TAIPEI, July 29, 2021 /PRNewswire/ — Brain Shen, Chairman of Information Service Industry Association (CISA), has recently published an article titled "Decoding Taiwan’s Information Security Industry’s Dilemma", sharing the views of the Information Security development in Taiwan. The full text is as follows:
In November of 2017, Taiwan held the Information Security Industry Strategy Conference, and in 2018 Taiwan’s public sectors and private enterprises visited Israel to observe their Information Security (InfoSec) industry. These two events led to the formulation of the 2018-2025 Taiwan Information Security Industry Development Plan. Many parts of this plan refer to Israel’s InfoSec industry; however, it fails to take the differing industrial strengths and public roles of Taiwan and Israel into account. The result is that now, three years later, the Taiwan InfoSec industry has only seen severely limited growth marked by the complete absence of any sizeable InfoSec businesses.
Though the Taiwan InfoSec market is limited, many small-scale businesses do exist, an indication that there is still plenty of potential for innovation in the industry. Yet even though the industry is full of opportunities to capitalize on, in scale it remains stagnant. How the authority should develop an environment in which the InfoSec industry can flourish is a question of the utmost importance. I recommend that the authority should work to build an InfoSec ecosystem by integrating resources in the industry and assisting businesses with outsourcing; after all, in order for this industry to grow, it cannot rely solely on the Taiwan market.
How, then, should an environment for the InfoSec industry be constructed? First, public policies should be developed to guide large Taiwanese companies to invest in the industry, so that these enterprises become the focal and dominant firms in the InfoSec ecosystem. The fields in which they invest should enable them to integrate different kinds of InfoSec solutions, including providing InfoSec cloud services and developing products which combine software with hardware. Only when these focal firms come together to continually invest in the industry will it further drive the development of startups, as this would provide momentum to attract talent and spur innovation. Furthermore, as there is a severe lack of InfoSec talent in Taiwan, unless large-scale ICT companies are guided to invest in the InfoSec industry, the result will be a lack of industry-academia cooperation and the industry finding it hard to resolve the dearth of talent and major companies.
Current public policy favors expanding Taiwan InfoSec market, but doing so neglects the characteristics of Taiwanese enterprises: large international groups and financial holding companies in Taiwan will not risk utilizing the security solutions of small-scale InfoSec companies (these companies might not even have products suitable for large companies), and small and medium-sized enterprises favor products from foreign InfoSec companies, thus failing to benefit local small-scale InfoSec manufacturers.
I suggest the authority prioritize the efficiency of capital output and input. In order to do so, it must: 1) use tax policy to incentivize large-scale ICT manufacturers to invest in InfoSec development; 2) use the Taiwan Development Fund to set up an InfoSec investment fund in collaboration with large-scale ICT manufacturers, with a professional investment team handling the fund to invest in Taiwan InfoSec manufacturers; 3) establish Public Information Security Policies as important fields for Taiwan security solutions to develop in; 4) reward large-scale ICT manufacturers for global acquisitions of InfoSec startups; and 5) encourage large international InfoSec companies to set up research and development centers in Taiwan. Currently, there is sufficient funding in the InfoSec market; only by utilizing big data analysis combined with researchers in the field and policies dedicated to developing an industry ecosystem can we resolve the dilemma of stagnant growth in the InfoSec industry.