Overview

Austria has a medium-sized and well-developed IT sector, generating an industry turnover of $9.7 billion in 2021, slightly above 2% of Austria`s GDP, according to German market research firm Statista. The cybersecurity market is one of the fastest growing ICT subsectors in Austria, valued at $626 million and projected to grow by 7% from 2022 through 2023. This increase is propelled by a rise in cyber breaches, vulnerabilities revealed during the remote work environment of the Covid-19 pandemic, and further prioritization by the Austrian government. The Austrian cybersecurity market is dominated by U.S., UK, and Israeli vendors with an Austrian presence or covering Austria from their German offices.  

Cybersecurity has become an increasingly important issue in Austria. The Austrian government’s National Cybersecurity Strategy, updated in 2021, has elevated Austrian public awareness of cyber threats and established goals of enhancing cybersecurity and resilience of Austrian infrastructure and services. Since that time, the government has achieved many of these objectives; however, 2020-22 cyber-attacks on government and private companies have revived the topic and increased attention on the need for further action.

According to IDC data, Austria continues to offer growing export opportunities for U.S. companies in the cybersecurity market. Leading cyber services subsegments include managed services, integration, consulting, education, and training. Cybersecurity software represents 24.5% and hardware 16.5% of the total cyber market. Despite overall cuts in IT budgets due to the economic impact of the Covid-19 crisis, the increasing threat of cyber-attacks has led to greater spending on and demand for innovative IT security solutions by both the government and private sector.

Austria`s market can be split into three main segments: small- and medium-sized enterprises (SMEs), large companies, and the government. Overall, there is a much higher risk awareness and continuous cybersecurity investment by government institutions and the 1,700 larger Austrian businesses with 250+ employees. An increasing number of critical infrastructure providers and leading manufacturers have already established dedicated cybersecurity teams.

Since 2013, the Austrian government led by the Federal Chancellery continues to invest heavily in increasing cyber resources at federal, regional, and provincial levels. In July 2020, the Austrian government established a Joint Cybersecurity Center bringing together resources from the Federal Chancellery, Ministry of Defense, and Ministry of Interior. In October 2020, the Federal Criminal Police Office announced to double the number of local IT investigators to probe cybercrime cases more effectively, followed by an announcement of the Federal Chancellery’s Cybercrime Competence (C4) in November 2021 to double its IT investigators.

Public-private partnerships are also playing an increasing role in Austria’s cybersecurity landscape. For example, in November 2020, the Technical University Graz announced the opening of a non-profit Cybersecurity Campus Graz in partnership with Swiss private inspection and testing firm SGS Group. The new campus established a research, education, testing, and certification hub in the Southern region of Styria with 400 employees.

In Austria, 545,900 entities, comprising 99.8% of all businesses in the country, are considered SMEs, many of which need to enhance their cybersecurity measures. Some SMEs in Austria underestimate the danger of security breaches and dedicate only limited IT budgets for services, software, hardware, and additional IT staff. Especially mid-sized manufacturers with strong patent portfolios and growing international presence have a great need to implement robust IT security management.

Covid-19 Telework-Driven Cyber Demand. Following the global trend, Austrian companies continue to reevaluate their telework capacities and related security measures. Most Austrian companies remained in at least partial telework status throughout the pandemic, with many evaluating a partial return to office footprint beginning in the fall 2021. According to a KPMG study published in April 2022, 71% increased their investment in cybersecurity during 2021. In a 2022 report by Deloitte Austria, 77% of  surveyed CEOs and IT professionals perceived a higher or much higher cyber risk when working remotely. As a result, companies are increasing their focus on security infrastructure around mobile and personal devices.

With the rise of cyber threats, the Austrian government is actively improving its cybersecurity awareness outreach to the public through alerts about phishing/malware threats and the launch of an end-user-focused cybersecurity awareness app.

Leading Sub-Sectors

According to the Federal Criminal Police Office, the total number of reported cybersecurity breaches in Austria grew 400% from 9,000 in 2014 to 46,000 in 2021. Furthermore, in 2020 and 2022, highly publicized news reports of cyber-attacks at the Foreign Ministry and 34 companies in Upper Austria have led to a rapidly growing awareness throughout Austrian society of cybersecurity threats. According to Deloitte Austria`s 2022 cybersecurity report, 12% of 450 companies surveyed confirmed that they had been attacked daily over the last 12 months. The same survey showed that despite the increasing number of attacks, only 20% of companies with over 50 employees also established a cybersecurity emergency plan.

Key trends and cybersecurity sub-sectors driving the Austrian cybersecurity market that open excellent opportunities for U.S. companies include:  

• Outsourcing of entire cybersecurity or procurement of managed security services, including services to detect and close security loopholes  

• Preferences for full platforms compared to point solutions as a result of ever-growing talent shortage & vendor fatigue

• Security measures to comply with the implementation of cross-industry EU legislation, including GDPR and the NIS Security Law, as well as industry-specific legislation such as Basel 3 (financial sector) or the rollout of SCADA systems for critical infrastructure

• Cyber defense solutions targeting phishing, malware and ransomware, social engineering, and overall data leakage

• Endpoint hardware and software security for private devices and security monitoring also for remote workers

• End-user awareness & continuous cybersecurity training

• Solutions for Internet of Things specifically in the industrial sector

• Cyber insurance (2/3 of Austrian companies are not insured)

• ncreased reliance on cell phones for two-factor authentication as an integral part of security infrastructure

• Zero-Trust Network Access (ZTNA) as an alternative to VPNs

• Other innovative solutions in the fields of verification services, threat intelligence, online reputation, artificial intelligence, deep fakes, and email compromising.

Opportunities

U.S. cybersecurity solutions providers interested in the Austrian market can  effectively position themselves by selling through an established, qualified local channel partner such as a reseller, value-added distributor or systems integrator. These channels offer low-risk market entry for most U.S. manufacturers. In some cases, an existing partner in Germany can cover the Austrian market. Establishing a direct business presence in Austria is the best strategy for U.S. companies pursuing a) national security projects with the Austrian government, b) projects with larger professional integrators, or c) critical infrastructure end-users.

To build trust among potential Austrian buyers, U.S. vendors should consider securing international ISO 27.000 series certification and the Austrian Cyber Trust quality seal, as well as implementing SOC audit reports and building a track record of local references.

Some U.S. companies may choose to partner with U.S. or other international integrators already established in Austria. Major U.S. ICT and cybersecurity companies in Austria include Oracle, IBM, Microsoft, Google, Cisco, Palo Alto Networks, Commvault, Citrix, VMWare, and Fortinet.

Public sector procurement contracts in Austria above a minimum value are subject to formal EU tender procedures, which can be a significant resource challenge, especially for smaller U.S. suppliers. Please refer to the European Commission`s website for details on this process.

Most Austrian business partners are fluent in English, but most local trade shows, conferences, and industry publications are in German. It is therefore recommended to translate and adjust marketing materials, including references to the Austrian market.

Resources

Trade Shows & Conferences:

• IKT-Sicherheitskonferenz 2022: Vienna, AT, September 14-15, 2022
• IDC Security Conference Austria: Vienna, AT, September 29, 2022
• IT Security Herbst: Vienna, AT, October 20, 2022: https://lsz.at/
• it-sa: Nuremberg, DE, October 25-27, 2022: https://www.itsa365.de/en 
• Cyber Crime Forum Salzburg, Salzburg, AT, November 23, 2022: https://lsz.at/
• Security & Risk Management Kongress, Loipersdorf, AT, March 22-23, 2023 : https://lsz.at/
• International Digital Security Forum, Vienna, AT, May/June 2023: https://idsf.io
• Cyber Crime Forum Wien, Vienna, AT, June 20, 2023: https://lsz.at/
• InfoSecurity Europe: London, UK, June 20-23, 2023: https://www.infosecurityeurope.com/

Associations, Interest Groups & Research Institutes:

• Austrian Security Board (KSÖ
• KIRAS Security Research
• Austrian Institute of Technology (AIT)
• SBA Research
• Association of Austrian Software Industry (VÖSI)
• Cyber Security Austria (CSA) Association

Government

• Federal Chancellery (BKA) - Cyber Security Platform (CSP) & Cyber Security Steering Group 
          (CSS)
• Ministry of Interior (BMI) - Federal Criminal Police Office (BK) & Cyber Crime Competence Center
           (C4)

• Austrian Cyber Security Strategy: Link & www.cyberwiser.eu/austria

• Austrian Cybersecurity Report: www.bundeskanzleramt.gv.at

• Online Security Portal: https://www.onlinesicherheit.gv.at/
• CERT Overview: www.onlinesicherheit.gv.at/Themen/Erste-Hilfe/CERTs.html

U.S. Commercial Service Austria, ICT and Cybersecurity Specialist – Jan Bruckner  jan.bruckner@trade.gov