The key factor that influenced the cybersecurity market situation in Russia in 2022 is an unprecedented number of hacker attacks on domestic companies in various business areas and the active position of regulators and the state, which translates practical, effective cybersecurity into the number of key needs. The second story that qualitatively changed the market: the rapid and massive withdrawal from the market of foreign manufacturers of information security tools.

Despite the fact that analysts' forecasts were rather negative (an 11% reduction in market volume was expected, and market volume in this case means the amount of money paid by the client), according to the preliminary expert assessment of Positive Technologies, the information security market in Russia has grown by 10-20% this year.

The massive attacks that affected the infrastructure of Russian companies were reflected in a significant increase in the share of cybersecurity services (work related to security analysis, monitoring of information security events, incident response and investigation). In particular, the volume of such work at Positive Technologies has more than doubled in 2022.

Application Security has become one of the most popular areas on the market in 2022, which is not surprising given the specifics and number of attacks on web applications and information systems of companies during the year. In particular, the application-level firewall (PT Application Firewall) and the security analyzer (PT Application Inspector) from Positive Technologies have demonstrated more than three-fold growth in the company's sales volume by the end of the year, and the dynamic application analyzer (PT BlackBox), which appeared on the market in the third quarter of 2022, by the end of the year has already a dozen implementations. Also, a new Positive Technologies product, PT Extended Detection and Response (PT XDR), received commercial success this year, whose commercial release took place in the second quarter of 2022. In less than a year, 10 implementations were carried out (the largest installation was carried out in an infrastructure with more than 20,000 assets) and more than 50 successful pilot projects were carried out, planned for implementation in the first half of 2023.

The most effective and even mandatory tool for detecting the presence of a hacker in the infrastructure was the system for detecting attacks in network traffic — PT Network Attack Discovery — a 2.5-fold increase in sales. The de facto industry standard MaxPatrol line has demonstrated no less impressive dynamics: the number of installations of MaxPatrol SIEM (real-time information security incident detection systems) and MaxPatrol VM (next-generation vulnerability management systems) in 2022 exceeded 600 and 350, respectively.

Following the events of 2022, the cybersecurity industry has come to the need to rethink the basic principles of building protection and responding to threats across businesses, industries and the country, and in 2023 cybersecurity as an industry expects a period of active reassembly with a greater focus on the practice of effective protection.

In the coming years, the information security market in Russia will finally become a market of domestic manufacturers and will grow at times, the demand for technologies that allow preventing hacker attacks before irreparable damage is inflicted on companies will increase even more. In particular, the trend of the next year can be considered the growth of interest in Bug Bounty platforms among companies in various business areas (including government), practical cyber studies and security tools with the maximum level of automation in terms of detecting hacker attacks and countering them.

Also, in the interval of 1-2 years, we should expect the appearance on the market of new progressive means of protection in niches traditionally occupied until now by foreign players. So, first of all, we will see updates to the lines of solutions in the NGFW class, protection of container environments and clouds.