|
With the fast expansion of Internet applications and the emergence of information digitization, Internet-based threats continue to rise. Faced with escalating information security concerns, enterprises seek solutions adapted to their specific data security requirements. According to a report by "Industrial Technology Research Institute, IEK Consulting" commissioned by "Industrial Development Bureau, MOEA (IDB) - Cross-domain Information Security Strengthening Industry Promotion Program," Taiwan's information security industry market size has the potential to exceed in 2022 with the annual scale of $60 billion. There are now 340 companies whose primary business is information security. Due to the small size of the Taiwanese market, the majority of the market share is held by network security equipment, endpoint protection or detection, and password management software. The majority of these mainstream information security products (hardware or software) are contracted by foreign manufacturers, hence the number of domestic information security enterprises function as agents or provide technical services. Among them, the information security testing and forensic consulting service (labour service): the government and the eight critical infrastructures are the client base for information security testing, forensics, consulting, etc (oil, water, electricity, medical care, transportation, communication, finance, high-tech parks) The rest are enterprises. Due to the high threshold of professional and technical understanding of information security and the difficulties of fostering talent, the majority of client groups outsource labour services, resulting in a labour shortage for information security testing and forensic consulting services. In addition, when relevant companies acquire information security inspection and identification consultancy services, they often engage in price bidding competition. This causes the information security business to adopt a low-price approach to conduct a ruthless competition for survival and market dominance, resulting in the sale of the original valued services at quite low prices. In the end, it also results in a scenario in which labour spending is not equal to revenue, which leads to losses in companies, departments, and downsizing of manpower.
From the perspective of information security service providers, this study examines the Penetration Test (PT) component of information security testing and forensic consulting services (labour services) and utilizes qualitative analysis to investigate how penetration testing professional technical services may choose or design suitable pricing strategies in response to market circumstances to establish a balance between service value and service revenue.
|