Man holding a laptop

Cyber Security Solutions

By Freepik

Cyber Security Solutions

Country
Sector
Most major industry classification systems use sources of revenue as their basis for classifying companies into specific sectors, subsectors and industries. In order to group like companies based on their sustainability-related risks and opportunities, SASB created the Sustainable Industry Classification System® (SICS®) and the classification of sectors, subsectors and industries in the SDG Investor Platform is based on SICS.
Technology and Communications
Sub Sector
Most major industry classification systems use sources of revenue as their basis for classifying companies into specific sectors, subsectors and industries. In order to group like companies based on their sustainability-related risks and opportunities, SASB created the Sustainable Industry Classification System® (SICS®) and the classification of sectors, subsectors and industries in the SDG Investor Platform is based on SICS.
Technology
Indicative Return
Describes the rate of growth an investment is expected to generate within the IOA. The indicative return is identified for the IOA by establishing its Internal Rate of Return (IRR), Return of Investment (ROI) or Gross Profit Margin (GPM).
> 25% (in GPM)
Investment Timeframe
Describes the time period in which the IOA will pay-back the invested resources. The estimate is based on asset expected lifetime as the IOA will start generating accumulated positive cash-flows.
Medium Term (5–10 years)
Market Size
Describes the value of potential addressable market of the IOA. The market size is identified for the IOA by establishing the value in USD, identifying the Compound Annual Growth Rate (CAGR) or providing a numeric unit critical to the IOA.
> USD 1 billion
Average Ticket Size (USD)
Describes the USD amount for a typical investment required in the IOA.
USD 500,000 - USD 1 million
Direct Impact
Describes the primary SDG(s) the IOA addresses.
Decent Work and Economic Growth (SDG 8) Industry, Innovation and Infrastructure (SDG 9)
Indirect Impact
Describes the secondary SDG(s) the IOA addresses.
Reduced Inequalities (SDG 10) Sustainable Cities and Communities (SDG 11)

Business Model Description

Invest in businesses that adopt B2B and B2G business models where they design solely Software as a Service (Saas) based cybersecurity and response solutions such as firewall breach detection for governments, MNCs and SMEs. These players include Managed Service Providers and System Integrators and are principally involved in the design, provision and management of cybersecurity solutions. Examples of companies active in this space are:

Securemetric Bhd specializes in the provision of Access and Identification Security. They are also engaged in the deployment of Application Security, Security Devices and Trust Centre Solutions. Raised USD 4 million via Initial Public Offering (IPO) in 2018 (44)

Condition Zebra is a Cybersecurity firm focusing on cyber risk management, managed security services and protection & recovery. Their Managed Detection and REsponse (MDR) solution utilises real-time data to detect, investigate and respond to cyber security threats. They have an estimated revenue of USD 6.8M. (28)

Akati Sekurity is a cybersecurity firm specialised in cyber defence operations. It offers Manages Security Services, Consulting, and Cyber Incident Response among other services. Akati Sekurity's revenue varies between USD 5 - USD 25m. (29)

Expected Impact

Enhance companies' cyber resilience, support continuous economic growth by increasing productivity, and enable the development of a secure digital economy.

How is this information gathered?

Investment opportunities with potential to contribute to sustainable development are based on country-level SDG Investor Maps.

Disclaimer

UNDP, the Private Finance for the SDGs, and their affiliates (collectively “UNDP”) do not seek or solicit investment for programmes, projects, or opportunities described on this site (collectively “Programmes”) or any other Programmes, and nothing on this page should constitute a solicitation for investment. The actors listed on this site are not partners of UNDP, and their inclusion should not be construed as an endorsement or recommendation by UNDP for any relationship or investment.

The descriptions on this page are provided for informational purposes only. Only companies and enterprises that appear under the case study tab have been validated and vetted through UNDP programmes such as the Growth Stage Impact Ventures (GSIV), Business Call to Action (BCtA), or through other UN agencies. Even then, under no circumstances should their appearance on this website be construed as an endorsement for any relationship or investment. UNDP assumes no liability for investment losses directly or indirectly resulting from recommendations made, implied, or inferred by its research. Likewise, UNDP assumes no claim to investment gains directly or indirectly resulting from trading profits, investment management, or advisory fees obtained by following investment recommendations made, implied, or inferred by its research.

Investment involves risk, and all investments should be made with the supervision of a professional investment manager or advisor. The materials on the website are not an offer to sell or a solicitation of an offer to buy any investment, security, or commodity, nor shall any security be offered or sold to any person, in any jurisdiction in which such offer would be unlawful under the securities laws of such jurisdiction.

Read More

Country & Regions

Explore the country and target locations of the investment opportunity.
Country
Region
  • Malaysia: Selangor
  • Malaysia: Penang
  • Malaysia: Johor
Learn more

Sector Classification

Situate the investment opportunity within sustainability focused sector, subsector and industry classifications.
Sector

Technology and Communications

Development need
COVID-19 highlighted the need to build resilience through digitalization, innovation and effective use of new technologies, especially for SMEs (4). These are also key in addressing (post-)pandemic challenges and national productivity decrease. Additionally, the workforce's digital skill set needs to be enhanced to support an inclusive digital transition (1, 2, 3, 4).

Policy priority
MyDigital and 4th Industrial Revolution Policy (2021) aim to transform Malaysia into a digitally driven regional leader and a high-income nation. Emphasis is put on green technology as a driver for ecological transition (target of 45 per cent reduction in emissions by 2030) (27). The communication and multimedia blueprint (2018) highlights the need for talent and innovation (7, 8, 9, 14).

Gender inequalities and marginalization issues
In Malaysia, women-owned businesses and SMEs have lower access and use of Internet (41 per cent for women-led businesses, 62% in average) (6). In Sabah, unlimited access to Internet is lower (54.7 per cent) than the national average (64.2 per cent) (5). In Asia-Pacific, Internet and mobile phone use by the older population is lower than average, especially for older women (4).

Investment opportunities introduction
Malaysia's Fourth Industrial Revolution represents an opportunity for technology and innovation development, especially in the field of AI, robotics, and big data (10). The government aims to attract RM 70 billion (USD15.3 billion) in investments to accelerate digitalization efforts by 2025 (13).

Key bottlenecks introduction
Main constraints on the digital economy include the lack of preventive measures for anticompetition (with Telekom Malaysia's large presence, majority publicly owned) and of a skilled digital or tech workforce (6, 11). Access to fixed broadband is also limited (95 per cent nationally, with 46.5 per cent for urban households access and 18.1 per cent for rural ones, in 2020) (9, 12).

Sub Sector

Technology

Development need
In Malaysia, the risk of cybersecurity threats has increased as 84 per cent SMEs in Malaysia have been affected by cyber threat incidents and 76 per cent SMEs have suffered more than one attack in 2020 alone (26). Additionally, the slow progress of technology adoption by businesses limits labour productivity growth and their transition to newer and more sustainable business models (14, 15).

Policy priority
The adoption of green technologies for energy, manufacturing, transportation, building, waste and water, as well as technologies such as automation, robotics, AI and the IoTs, are highlighted by the Green Technology Master Plan 2017-2030 and the Fourth Industrial Revolution Policy to drive Malaysia's sustainable growth (14, 8).

Gender inequalities and marginalization issues
More men graduate from the Information and Communication field than women (4.4 per cent and 3.6 per cent, respectively, and 21 per cent of women in the cybersecurity field, in 2017) (17, 22). Small firms, including women-led ones, are less likely to adopt automation technology than bigger or men-led ones, due to lack of financial resources and lower access to finance (11, 20). In 2021, transport and logistics represented 2.5 per cent of women workforce, compared to 6 per cent for men (16).

Investment opportunities introduction
The Central Bank will propose two soft loans of RM 1 billion (USD 220 million) to start-ups and SMEs on innovative sustainable technology adopting low-carbon practices (18). The Government introduced a Green Technology Financing Scheme, a Green Investment Tax Allowance, and a Green Income Tax Exemption for MyHijau-certified products and services (14, 19).

Key bottlenecks introduction
In Malaysia, SMEs' digitalization is an ongoing effort with 92 per cent of SMEs surveyed having adopted digital payment, but 39 per cent having digitalized their production as f 2022 (20). In 2020, 87.7 per cent of adults had basic ICT skills (15). Malaysia suffered 57.8 million virus attacks in Q1 2022, for which the country lacks adequate repressive laws and regulations (21).

Industry

Software and IT Services

Pipeline Opportunity

Discover the investment opportunity and its corresponding business model.
Investment Opportunity Area

Cyber Security Solutions

Focusing On 'Security-By-Design' And 'Security Response' For SMEs
Business Model

Invest in businesses that adopt B2B and B2G business models where they design solely Software as a Service (Saas) based cybersecurity and response solutions such as firewall breach detection for governments, MNCs and SMEs. These players include Managed Service Providers and System Integrators and are principally involved in the design, provision and management of cybersecurity solutions. Examples of companies active in this space are:

Securemetric Bhd specializes in the provision of Access and Identification Security. They are also engaged in the deployment of Application Security, Security Devices and Trust Centre Solutions. Raised USD 4 million via Initial Public Offering (IPO) in 2018 (44)

Condition Zebra is a Cybersecurity firm focusing on cyber risk management, managed security services and protection & recovery. Their Managed Detection and REsponse (MDR) solution utilises real-time data to detect, investigate and respond to cyber security threats. They have an estimated revenue of USD 6.8M. (28)

Akati Sekurity is a cybersecurity firm specialised in cyber defence operations. It offers Manages Security Services, Consulting, and Cyber Incident Response among other services. Akati Sekurity's revenue varies between USD 5 - USD 25m. (29)

Business Case

Learn about the investment opportunity’s business metrics and market risks.

Market Size and Environment

Market Size (USD)
Describes the value in USD of a potential addressable market of the IOA.

> USD 1 billion

CAGR
Describes the historical or expected annual growth of revenues in the IOA market.

15% - 20%

Critical IOA Unit
Describes a complementary market sizing measure exemplifying the opportunities with the IOA.

A single data breach can cost as much as.USD 100,000 to an SME in Southeast Asia (45).

Total economic losses from cybersecurity attacks amounted to USD 125 million in 2021, from RM120 million 2019 (46)

Estimated market value of Cybersecurity industry is ~USD 1.25 billion, with an estimated CAGR of 18 per cent between 2021 and 2023 (31). Additionally, Malaysia ranks 5th on the International Telecommunications Union (ITU)'s 2020 Global Cybersecurity Index.

According to the 2023 government Budget, the Malaysian government is investing RM 10 million or ~USD 200,000 to improve the National Scam Response Centre (NSRC), with the government in the process to establish a Malaysia Cybersecurity Commission (42).

Additionally, Malaysia has also been involved attracting multinational investment in this field, with companies such as Siemens Energy establishing their regional APAC cybersecurity centres in Malaysia (34)

Indicative Return

GPM
Describes an expected percentage of revenue (that is actual profit before adjusting for operating cost) from the IOA investment.

> 25%

Expert consultations have suggested that cybersecurity solutions would be predominantly focused on software solutions in Malaysia. This is inclusive of cloud technologies. In an environment of prudent cost management, Gross Profit Margins in this space are 7 per cent to 80 per cent.

Investment Timeframe

Timeframe
Describes the time period in which the IOA will pay-back the invested resources. The estimate is based on asset expected lifetime as the IOA will start generating accumulated positive cash-flows.

Medium Term (5–10 years)

Expert consultations suggest a quick turn around period of 1 to 3 years to develop and deploy a product. However, VC and PE firms have indicated a holding period of between 5 to 7 years.(39)

Ticket Size

Average Ticket Size (USD)
Describes the USD amount for a typical investment required in the IOA.

USD 500,000 - USD 1 million

Market Risks & Scale Obstacles

Obsolete technology

Around 55% of technologies used by Malaysian companies are outdated (36). In order to modernise and improve existing capabilities more R&D in the development and adoption of solutions will need to be affected and deployed to address this.

Lack of skilled workforce

Expert consultations have also highlighted that this is a technical area that requires very specific skillsets from potential employees. As such the talent pool is not large enough (38)

Business - Supply Chain Constraints

Expert stakeholders have also stated low awareness and perceived lack of urgency from SMEs on implementing cybersecurity solutions until it is too late (38).

Impact Case

Read about impact metrics and social and environmental risks of the investment opportunity.

Sustainable Development Need

Cybersecurity threats risking business operations are increasing in Malaysia as more MSMEs digitalize (7).The government aims for 800,000 MSMEs to be digitalized and 70 per cent of companies to adopt cybersecurity measures by 2025 (7).

Cyber security issues negatively affect MSMEs' economic performance in Malaysia (a 2018 study assessed that the cost of cybersecurity incidents would amount to RM 51 billion, equivalent to USD 11.16 billion, representing 4 per cent of the country's GDP) (7, 50).

Gender & Marginalisation

Among Malaysian companies, specifically smaller businesses tend to lack awareness and skills regarding cybersecurity threats and risks, and thus stand to lose much more in the face of cyber attacks (7, 52).

In Malaysia, women are underrepresented in the field of cybersecurity, with only 21per cent of the cybersecurity workforce being women in 2017 (53)

Expected Development Outcome

'Security-by-design' and 'security response' cybersecurity solutions, provided with necessary trainings and capacity building, increase the resilience of businesses. Data fraud and cyber attacks are listed among the 10 major threats to economic stability and social cohesion in Malaysia (7).

Businesses that are better equipped to deal with cybersecurity issues are financially protected. On average the cost of a single data breach for an SME in South East Asia amounts to RM 400,000 (USD 87,527) (7, 54).

Increased cybersecurity solutions provide a safer environment for business operations, particularly for companies in the digital economy, by supporting productivity increase and preventing job losses (7).

Gender & Marginalisation

Adequate exposure to cybersecurity solutions, coupled with relevant training and capacity building measures, small businesses' cyber resilience is likely to increase (7).

Increased provision and embracement of cyber security solutions in Malaysia creates more job opportunities, which, if coupled with improved access to STEM education for girls and women, could enhance female employment in the sector (53).

Primary SDGs addressed

Decent Work and Economic Growth (SDG 8)
8 - Decent Work and Economic Growth

8.1.1 Annual growth rate of real GDP per capita

8.2.1 Annual growth rate of real GDP per employed person

8.5.1 Average hourly earnings of employees, by sex, age, occupation and persons with disabilities

Current Value

The GDP grew by 7 per cent in Q4 2022 (57).

2.4 per cent of growth in 2020 (51).

In 2020, RM 16/hour (approximately USD 4) (51).

Target Value

Target to reach a GDP growth per annum of 4.5 per cent-5.5 per cent by 2025 (55).

Target to reach a GDP growth per annum of 4.5 per cent-5.5 per cent by 2025 (55).

Target to reach an average household monthly income of RM 10,065 (USD 2,181) by 2025 (55).

Industry, Innovation and Infrastructure (SDG 9)
9 - Industry, Innovation and Infrastructure

9.b.1 Proportion of medium and high-tech industry value added in total value added

Current Value

Medium and high-tech industry contributed to 43 % of the total value added created in 2020 (56).

Target Value

Digital economy to contribute to 22.6 per cent to GDP by 2025 (7).

Secondary SDGs addressed

Reduced Inequalities (SDG 10)
10 - Reduced Inequalities
Sustainable Cities and Communities (SDG 11)
11 - Sustainable Cities and Communities

Directly impacted stakeholders

People

Employees of and MSME owners benefit from better protection of their business activities and data. Cybersecurity specialists, cybersecurity solution providers, and IT personnel also benefit from increased business activity.

Gender inequality and/or marginalization

Gender inequality and/or marginalization: Women-owned and rural MSMEs benefit due to increased outreach of cyber security solution.

Corporates

Corporates: MSMEs and businesses benefit from increased digital security and greater business opportunities.

Public sector

The Ministry of Science, Technology and Innovation, the National Cyber Security Council, Malaysia Digital Economy Corporation benefit form greater achievement of the policies objectives and greater understanding of the sector issues.

Indirectly impacted stakeholders

People

General population benefits from the increased cybersecurity, and ancillary businesses working as suppliers or facilitators of the digital economy benefit as active players in the value chain.

Gender inequality and/or marginalization

Women and unemployed youth benefit from increased job opportunities and digital security.

Corporates

Companies active in the development of related technology/IT, companies working as suppliers or facilitators within the digital economy space having access to more economic activities.

Public sector

SME Corporation Malaysia and the Ministry of Investment, Trade and Industry benefiting from increased development of SMEs and the digital industry.

Outcome Risks

Increased adoption of cybersecurity solutions increase the companies' dependency on computer-based systems and external tech service providers.

If cybersecurity solutions do not offer built-in capacity building modules, the uptake will be limited to digitally savvy - mostly urban - companies, leaving the rest vulnerable to cyber threats.

Without adequate regulation protecting consumers and its strict enforcement, businesses may become vulnerable to data theft by various players in the cyber space.

Without trainings for B40 (bottom 40 per cent in income classification), women and MSMEs, increased cybersecurity solutions might reinforce their vulnerability.

Impact Risks

Challenges for MSMEs in the adoption of cybersecurity solutions (e.g. high costs and complexity of operation) are obstacles leading to stakeholder participation risk (52).

External risk caused by lack of training of the users or rapid improvements in the methods used by cyber criminals.

Lack of awareness or skills around cybersecurity might hinder the security offered by the solutions, causing execution risk (7).

Current lack of cybersecurity trainings for B40, women and MSMEs reinforce the gap in access to these services, highly risking the impact to occur.

Impact Classification

B—Benefit Stakeholders

What

Cybersecurity solutions increase businesses' digital and financial resilience while providing a safer business environment for the digital economy, and increases productivity.

Who

MSME owners, employees, cybersecurity specialists, cybersecurity solution providers, IT personnel, larger population.

Risk

Adoption challenges faced by MSMEs including high costs, external risks around lack of trainings and rapid cyber criminal evolution, lack of skills risking execution.

Contribution

Cybersecurity is key to the development of a safe and resilient digital economy, including for SMEs (in 2019, 84 per cent of SMEs suffered one cyber attack and 76 per cent more than one) (52).

How Much

The cost of cybersecurity incident have been assessed, in 2018, as representing 4 per cent of GDP (50).

Impact Thesis

Enhance companies' cyber resilience, support continuous economic growth by increasing productivity, and enable the development of a secure digital economy.

Enabling Environment

Explore policy, regulatory and financial factors relevant for the investment opportunity.

Policy Environment

MyDigital: the blueprint includes cybersecurity as part of its thrusts 4 and 6, namely "Build agile and competent digital talent", and "Build trusted, secure and ethical digital environment" (7).

Malaysia Cyber Security Strategy (2020-2024): the strategy aims at creating a secure cyberspace to foster economic development (50).

Twelfth Malaysia Plan (2021-2025): cybersecurity development is part of the policy's Game Changer IV Enhancing National Security and Unity for Nation-Building (55).

Financial Environment

Financial incentives: SME Digitalization Grant and SME Technology Transformation Fund (STTF) (7). The SME Digitalization Grant offers USD 1,123 in matching grants for business digitalisation and automation technology.

STTF provides financing facilities ranging between USD 22,457 to USD 673,703. Margin financing is up to 80 per cent for machinery/equipment. Profit rates stand at 4 per cent per annum, with a tenure of up to 10 years.

Fiscal incentives: The Industry Digitalisation Transformation Scheme (IDTS) by Bank Pembangunan (BPMB) provides financing to companies looking to adopt Industry 4.0 technologies, including cybersecurity solutions, which offers financing up to USD 6.7 million per project. (43)

Other incentives: The Matrix program, a collaboration between the government and industries to provide solutions with the aim to address SME cybersecurity challenges, offers easy-to-adopt and cost-effective cybersecurity solutions with minimum supervision (60).

Regulatory Environment

National Security Council Act 2016: provides of the establishment of the Council and establish the security areas (58).

Personal Data Protection Act 2010: Regulates the processing of personal data in commercial transactions (59). Compliance with the PDPA is compulsory for businesses offering cybersecurity solutions.

Security Offences (Special Measures) Act 2012: Provides special measures relating to security offences for the purpose of maintaining public order and security (49).

Digital Signature Act 1997: Provides the legal framework for the use of digital signatures in electronic transactions in Malaysia, outlining the requirements for certification authorities and digital signature service providers (61).

Marketplace Participants

Discover examples of public and private stakeholders active in this investment opportunity that were identified through secondary research and consultations.

Private Sector

Microdium Distribution Sdn Bhd; IshanTech (M) Sdn Bhd; Securemetric Bhd; Akati Security; Securelytics;

Government

Ministry of Communications and Digital KKD); CyberSecurty Malaysia (CSM); National Cyber Security Agency (NACSA); Malaysia Digital Economy Corporation (MDEC); Ministry of Science Technology and Innovation (MOSTI)

Multilaterals

United Nations Development Programme (UNDP); World Bank; International Finance Corporation (IFC); Asian Development Bank (ADB)

Non-Profit

National ICT Association of Malaysia (PIKOM); Cyber Security Malaysia Industry Advisory Coiuncil (CIAC); National Tech Association of Malaysia (TeAM)

Public-Private Partnership

Malaysia Cyber Securty Council (MyCC); Malaysia Cyber Secuty Strategy and Action Plan Task Force; Malaysia Cyber Securty Centre of Excellence (MyCSCoE); Malaysia Security Evaluation Facility (MYSEF)

Target Locations

See what country regions are most suitable for the investment opportunity. All references to Kosovo shall be understood to be in the context of the Security Council Resolution 1244 (1999)
country static map
urban

Malaysia: Selangor

High concentration of technology companies in Selangor, notably in Cyberjaya, providing both demand and supply of cybersecurity solutions. (23)
urban

Malaysia: Penang

High concentration of technology companies in Penang, providing both demand and supply of cybersecurity solutions. (24)
urban

Malaysia: Johor

High concentration of technology companies in Johor, providing both demand and supply of cybersecurity solutions. (25)

References

See what sources were used to establish the investment opportunity’s data and find resources that could be consulted to explore more.