: China's IT Security Software Market Grows 1.8% YoY in 2024
IT Security
Beijing, May 13, 2025
The latest "China IT Security Software Market Tracker Report, 2H2024"(《中国IT安全软件市场跟踪报告,2024H2》) released by International Data Corporation (IDC) shows that the size of China's IT security software market in the second half of 2024 was approximately 17.05 billion RMB (about 2.38 billion USD), a year-on-year increase of 0.4%. Combining full-year data, the size of China's IT security software market in 2024 reached 28.3 billion RMB, up 1.8% compared to 2023.
Under IDC's definition, the security software market is composed of seven functional markets/sub-markets: data security software, endpoint security software, identity and access management software, software security gateways, security analytics and intelligence, response and orchestration software, and others. The performance of key vendors in China's security software market/sub-markets in 2024 is as follows (all data are rounded values):
Overall, the performance data of China's security software market in 2024 is as follows:
The overall growth rate of the security software market in 2024 slowed to 1.8%. Government budgets tightened, but special investments increased, with government cloud, emergency management, and data governance becoming key focuses. Projects became more concentrated at the provincial level, while municipal procurement decreased. Operators' 5G and computing power network construction drove security investments, focusing on botnet, worm, and malware governance, full traffic monitoring, and encrypted traffic analysis. Mobile Cloud and Tianyi Cloud collaborated with security vendors to launch cloud security resource pools. Identity management (IAM) in intelligent computing centres, container security, and privacy computing emerged as new directions. Financial institutions upgraded their practical protection measures, with EDR, ransomware defence, and API security as priorities. Local and rural commercial banks accelerated domestic substitution, while large banks focused on vulnerability closure and attack surface management (ASM). The China Banking and Insurance Regulatory Commission's data security management regulations spurred the construction of data compliance measures such as data masking and watermark traceability systems.
There is strong demand for data security platforms in the data security market, with data classification and grading, API monitoring, and full lifecycle management being the core scenarios. DSMP integrates classification and grading, desensitisation, API monitoring, etc., increasing government and financial sector projects worth tens of millions. The application of AI in data security products enhances the efficiency of unstructured data classification and grading, as well as dynamic identification of sensitive data.
In the endpoint security market, behavioural analysis is replacing signature-based detection, with security vendors introducing virtual patching and decoy technologies. The adaptation rate of security products from various vendors to domestic operating systems has significantly increased. Within CNAPP, vendor products integrate micro-segmentation, RASP, and Kubernetes security, achieving zero-trust security in cloud-native environments, with adoption rates rising among automotive and internet industry clients.
Analyst Views
Zhao Yi, senior research manager at IDC China, stated that due to the macroeconomic downturn, government and certain industry budgets have been reduced, leading to short-term fluctuations in the security sector, but structural opportunities remain significant. The Chinese security software market exhibits characteristics of "compliance as the foundation, AI-driven, and cloud transformation." Amid short-term volatility, security vendors are continuously seeking differentiated opportunities in niche industries and new technologies while facing severe challenges such as price competition and budget constraints.
Compliance remains the core driver: The graded protection scheme 2.0, Data Security Law, and industry regulations fuel demand for foundational security products. The ongoing advancement of localisation projects spurs the procurement of security products compatible with operating systems, databases, and middleware.
AI and large models emerge as new growth areas: Vendors enhance product competitiveness through AI (e.g., threat analysis, automated response). Clients in government, finance, and power industries show strong interest in AI-integrated security products, actively exploring practical application scenarios.
Cloudification and SaaS transformation accelerate: Private cloud security demand remains stable, public cloud security growth speeds up; Cloud-native security (CNAPP) becomes the focus, and unified security management needs rise in hybrid cloud environments.
