On Friday I returned from a visit to the Symantec offices in Seoul, South Korea where we held a kick-off "DLP week". I spoke with many customers and partners and gave a few interviews to the local press. It’s interesting to see, once again, familiar patterns of market development in Korea that seem to echo what happened in the U.S. DLP market. There’s a consistent pattern around public data breach awareness and Korea’s market looks pretty far down this path.
Seoul Was Really Interesting
Before I geek out over DLP, a quick note about my time in Seoul.
Hanging out with the Seoul team was both fun and productive. They work hard, play hard, love good food, good drinks (gombei!), plus are generous hosts to boot. The Symantec Seoul team was all that and more. Thanks Patrick, Gin and team for your hospitality!
I was also impressed with the extreme driving steelo on display in downtown Seoul. It's the kind of place where the use of turn signals is a sign of craven weakness. Boldly swerving unannounced into the lane of competing drivers and pedestrians (who annoyingly vie for occupation of your valuable road space) is apparently a necessary driving skill.
But the one thing that really surprised me about the locals was their attitude about North Korea. The Seoul people I hung out with showed a bland indifference to everyone’s favorite dictator-with-a-goofy-hairdo: Kim-Jong Il. I guess when you live that close to someone who is trying that hard to get your attention all the time, you learn to just tune them out. I thought it was a pretty impressive level of cool shown by the locals.
Data Breach Awareness in Korea Has Hit Critical Mass
If you look up the top ten data breaches globally, the U.S. leads the pack by a long shot; but some of the larger recent cases actually happened in Korea. There's no need to call out the specific names as those companies don't need further public attention while they are working on fixing the problem. What we should notice from these events is that Korea seems to have passed a critical threshold of public concern around data breaches.
During the early '00's in the U.S., data breach events were not that big of a deal to anyone outside of the security trade. Up until 2003 or so, it seemed few people really cared. At some hard to define point though, we crossed the threshold and began to see serious mainstream media coverage. By 2004, big breaches were getting headline press in major media outlets and a definite sense of public outrage began to show.
This transformation from apathy to active concern about the hazards of data breach already happened in the U.S. and (to an extent) that process is now underway in Europe. Interestingly, we're now seeing that same transformation underway in Korea. Comparing the fragments of recent U.S. history to what I've seen in Korea, it seems there are four factors that setup a culture to undergo the transformation from apathy to urgent concern:
1. Adoption rate of digital technologies and the consequent digitization of huge amounts of citizen data. The bulk of the nations of the world are already far down this path.
2. Identity theft, fraud fears or privacy concerns at sufficient levels that most people understand, in a very personal way, the consequences of data breach. These patterns are not uniformly distributed throughout the globe currently and only recently has South Korea seen a significant uptick in rates of id theft crimes.
3. The "catalytic" data breach(es) that grab headline news and demand public discussion of accountability. Clearly in the U.S. we have seen an overwhelming array of such breaches, but in South Korea that's happened only in the last few months.
4. Legislation. Here again, the U.S. leads the world on the extent and diversity of various state and Federal data breach laws. In Korea, extensive discussion is now underway in the South Korean parliament on laws involving both fines and certain forms of breach disclosure requirements.
Before data breach became a hot-issue in the U.S. around 2004, a few forward-looking companies could see the writing on the wall and began to evaluate DLP capabilities so they could get out in front of the risks they knew were coming. Well before there was any serious legislation forcing them to do so, these companies sought out risk management systems for data breach. Those early-stage, large-scale adopters became our first customers and eventually led to our dominance in the large enterprise market for DLP. The early-adopter phase is precisely where we are now in South Korea. That first wave of forward-looking South Korean companies is now formulating plans on how they will prevent possible future data breaches.
Past is Prologue
Symantec has a well-established team in Seoul and with the trends in public attitudes towards data breach, the future of DLP in South Korea looks interesting. Clearly the worldwide macro-economic climate will provide some headwind to run against, but we're still bullish on DLP in Korea. If last quarter is any indicator, it seems DLP is increasingly being considered "mission critical" and still makes the cut even in pretty tough times. We expect great things for DLP worldwide and very much look forward to helping South Korean enterprises manage one of the most damaging security risks of our time.
And keep an eye out for these same four factors in other countries around the globe. Expect to see us there as well doing our level best to help companies get on top of these problems before they become the “catalytic event” that pushes that country into active concern over data breach risks.