Impact Analysis of China's Mandate for Enterprises to Phase Out U.S. and Israeli Cybersecurity Software

Based on the collected data and analysis, I will provide you with a detailed comprehensive research report.

---

Based on comprehensive information from multiple sources, the Chinese government has been continuously advancing the “domestic substitution” strategy for cybersecurity in recent years. In 2022, reports emerged that the Chinese government issued instructions to state-owned enterprises, requiring key industries including finance and energy to gradually replace non-Chinese software in their networks by the end of 2027 [1]. The United States and Israel have long been major suppliers of cybersecurity technologies and products in the international market, and this policy further reflects the deepening trend of U.S.-China tech decoupling.

This policy primarily targets the following sectors:

• Critical infrastructure industries
  : State-owned enterprises in finance, energy, communications, transportation, etc.
• Government and public sectors
  : Government agencies and public institutions at all levels
• Confidential units
  : Sensitive industries related to national security
• Large private enterprises
  : Especially those with business ties to the government

---

Based on the latest financial data, there are significant differences in the China business exposure of the three major U.S. cybersecurity companies [0][2][3]:

Company	Quarterly Total Revenue	Estimated China Revenue	Percentage of Total Revenue	Risk Exposure Assessment
Palo Alto Networks	$2.474B	$74.2M	~3%	Medium
CrowdStrike	$1.234B	$12.3M	~1%	Low
Fortinet	$1.725B	$86.2M	~5%	High

• Market Valuation
  : $127.63 billion, P/E ratio 115.99x [0]
• China Business Characteristics
  : Has operated in the Chinese market for a long time, with a certain base of enterprise customers
• Annualized Risk Exposure
  : Approximately $288 million (estimated based on 3% of FY2025 revenue of $9.22 billion)
• Buffer Factors
  : Broad product portfolio, relatively diversified revenue in the Asia-Pacific region; has implemented regionalized operation strategies

• Market Valuation
  : $116.61 billion [0]
• China Business Characteristics
  : Business is mainly concentrated in the U.S. domestic market (accounting for 67%), with the smallest exposure to the Chinese market
• Annualized Risk Exposure
  : Approximately $50 million
• Buffer Factors
  : Highly focused on U.S. government and large enterprise customers, with a relatively small share of international business

• Market Valuation
  : $59.84 billion [0]
• China Business Characteristics
  : Has a relatively large market share in China, especially in the small and medium-sized enterprise market
• Annualized Risk Exposure
  : Approximately $345 million
• Risk Factors
  : Fortinet has deeply cultivated the Chinese market for many years, with high customer switching costs, so the policy impact may be more direct

The combined annual China business risk exposure of the three companies is approximately

. Although the impact is limited from the perspective of individual companies, considering the profit margin of the cybersecurity industry (approximately 15-30%), the impact on net profit may be in the range of .

---

U.S. cybersecurity stocks currently face geopolitical risk premiums reflected in the following aspects:

Risk Factor	Valuation Impact	Indicators
China business exposure	Mid-term revenue growth expectations lowered	Target price cuts (e.g., HSBC downgraded PANW from Hold to Reduce)
Supply chain uncertainty	Risk of rising operating costs	Expected margin pressure
Tech decoupling	Long-term growth space constrained	P/E ratio below historical average (current 115x for PANW vs. historical average 140x)
Policy risk premium	Valuation multiple compression	EV/OCF of 31x (PANW) indicates the market has priced in some risks

The stock price performance of the three companies shows [0]:

• Palo Alto Networks
  : Down 8.05% in the past 3 months, up 11.88% in the past year
• CrowdStrike
  : Down 4.28% in the past 3 months, up 34.47% in the past year (supported by AI narratives)
• Fortinet
  : Down 23.93% in the past 6 months, down 15.31% in the past year (more affected by concerns over China exposure)

---

Based on the latest industry data, China’s domestic cybersecurity vendors have formed a complete ecosystem [4][5]:

Ranking	Enterprise	Core Sector	Key Technologies
1	Sangfor (深信服)	Cloud, Network, Endpoint Security	SASE Architecture/Zero Trust
2	Qi An Xin (奇安信)	Government and Enterprise Security	Quantum Encryption/APT Hunting
3	Venustech (启明星辰)	Industrial Internet Security	Star Pulse Large Model/Industrial Cyber Range
4	Huawei (华为)	Integrated ICT Security	Full-Stack Independent R&D
5	Topsec (天融信)	Military and Defense Security	Quantum Firewall/Industrial Control Cyber Range
6	NSFOCUS (绿盟科技)	Advanced Threat Protection	MDR Automation/Space Security
7	Alibaba Cloud (阿里云)	Cloud Security	Cloud-Native Security
8	DBAPPSecurity (安恒信息)	Data Security	Data Security Island/Threat Intelligence Cloud
9	H3C (新华三)	Network Security	Security Gateway/SDN
10	DPtech (迪普科技)	Industrial Security	Full-Traffic Inspection/ASIC Chip

According to data from market research institutions [6][7]:

• Chinese Market Size
  : Expected to reach approximately
  $13 billion
  (≈RMB 130.3 billion) by 2026
• Global Market Size
  : Approximately $219 billion in 2025, expected to reach $340 billion by 2027
• Asia-Pacific Growth Rate
  : Expected to grow at a CAGR of approximately 16.85%, higher than the global average

Driven by policies, the IT Application Innovation (Xinchuang) market is developing rapidly:

• Qi An Xin ranks first in China’s cybersecurity access market with a leading market share [8]
• IT Application Innovation substitution is accelerating in key industries (party and government, finance, energy)
• The technology gap between domestic vendors and international players has narrowed in areas such as endpoint security, data security, and cloud security

---

Geopolitics is driving the global cybersecurity market to form two relatively independent ecosystems:

┌─────────────────────────────────────────────────────────────┐
│                    Global Cybersecurity Market              │
├───────────────────────────┬─────────────────────────────────┤
│       Western Bloc         │           Chinese Bloc          │
│   (Markets of the U.S. and its Allies) │ (Chinese Market and Partners) │
├───────────────────────────┼─────────────────────────────────┤
│ Leading Vendors:           │ Leading Vendors:                 │
│ • Palo Alto Networks      │ • Qi An Xin                       │
│ • CrowdStrike             │ • Sangfor                         │
│ • Fortinet                │ • Venustech                       │
│ • Cisco                   │ • Huawei                           │
│ • Check Point             │ • Topsec                          │
│                           │ • NSFOCUS                         │
├───────────────────────────┼─────────────────────────────────┤
│ Technical Standards:       │ Technical Standards:               │
│ • MITRE ATT&CK           │ • Level Protection 2.0             │
│ • NIST Framework         │ • IT Application Innovation (Xinchuang) Standards │
│ • ISO 27001              │ • Independent and Controllable     │
├───────────────────────────┼─────────────────────────────────┤
│ Product Features:          │ Product Features:                 │
│ • AI-Driven              │ • Localization Adaptation          │
│ • Cloud-Native Security   │ • Regulatory Compliance-Driven    │
│ • Zero Trust Architecture │ • Scenario-Based Solutions        │
└───────────────────────────┴─────────────────────────────────┘

Dimension	Trend	Investment Impact
Market Share	Chinese market shifts from “foreign-dominated” to “domestic-dominated”	Revenue decline for foreign companies in China, growth for domestic enterprises
Technical Routes	Differentiation emerges but common technologies such as AI security remain interoperable	Need to monitor the long-term impact of tech decoupling on innovation
Supply Chain	Regionalization and localization trends strengthen	Costs increase but stability improves
Talent Competition	Talent mobility restricted, domestic talent cultivation accelerates	Technology gap is expected to gradually narrow
R&D Investment	China and the U.S. invest simultaneously but directions gradually diverge	Focus on differentiated investment opportunities

According to market research institution forecasts [6][7]:

• Global Market Size
  : Approximately $219 billion in 2025, expected to exceed $699 billion by 2034
• North American Market
  : Approximately $94.2 billion in 2025, accounting for 43% of the market share
• Asia-Pacific Market
  : Expected to reach $52 billion by 2026, with China contributing approximately $13 billion
• CAGR
  : Expected to reach a compound annual growth rate of approximately 13.8% from 2025 to 2034

---

Company	Short-Term Impact	Mid-Term Impact	Long-Term Impact
PANW	Limited (3% of revenue)	Needs to explore other markets to compensate	Growth focus shifts to Europe and the U.S.
CRWD	Minimal (1% of revenue)	Negligible impact	Essentially unaffected
FTNT	Moderate (5% of revenue)	Needs business restructuring	May consider divesting its China business

1. U.S. Cybersecurity Sector
   :
   • Focus on companies with a U.S. domestic market core (prioritize CRWD over PANW)
   • Evaluate the proportion of China business and exit costs of each company
   • Monitor expansion progress into other markets (India, Southeast Asia, Middle East)

2. Chinese Cybersecurity Sector
   :
   • Leading enterprises such as Qi An Xin and Sangfor will benefit from domestic substitution
   • IT Application Innovation (Xinchuang)-related enterprises are expected to gain policy dividends
   • Watch for valuation revaluation opportunities brought by narrowing technology gaps

3. Cross-Regional Allocation
   :
   • Consider allocating to cybersecurity companies in different regions to diversify risks
   • Monitor regional balance strategies of multinational enterprises

Risk Type	Details	Risk Level
Policy Risk	Further tightening of U.S.-China policies	High
Exchange Rate Risk	Impact of RMB exchange rate fluctuations	Medium
Tech Decoupling	Long-term innovation hindered	Medium-High
Supply Chain Risk	Uncertainty in component supply	Medium
Market Risk	Macroeconomic impact on IT spending	Medium

---

1. Limited Revenue Impact but Significant Symbolism
   : The direct impact of China’s policy on the three major U.S. cybersecurity companies is approximately $700 million annually (combined), accounting for a small proportion of their total revenue (1-5%), but it marks the further deepening of global tech decoupling.

2. Valuation Risk Premium Taking Shape
   : The market has started pricing in geopolitical risks, and the valuation of companies with higher China exposure such as Fortinet has been suppressed.

3. Domestic Vendors Face Development Opportunities
   : China’s cybersecurity market is rapidly shifting from foreign-dominated to domestic-dominated, and leading vendors such as Qi An Xin and Sangfor are expected to gain more market share.

4. “Dual-Track” Global Market Structure Forming
   : In the long run, the Chinese and U.S. markets may form relatively independent technical standards and competition patterns.

• Short-term (1-2 years)
  : Policy implementation buffer period, during which companies have time to adjust their business structures
• Mid-term (3-5 years)
  : Market share reshaping completed, domestic vendors dominate the Chinese market
• Long-term (5-10 years)
  : Technical routes diverge, but there are still intersections in cutting-edge fields such as AI security

---

[0] Jinling API - Financial and market data of Palo Alto Networks, CrowdStrike, Fortinet

[1] Carnegie Endowment - “Managing the Risks of China’s Access to U.S. Data and Control of Software and Connected Technology” (https://carnegieendowment.org/research/2025/01/)

[2] Bullfincher - Fortinet Revenue Breakdown By Region (https://bullfincher.io/companies/fortinet/revenue-by-geography)

[3] Bullfincher - CrowdStrike Holdings Company Profile (https://bullfincher.io/companies/crowdstrike-holdings/overview)

[4] Anhui Industry Network - 2025 Top 100 Chinese Cybersecurity Market List (https://www.ahchanye.com/cyxt/58327.html)

[5] CTOCIO - 2024 Complete List of Top 50 Chinese Cybersecurity Enterprises (https://www.ctocio.com/security/40983.html)

[6] Fortune Business Insights - Cybersecurity Market Size, Share, Analysis (https://www.fortunebusinessinsights.com/industry-reports/cyber-security-market-101165)

[7] Mordor Intelligence - Cybersecurity Market Size & Growth Trends Report 2031 (https://www.mordorintelligence.com/industry-reports/cyber-security-market)

[8] Qi An Xin Official Website - Latest CCID Report: Qi An Xin Ranks First in China’s Cybersecurity Access Market (https://www.qianxin.com/news/detail?news_id=14074)