This is the fourth article in a series, in which we are looking at the impact of the Russian invasion of Ukraine and ensuing international sanctions on major Russian IT companies.
Russian IT companies have been global leaders in cybersecurity. And the best known player in this field is Kaspersky Lab, a firm respected all over the world. However, the company’s international business has been crippled after Russia launched an all-out invasion of Ukraine in February 2022, when it decided to remain in its home market.
Just a few years ago, in November 2019, Kaspersky Lab was recognised as the Brand of the Year at the World Branding Awards, winning in the Anti-Virus Software category. According to Kaspersky Lab’s website, the company operates in 200 countries and territories and has 34 offices in more than 30 countries, while boasting 400mn individual users and 250,000 corporate clients globally.
Meanwhile, by the time Kaspersky Lab collected its Brand of the Year award, the firm had already been experiencing problems because of its alleged ties to Russian security services, as relations between Russia and the West soured following the annexation of Crimea in 2014.
Yevgeny Kaspersky, who founded the firm back in 1997, is himself a graduate of the KGB school. In addition, he has a long record of supporting the Russian government's initiatives aimed at greater state control over the internet.
Monopoly position in Russia
Following the invasion of Ukraine, Kaspersky Lab chose to stay in Russia, and that decision had its benefits, as by summer 2003, the firm's share of the cybersecurity solutions market reached 94%, making Kaspersky Lab a monopoly in the segment.
However, this growth came against the backdrop of an overall decline in sales of antivirus software inside Russia. The number of software licenses sold by Kaspersky Lab in Russia declined by 54% in 2022, year on year.
Overall, in 2022, the Russian market for cybersecurity software shrank by roughly 60% in both dollar terms and the number of licenses sold. Experts attributed the decline to a growing number of pirated programs installed by Russian users following the exit of Microsoft and other foreign vendors. Predictably, users installing pirated software turned out to be less concerned about cybersecurity solutions.
Still, in the first five months of 2023, Kaspersky Lab claimed a 10% increase in the number of sold licenses, year on year. The firm attributed the increase to the continuing trend of substituting imported software with locally developed equivalents, as well as to new approaches to providing cybersecurity services.
Kaspersky Lab said that interest in its program Migriruy, aimed at users willing to migrate from foreign cybersecurity solutions to those provided by Kaspersky, grew fourfold in 2022.
Incidentally, Russian antivirus software firms hope to see the segment grow over the next few years. According to a forecast by the Centre of Strategic Research (CSR), Russia’s market for antivirus solutions is expected to grow at an average rate of 24% per year to reach RUB559bn (€5.4bn) by 2027. Currently, about 30% of the segment is accounted for by foreign vendors. However, according to CSR’s predictions, by 2027, this proportion will decline to 5-8%, which will be taken by vendors from “friendly” countries, such as China.
In the Russian cybersecurity market, there have been niches traditionally occupied by foreign vendors, such as protection of corporate email and web traffic, SIEM systems or detection and protection tools for complex cyberattacks. Now, Russian software manufacturers, including Kaspersky, hope to be able to take over those niches, taking advantage of the overall drive towards replacing foreign software with local analogues. Still, they will have to develop solutions that are not yet offered at this point.
Meanwhile, the Russian government promised support for domestic software developers. Kaspersky Lab, alongside Rostelecom and 1C, have been named among the recipients of a RUB70bn (€681mn) investment package through 2030 – a measure that is likely to strengthen the local software firm monopolies in their respective niches.
A mixed bag
Overall, in 2022, Kaspersky Lab’s performance was a mixed bag. Based on the firm’s reporting, its global unaudited revenue under IFSR stood at $752mn (€715mn), a negligible 0.03% increase from the previous year. Kaspersky Lab explained this lack of growth by “geopolitical factors”, such as tensions in relations between Russia and Western countries.
In the B2B segment, revenue was up 8% year on year, but Kaspersky Lab didn’t reveal the actual revenue figure. The company said that a surge in cyberattacks against enterprises triggered a 54% uptick in sales of the corresponding solution, Kaspersky Industrial CyberSecurity.
However, when it comes to the consumer segment, 2022 saw a 15% decline in sales from the previous year. In the first and second quarters, the declines in dollar terms stood at 16% and 18%, respectively. In the third quarter, the decline slowed to 1%, while in the year’s final quarter, Kaspersky Lab saw a 15% increase, year on year.
More US sanctions in sight
In 2016, after Russia’s reported interference in the US election, Kaspersky Lab lost much of its US business and a number of government clients in Western Europe. But when the war in Ukraine started last year, it became much worse for Kaspersky Lab.
In April 2023, the Wall Street Journal reported that the U.S. Department of Commerce was considering an enforcement action against Kaspersky Lab. According to the report, president Joe Biden's administration was looking to act against the company under its online security rules. The administration had already ramped up its national investigation into Kaspersky Lab's antivirus software back in 2022, shortly after Russia invaded Ukraine.
Since April, there haven't been any news on the probe. However, any enforcement action against Kaspersky from the Commerce Department would prohibit the use of the company's software on computer networks that operate critical infrastructure. At the same time, too broad restrictions on Kaspersky Lab in the US could cause disruption to the operation of other software.
But just about any action against Kaspersky would contribute to furthering a situation in which hardware or software produced in the West is used by Western companies and organisations, while Russian-produced tech is used only by that country’s allies.
Incidentally, Kaspersky denies that it works with Russia to facilitate cyberespionage, but the firm has further stepped down its operations in North America since Russia’s invasion of Ukraine.
As business opportunities in the countries supporting Ukraine have been shrinking for Kaspersky Lab, the company is trying to foster growth in markets that are still open for its business.
In September 2023, Kaspersky Lab opened a transparency centre in Saudi Arabia, aiming to step up trust in Kaspersky products by explaining its policies to users and giving them a chance to check source code. A network of transparency centres has already existed in various countries as part of a global transparency initiative launched back in 2018.
Kaspersky Lab says its sales were up by 16% in the first half of 2023, year on year. More transparency centres are expected to be launched in Middle East, Africa and the Asia Pacific region by mid-2024.
Simultaneously, Kaspersky Lab is trying to step up its presence in the Chinese market. Recently, the firm announced an OEM agreement with Chinese electronics manufacturer Centerm, which will now install Kaspersky Thin Client on tablets and other devices it manufactures.