Security Vendors, The Time for Japan is Now

This article was co-written with Sourav Gupta

Geodesic has always been laser-focused on partnering with the top digital transformation companies in the world. These companies have changed how we live, work, and play. As more industries are digitally transformed, cybersecurity will become increasingly essential for keeping companies, data, and people safe. At Geodesic, we have held a longstanding interest in the security space and have supported several security founders because we understand the importance of protecting the enterprise and the potential devastation that a cyber incident can cause.

In recent years, we have all seen that cybersecurity has become more important than ever before. Security postures are becoming increasingly complex, the volume of security attacks continues to rise at a rapid rate, the number of attack vectors is proliferating, and cybercriminals continue to get smarter. These developments have dramatically accelerated, faster than what most predicted, due to the impact of COVID-19 and the overnight shift to a remote and hybrid world. We believe that we are still in the early innings of what will be a long-term trend with no signs of slowing down.

In Japan in particular, we’ve seen a particularly high inflection in demand for cybersecurity software and solutions in recent years. In 2020, we published an article about how Japan would be a ripe greenfield of opportunity for technology companies following the COVID-19 pandemic. This prediction came true, especially for cybersecurity companies. We strongly believe that now is the time when security founders should press on the gas in Japan and take advantage of the opportunity at hand.

In this blog post, we will discuss:

• 1) Recent Trends / Why the Time is Now for Security Vendors in Japan
• 2) Japan Cyber Market Overview
• 3) Potential Challenges for Security Founders to Navigate in Japan

Recent Trends / Why the Time is Now for Security Vendors in Japan

Japan has always been a massive software market (~$27B market size in 2021, expected to reach ~$40B by 2025 per Gartner) and many leading enterprise software companies generate a significant amount of revenue from Japan alone. One challenge historically has been that many of the large corporations in the region are more traditional, legacy enterprises who have tended to be slower adopters of next-generation technologies. This has gradually been changing over the past decade, and significantly shifted as a result of COVID-19. While Japanese companies were initially reluctant to adopt remote work due to the strong face-to-face culture, they have started to adopt it as the norm. As we’ve learned firsthand from speaking with many of our Japanese LPs and working with our portfolio companies on the ground, large Japanese corporations realize they can’t ignore the importance of adopting new technologies and embracing a cloud and distributed world. As a result, the adoption of software and security technology in Japan is now happening faster than ever before.

Japanese interest in cybersecurity has been further accelerated by recent cyber attacks. In recent years, Japan has become a major target for cybercriminals, falling victim to multiple attacks, many of which resulted in huge loss of data, leaked information, and serious damage to organizations’ finances and security status. Just a few examples:

• In 2018, a Japan-based cryptocurrency exchange lost $530 million in a hack
• Starting in early 2020, companies in Japan ranging from small businesses to large corporations like Honda, Canon, and Capcom have faced an unprecedented spike in ransomware attacks, which have suspended business operations, crippled computer and email systems, and often resulted in millions of dollars in losses
• There were multiple threats of cyber attacks on the 2020 Tokyo Olympics, prompting Japan to work with the US Department of Homeland Security, Israel Electric Corporation, and others to improve its security posture and protect its critical infrastructure
• According to NTT Corporation, 450 million cyberattacks were attempted on Japan’s Olympics infrastructure!
• In 2021, Japanese government data stored in Fujitsu software was accessed and stolen by hackers; impacted entities included the Ministry of Land, Infrastructure, Transport, and Tourism (which had at least 76,000 email addresses leaked), Narita Airport, and the Cabinet Secretariat of Japan

In response to these events (and several others), Japan’s government has strongly urged business leaders to strengthen their internal cybersecurity efforts and there is a large nationwide top-down emphasis in this area. They’ve taken additional measures like implementing the Security Assessment System for Government Information Systems (ISMAP), which requires public cloud providers to adhere to a certain set of security requirements if they want to do business with Japanese government entities. Japan plans to more formally revise its national security strategy in the second half of 2022, which should be yet another tailwind for security vendors looking to do business in the country.

Japan Cyber Market Overview

The cybersecurity market in Japan is currently estimated at ~$10.6B and is expected to continue to grow at a steady pace in the coming years (source: Nomura Research Institute). In addition to continued digital transformation initiatives, the increased use of telework, web conferencing, and cloud services due to the spread of COVID-19 and the post-pandemic long-term cultural adjustment towards remote work will drive the continued enhancement and strengthening of security measures. Specific areas where we are seeing particularly strong demand include cloud security, endpoint security, IoT security, code/developer security, and user authentication/identity management technologies.

Another interesting data point is that Japan has a relatively limited number of cybersecurity professionals, with only 28% of IT professionals working in-house. This share is significantly lower than the 65.4% in the United States, 61.4% in Germany and 53.9% in the United Kingdom. As a result, there is more need for cybersecurity technology to counteract this shortage of security professionals and supplement their capacity. Security vendors offering broader platform solutions (such as Geodesic portfolio companies Netskope and Tanium, for example) are perceived as especially valuable in Japan, as customers with limited resources often don’t have the means or budget to deploy and stitch together several different security point solutions.

Japan is also one of the largest public cloud markets in APAC, expected to grow at 18% CAGR from $8B in 2018 to $18B in 2023. This increasing adoption of the cloud in Japan will continue to result in increased demand for cloud-focused and cloud-native security vendors who want to sell their products in the region.

Potential Challenges for Security Founders to Navigate in Japan

One of the core challenges for security adoption in Japan is that many Japanese companies have legacy systems that need overhaul. Modern security software often cannot be used or integrated effectively with these old architectures. Like in any transformational period, upgrades to systems and architectures may be necessary to take advantage of the newest technologies in the market. Japanese enterprises are becoming more aware of this need to upgrade and are taking steps to modernize their systems, but it is important to be aware that this process is still in the relatively early stages.

Another challenge is that Japanese companies still require some level of education and sales pitching, more so than US-based companies. We’ve heard from our LPs and our broader network in Japan that it can be difficult for them to separate the valuable solutions from the noise and really understand the differences between the sea of different players in the market. Our team in Japan helps Japanese companies navigate the different security solutions from the noise, allowing differentiated US-based companies to stand out. To do that, security founders should be sure to clearly describe how their product is different from other solutions and emphasize why earlier solutions are no longer sufficient in today’s world.

Conclusion

Despite some potential challenges, we have found time and time again that if done right, the investment in Japan is well worth it (just ask our portfolio companies). A little bit of proactive effort and evangelization can result in a lot of enterprise demand from prospects for your cybersecurity products and meaningful revenue for your business.

We hope you’ll take away from this post that Japanese customers and partners are eager to digitize and adopt new security technologies, and for cybersecurity companies thinking about focusing more of their efforts in Japan, the time is now. While there will be challenges along the way, the investment is likely to pay off and it’s important to be patient and proactive.

Please don’t hesitate to reach out to Geodesic if you’re building a cybersecurity company and are thinking about expanding into Japan and Asia. We’d love to help!