中國(guó)軟件業(yè)：網(wǎng)絡(luò)安全支出加大政策、風(fēng)險(xiǎn)力度

1、21 November 2019 Equity Research ReportChinaChinaEquitiesSoftwareCybersecurity spending step-up on policies, risksChina SoftwareInvestment in response to US-China trade conditions benefits the the focus is shifting from toWe initiate on cybersecurity-provider NSFOCUS with a Buy; a new state-owned sh

2、areholder may help it governmentbusinessMaintain Buy on Venustech, Sangfor; update estimates andTPsGrowth likely to accelerate. We expect the government and large corporations to boost their investment in cybersecurity because (1) US-China trade tensions continue tomount,(2)tighterrulesas“gradedprot

3、ection2.0”are1 andthisisperiodonITtypicallyRecentresults missedmainlyonperformanceofandbelievethishasbeenpricedin.Ashaveacceleratingin9M19, believe the trend continue for the prefer: Venustech (TP RMB42), NSFOCUS (TP RMB23), and Sangfor (TP RMB145) allBuys.The new battlefield. Many traditional cyber

4、security products, such as firewalls and VPNs, are mature now. Efforts are shifting to selling services that include security consulting, risk assessments and, especially, security operations, a hot spot for the industry, with many companies entering this field.Initiate on NSFOCUS with a Buy. NSFOCU

5、S is a leading network security solutions provider. State-owned CETC Investment recently became the biggest shareholder whenamajorforeigninvestorsolditsstake,indicatingNSFOCUSmaynowbeableto secure more government-related business. We believe this year is a turning point for earnings, with net profit

6、 set to accelerate over the next threeyears.Remain Buy on Venustech and Sangfor. We believe Venustech stands to benefit most from favourable policy measures, as it has a high share of revenue from the government. We raise our target prices for both stocks and roll forward ourvaluation.Key downside r

7、isks to our target prices and ratings include intensifying competition; industry growth slowing from 2021e; lower-than-expected spending in the first year of the 14th Five-year Plan; and uncertainties in new areas, such as securityoperations.Sijie Ma* (S1700517120003)Head of A-share IT Software Rese

8、arch HSBC Qianhai Securities Limited HYPERLINK mailto:sijie.ma sijie.ma+86 10 5795 2342Yiran Liu* (S1700119080001)AssociateShenzhenChanges to our estimatesCurrent Targetprice Upside/ Change torevenueforecast Change to profit forecast CompanyTickerCurrencypriceOldNewRatingdownside2019e2020e2021e2019e

9、2020e2021eNSFOCUS 300369 CH RMB18.66-23.00Buy23%Venustech002439 CH RMB33.7525.0342.00Buy24%-8%-9%-8%4%-1%-1%Sangfor300454 CH RMB124.70106.37145.00Buy16%-7%-11%-13%-26%-32%-37%Bluedon300297 CH RMB5.326.465.00Hold-2%-14%-20%-23%-33%-34%-39%Note: Priced at close of 15 November 2019Source: Bloomberg, HS

10、BC Qianhai Securities estimatesDisclosures & DisclaimerThis report must be read with the disclosures and the analyst certifications in the Disclosure appendix, and with the Disclaimer, which forms part of it.Issuer of report: HSBC Qianhai SecuritiesView HSBC Qianhai Securities at:https: HYPERLINK /

11、/Contents HYPERLINK l _TOC_250006 Executivesummary3 HYPERLINK l _TOC_250005 Companysection11 HYPERLINK l _TOC_250004 NSFOCUS(300369 CH)12 HYPERLINK l _TOC_250003 Venustech(002439 CH)21 HYPERLINK l _TOC_250002 Sangfor(300454CH)26 HYPERLINK l _TOC_250001 Bluedon(300297 CH)31 HYPERLINK l _TOC_250000 Di

12、sclosureappendix35Disclaimer39Executive summaryFavourable policy is boosting demand for cybersecurity services; strategic significance of the cybersecurity sector hasrisenSecurity services are becoming the main driver of industrygrowthInitiate on NSFOCUS at Buy; stay Buy on Venustech andSangforFavou

13、rable policy measures are set to drive industry growthNew cybersecurity standards start on 1 DecemberThe new battlefield is cybersecurity servicesChinaisseekingtobolsteritscybersecurityasitsvastdigitaleconomydevelopsrapidlyandamid the many issues that have arisen both at home and abroad in recent ye

14、ars. The country already hasarangeofregulations,includingaCybersecurityLaw,aimedatprotectingcyberactivityinall walks of life (see China Software: Cybersecurity revolution in the cloud era, 26 November 2018, for details). But, looking ahead, we see 2019-20e order growth driven by the roll-out of “gra

15、ded protection 2.0” on 1 December 2019, which is designed to cover additional areas of vulnerability in of IT investmentgenerallytakesplaceinthelasttwoyearsofaFive-yearPlan,andwearenowinthe fourthyearofthe13th Five-yearPlan(seeEx.1).ThenetresultisweexpectChinasgovernment to spend more and products,

16、including services, over the next threeyears.Exhibit 1. China cybersecurity market growth comparison 12th Five-yearPlan(2011-15) 13th Five-year Plan(2016-20) 5-Year CAGR2013-2015 CAGR5-Year CAGR2018-2020e CAGRCybersecurity market revenue22.6%24.3%23.9%25.6%Source: Company data, CCID Consulting, HSBC

17、 Qianhai Securities estimatesShifting from product sales to services and solution salesThe industry has grown rapidly over the past decade, but traditional such as firewalls and VPNs, are mature now. The new battlefield is cybersecurity services, which is a for the industry, with many companies ente

18、ring this field. Venustech, NSFOCUS, Qianxin and Qualification Certificate III1, Chinas highest standard, which enables them to be leaders in the security service industry.1 In 2002, China Information Technology Security Evaluation Centre issued the National Information Security Service Qualificatio

19、n Certificate I, and the first National Information Security Service Qualification Certificate II was issued in 2004. In 2018, the first batch of National Information Security Service Qualification Certificate IIIs were issued. Only five companies have been granted a certificate thus far.The securit

20、y operations of the major players are as follows: Venustech established the first newly built Security Operations Centre (SOC) in Chengdu in December2017.AnSOCtypicallydealscomprehensivelywithsecurityissues,monitorsrisks from a centralised location, and can form a rapid emergency response system for

21、 security incidents,therebyimprovingdefencecapabilitiesagainstcyberincidentsandensuringregular operationsforthesector.Venustechformedasecurityoperationsystem that four support in Chengdu, and Hangzhou as well as more than 20 city-level operations centres. In its 1H19 financial report, the company di

22、sclosed that these operations had added more than RMB100m in new orders during theperiod. NSFOCUS launched its so-called smart security 2.0 strategy in 2015, kicking off its transition from selling products to focusing on solution and security operations. In December 2018, the company launched a “se

23、curity operations+” system which works with smart cities, cloud security, and enterprise security operations. Qianxin (formerly 360 Enterprise Security) has launched security operations services for “Tianyan + security services” as part of its transition from a traditional “product delivery” to an “

24、operations delivery” focus. In August 2019, the company launched a Next Generation Security Operations Centre (NGSOC) and was certified as “2018-19 No. 1 market share in security management platform in China” by the China Centre for Information Industry Development Consulting (CCID).Intensifying com

25、petition and a changing industryGiven the rapid growth in the industry, there is now a wealth of cybersecurity products, and the market is relatively fragmented. Generally, the market share of a leader in a cybersecurity subsector is under 30%.Exhibit2.1H19UnifiedThreatManagement (UTM) marketshareEx

26、hibit 3. 1H19 firewall market shareVenustech Sangfor Qianxin OthersH3C15%15%58%13%24%37%15%15%58%13%24%37%23%16%OthersSource: IDC, HSBCQianhaiSecuritiesSource: IDC, HSBC QianhaiSecuritiesExhibit 4. 1H19 Intrusion, Detection & Prevention (IDP) market shareExhibit 5. 1H19 Virtual Private Network (VPN)

27、 market shareVenustech H3COthers52%16%Sangfor30%57%7%6%30%57%7%6%VenustechOthersSource: IDC, HSBCQianhaiSecuritiesSource: IDC, HSBC QianhaiSecuritiesState-owned funds and the STAR market State-owned funds boost shareholdings of cybersecurity companies. Both NSFOCUS and Meiya Pico (Buy) now have stat

28、e-owned investors as shareholders. State Development & Investment Corp. (SDIC) became a strategic shareholder of Meiya Pico this year with a 15.79% stake and 22.59% of total voting rights. State-owned Assets Supervision and Administration Commission of the State Council (SASAC) become the actual con

29、troller. For NSFOCUS, CETC Investment (with SASAC as its actual controller) and persons acting in concert have now become the largest shareholder, with a 15.50% stake in the company. Some cybersecurity players are listed on the STAR market. ABT Networks and Hillstone Networks were listed in Septembe

30、r on Chinas new STAR market with their market caps currently around RMB6bn and RMB8bn, respectively. Qianxin, a major competitor to Venustech, has been growing rapidly with revenue at RMB2.39bn in 2018 and has launched the process to list on the STAR market.We believe the introduction of new capital

31、 will help the industry by boosting growth. However, new entrants may threaten traditional industry leaders and increase their M&A costs.Company introductionAmong the four cybersecurity companies on which we focus in this report, Venustech and NSFOCUS have similar product lines and have led the trad

32、itional cybersecurity industry over the past few years. Sangfor, however, was founded and listed later and has grown faster thanks to superior products such as its security content management, VPN and cloudproducts. NSFOCUSs business includes selling traditional cybersecurity products as well as new

33、 products and services such as big data security analysis, industrial security systems, and data leakage prevention. The firm is leading in vulnerability management, intrusion prevention system (IPS) & intrusion detection systems (IDS) as well as security integration & services subsectors. It is als

34、o competitive in the financial and telecom sectors. Venustech is the traditional leader in the cybersecurity industry. The company ranks No. 1 in many subsectors, including UTM, IDS/IPS and SOC, and also leads in security operations and as as segment. main customers are the government and the milita

35、ry (80% coverage) and telecom operators. SOC is Venustechs current business focus and its biggest potential growthdriver. Sangfor has three main business segments: cybersecurity, cloud computing, and network & IoT. As one of Sangfors core businesses, the cybersecurity segment contributed 58.7% to it

36、s 2018 revenue. Since 2012, Sangfor has released products and solutions in the other two businesses. The cloud computing business is the fastest-growing segment (26.9% revenue contribution in 2018). Bluedon is one of the largest cybersecurity providers in south China. The security integration busine

37、ss is the main revenue contributor of its cybersecurity segment, while its “product + integration” business model has driven its gross margin from 23.3% (2015) to 44.2% (2018).Exhibit 6. Subsectors in Chinas cybersecurity space and market share (2018)CategorySubsectors and market share(includingsecu

38、rity software & hardwareproducts)Major companies and market shareSecurity Hardware Firewall(c24%）TOPSEC (22%), Huawei (21%), H3C(19%)UTM(c17%)Venustech (16%), Sangfor (14%), Qianxin (13%, previously known as 360 EnterpriseSecurity)IDS/IPS(c9%)Venustech (20%), NSFOCUS (19%), H3C(11%)Security ContentM

39、anagement(SCM)Sangfor (26%), Qianxin (13%), NSFOCUS (6%) VPN(c4%)Sangfor (31%), Venustech (11%), TOPSEC(7%)Security Software Security and loopholemanagementNSFOCUS (21.2%), Venustech (16.0%), IBM (15.6%) SOC(c6%)Venustech, Qianxin, TOPSEC,NeusoftIdentity and accessmanagement(IAM)JIT (16.3%), Aisainf

40、o (15.0%), Koal Software(11.3%)Security services Security integration, operations and consulting NSFOCUS, TOPSEC, Qianxin, Venustech, Meiya PicoSource：CCID, IDC, HSBC Qianhai SecuritiesExhibit 7. Client concentration comparison2018Top 5 client revenue (RMBm)% of total revenueMajor clientsVenustech 3

41、4813.8%The government and military contributed c60% to revenueSangfor49115.2%The government, enterprises and the financial industry contributed 53%, 34%and 10% to revenue, respectivelyNSFOCUS 56441.9%The sectors of finance, telecom, energy & other enterprises and the governmentcontributed 21%, 25%,

42、26% and 29% to revenue, respectivelyBluedon30513.4%In 2018, c20% revenue was from the government, while more than 40% revenuewas from system integration operatorsSource: Company data, HSBC Qianhai SecuritiesSector valuation and comparable companiesBased on the CSI Information Security Index (399994.

43、SZ), the forward PE of the sector has averaged 73x since 12 March 2015 (date of the index establishment), higher than the 51x for the CNI Computer Industry Index (399363.SZ). We believe this is mainly because the cybersecurity sector is comparably stable, strategically important, and has long-term g

44、rowth potential, so investors are willing to pay a certain premium.Currently, the forward PE of the cybersecurity sector is between its historical average and 1SD above its historical average. Meanwhile, many cybersecurity players say they see a significant rebound in revenue and order growth ahead.

45、 As we have mentioned, in the last two years of the Five-year Plan there are generally more policy catalysts for the industry and overall growth is typically higher. The recent trade frictions could further spur the development of the IT industry. Therefore, we believe sector growth could still beat

46、 market expectations after entering the 14th Five-year Plan period (2021-25). We therefore believe the 2020e sector valuation should be higher than its historical average.Exhibit 8. Historical PE band of the cybersecurity sector200180160140120100806040Jun-15 Jun-15 Mar-16 Jun-16 Mar-17 Jun-17 Mar-18

47、 Jun-18 Mar-19 Jun-19Sep-19Cyber securitysectorPEMean-1sd+1sdSource: Wind, HSBC QianhaiSecuritiesExhibit 9. Comparable cybersecuritycompaniesTickerCompany nameHSBC Qianhai ratingMarket cap USDbnADTV USDmTP 15-Nov price EPS growth PE _ RMBRMB 2019e 2020e 2019e 2020e2019e ROE 2019e 2020e PB 2019e 2020

48、e300454 CHSangforBuy7.2145145.00124.701%28%80624.417%18%12.410.3002439 CHVenustechBuy4.333442.0033.7521%30%44341.717%20%7.26.2300369 CHNSFOCUSBuy2.115323.0018.6639%30%64492.17%9%4.54.2300188 CHMeiya PicoBuy1.814823.4715.8117%39%35261.213%16%4.43.9300297 CHBluedonHold0.92025.005.32-2%19%16132.18%9%1.

49、31.2300352 CHVRVNot rated1.55627.4085%42%62441.27%9%4.44.0002212 CHNanyang TopsecNot rated2.58115.30-10%27%39303.35%6%2.01.9002268 CHWestoneNot rated3.142325.8096%54%79511.36%8%4.64.2Average (China)2.925631%34%52392.110%12%5.14.5USDbnUSDmUSDCSCO USCisco SystemsNot rated191.495948.8318%5%16151.739%39

50、%6.46.5NLOK USSymantecNot rated15.512824.83-6%-44%1628-1.120%12%2.83.1CHKP USCheck PointNot rated17.7105115.427%6%19182.824%27%4.84.4PANW USPalo Alto NetworksNot rated24.0286236.9335%-6%44472.738%28%14.58.8FTNT USFortinetNot rated17.411196.2331%11%40362.336%29%12.910.1AKAM USAkamaiNot rated14.213884

51、.5321%9%19181.415%16%3.93.7Average (US)46.728818%-3%26271.629%25%7.56.1Note: Priced at close of 15 November 2019Source: Bloomberg, Wind consensus for not-rated stocks, HSBC Qianhai Securities estimates for Venustech, Meiya Pico, Sangfor, Bluedon, and NSFOCUSWe prefer Venustech; maintain Buy on Sangf

52、or; initiate on NSFOCUS at BuyIn our view, Chinas cybersecurity industry over 2018-19 has performed in line with our expectations. In 1H19, order growth for Venustech and NSFOCUS amounted to over 35% and 40%, respectively. Growth accelerated for Venustech, NSFOCUS and Sangfor in the 3Q19 and we beli

53、eve growth is improving for the industry. The average industry PE has significantly increased while confidence in company results has also improved.In this report, we initiate coverage on NSFOCUS with a Buy rating. Venustechs 9M19 results are basically in line with our expectations and we only sligh

54、tly adjust its net profit estimates for 2019-21. We lower Sangfors net profit estimates by 26%, 32% and 33%, mainly because its cloud business has slowed since the end of 2018, and the expense ratio is higher than our expectations in the first three quarters of 2019. Given gross profit growth at bot

55、h Bluedons cybersecurity and e-commerce businesses is lower than our expectations in 2018 and 9M19, and its subsidiary had a goodwill impairment in 2018, we lower its 2019-21e net profit by 33%, 34% and 39%.As mentioned above, we think the increase in valuations is mainly due to the higher certainty

56、 that investors have on the sectors growth. We raise our TPs for Venustech and Sangfor as we roll over our valuation to 2020e, and the increased overall valuation of the industry has driven the PE multiples higher. We maintain our Hold rating and lower our TP based on an unchanged PE multiple for Bl

57、uedon, as we believe risks such as asset impairment to the company are not entirely resolved yet.Among the three stocks with Buy ratings, we prefer Venustech. We think Venustech has many yearsofexperienceingovernment-relatedbusinessesanditcanfullybenefitfromthefavourable policy measures weve discuss

58、ed. It has stable operations, and its valuation is relatively low compared with its peers. The business scope of NSFOCUS is similar to that ofVenustech.Despite its small size and high valuation, we foresee an improvement in results over the next three years. We therefore initiate at Buy. We continue

59、 to recommend Sangfor Technologies, as we believe it has good sales channel management and R&D capability. The long-term outlook is bullish. Meanwhile, we believe the market has fully priced in the growth slowdown of its cloud computing business while higher growth in the security business should su

60、pport the share price.Potential catalysts for the industryAs the Chinese government is attaching increased importance to cybersecurity, more favourable policies may beannounced;The implementation of “graded protection 2.0” relatedpolicies.Downside risks for the industryThe industry landscape of cybe