Olga Solovyova
Cybersecurity generates up to RUB 5.3 trillion for Russia’s economy, far exceeding the sector’s own market size of about RUB 0.3 trillion. The industry is helping to drive economic growth, strengthen trust in digital technologies and sustain rapid digitalisation. These findings come from a joint study by the Stolypin Institute for the Economy of Growth and the Cyberus cybersecurity development fund. Analysts caution, however, that limited access to export markets remains a key constraint on further expansion.
Sanctions pressure and the exit of major Western vendors, who accounted for 39% of Russia’s cybersecurity market before 2022, have reshaped the domestic information security sector. ‘Russia has become the first digital power to face such pressure and technological isolation while continuing to protect its infrastructure effectively. The country now ranks among the global top ten in absolute cybersecurity spending and is promoting a new approach to cybersecurity at the international level,’ the joint study, ‘Cybersecurity in Russia: The Power of Technological Development’, says.
The domestic cybersecurity market is expanding at an average annual rate of 20% to 25%, making it one of the fastest-growing segments of the IT sector, researchers say. Between 2022 and 2025, the market nearly doubled from RUB 193 billion to RUB 374 billion. ‘New entrants continue to emerge. Between 2020 and 2025, the number of cybersecurity companies rose by 38%, from 8,400 to 11,500 by mid-2025,’ the experts note.
At the same time, domestic suppliers have significantly increased their market share over the past four years, rising from 61% in 2021 to more than 90% in 2025. ‘This shift in the competitive landscape allowed Russian vendors to generate an additional RUB 106 billion in revenue in 2025 alone. By 2030, sales linked to import substitution could exceed RUB 200 billion,’ the Stolypin Institute for the Economy of Growth estimates.
The Centre for Strategic Research expects Russia’s information security market to approach RUB 1 trillion by 2030, assuming average annual growth of around 20%. Analysts say the expansion will continue to be driven by strong domestic demand and government policy aimed at strengthening technological sovereignty.
Researchers from the Cyberus fund and the Stolypin Institute identify cybersecurity as a key driver of Russia’s economic growth. By their estimates, the sector’s total contribution in 2025 ranged from RUB 3.6 trillion to RUB 5.3 trillion, or about 2% of GDP. This figure includes not only the value added by the cybersecurity industry itself but also its broader impact on economic growth and employment. It also captures direct losses avoided from cyberattacks, including ‘lost revenue, compensation payments to counterparties, the cost of restoring operations and other related expenses’. According to the study, direct losses prevented for companies alone are estimated at between RUB 0.4 trillion and RUB 1 trillion.
Economists say the total contribution could be higher still. Beyond direct losses avoided, cyberattacks can also inflict indirect damage, including reputational harm, supply chain disruptions and declines in company valuations.
Stronger cybersecurity not only limits losses but also underpins broader economic growth. As cyber threats intensify, resilience in this area helps sustain trust in digital systems and supports faster expansion in sectors adopting new technologies, said Boris Kopeykin, chief economist at the Stolypin Institute for the Economy of Growth.
Earlier, Sberbank estimated potential economic damage from cyberattacks at RUB 1.5 trillion for January to August 2025 alone. Over the same period, the number of cyberattacks on Russian businesses tripled year-on-year, according to Stanislav Kuznetsov, deputy chairman of the bank’s management board, who warned that the situation ‘is deteriorating’.
‘By our estimates, at least 53% of Russian companies were targeted in 2025. Of those affected, around 80% suffered serious consequences. A quarter also reported significant reputational damage,’ he said.
F6 reported around 225 major data breaches in 2025, affecting more than 767 million records in total, down from the previous year. ‘In 2025, F6 Threat Intelligence analysts identified 225 previously undisclosed databases of Russian companies circulating on Telegram channels and underground forums, compared with 455 in 2024,’ the analysts said.
Despite the decline in the number of breaches, companies’ losses are rising. Experts say the year set a record for the size of a ransomware demand, which reached RUB 500 million at the time of the attack. By comparison, the previous record stood at RUB 240 million. (see NG dated February 12, 2026, December 16, 2025).
Reports suggest initial ransomware demands for data decryption in 2025 typically ranged from RUB 4 million to RUB 40 million, while for small and medium-sized businesses they were between RUB 240,000 and RUB 4 million. The average loss per data breach for Russian companies is estimated at around RUB 11.5 million, rising to more than RUB 41 million in the most severe cases, according to an InfoWatch study published in early 2025. At the same time, one in five companies affected by breaches did not assess their losses at all.
For large companies, spending on cybersecurity is proving cost-effective. ‘Even without factoring in indirect losses avoided, every ruble invested in cybersecurity can prevent up to RUB 3.5 in potential damage,’ the Cyberus fund and the Stolypin Institute said.
Further growth in the sector is likely to be constrained by the limited size of the domestic market and the need to expand overseas. Speaking at an industry conference in November, Alexei Mudrakov, client relations director at the Russian Export Centre, said IT companies see exports as a key growth driver, but their international footprint remains limited. The main constraint, he noted, is a continued focus on import substitution and domestic demand, which caps expansion given the relatively small size of the home market. ‘Without access to foreign markets, companies risk losing competitiveness. Existing solutions need to be promoted internationally to preserve technological independence and sustain development,’ he said. Mudrakov added that the sector needs a more systematic approach to exports. ‘Without scaling globally, growth potential will remain limited.’
Russia has a strong opportunity to become a global supplier, underpinned by its experience operating under sustained cyberattacks, said Fyodor Dbar, head of international sales at Security Code. The main challenge, he argued, is the lack of market consolidation. ‘Companies are attempting to enter foreign markets individually. While this approach is viable, it is complex and time-consuming, as international expansion is labour-intensive and, above all, requires significant investment,’ he said.
At the same time, expansion is essential. ‘Russian companies are operating in a domestic market of around 150 million people, compared with a global population of roughly 8 billion. Even if we focus only on the 4 billion to 5 billion people in developed economies who require cybersecurity products, the scale of export potential is clear. It would be unrealistic to expect Russian vendors to match their domestic sales abroad, but the opportunity remains substantial,’ Dbar said.
Without expansion into foreign markets, growth in Russia’s cybersecurity sector will remain constrained. ‘Domestic companies have effectively hit a ceiling this year. Even in 2025, growth has reverted to more typical levels of 10% to 15%. Over the longer term, there are no clear drivers that would materially accelerate this pace, and it is insufficient for rapid development,’ said Fyodor Dbar.
Russia has a clear opportunity to become a global supplier of cybersecurity solutions, although this is likely to be confined to friendly markets, said Yury Pashkevich, an expert at Gazinformservice. ‘The adoption of digital technologies depends in part on the trust of local regulators, which is achievable primarily in regions that maintain cooperative ties with Russia. The government is investing heavily in strengthening relations with eastern partners, BRICS countries and former Soviet states,’ he said.
The expert added that Russian information security products and services have reached a new level of maturity and competitiveness in recent years. However, the global market is significantly more competitive, making it difficult at this stage to assess the potential scale of expansion, Pashkevich said.
‘The main barrier to exporting Russian cybersecurity and software is not a lack of technology, but reputational constraints and sanctions pressure. Western markets are effectively closed. However, there is scope to become a global supplier in BRICS countries, as well as across Asia and Africa. Demand in these regions is being driven by growing geopolitical fragmentation, as countries seek technologies that are not dependent on the ‘collective West’. I would expect export volumes over the next three to five years to remain modest, at around 5% to 7% of the total market, but with high margins. Exports will consist less of off-the-shelf products and more of cyber risk management services and expertise in protecting critical infrastructure,’ said Marina Kholod, senior researcher at the laboratory for artificial intelligence, neurotechnology and business analytics at Plekhanov Russian University of Economics.
According to Nikolai Sivak, commercial director at Solar, Russian cybersecurity solutions remain competitive for international expansion, but sanctions continue to limit their ability to scale. Russian IT and cybersecurity companies currently have access to only a narrow set of friendly markets. As a result, unlocking export potential requires substantial investment, and it is too early to describe Russia as a global supplier of IT services under current conditions, he said.
Cybersecurity remains a key driver of the broader IT market. ‘Under a conservative scenario, the domestic cybersecurity market could nearly double by 2030 to around RUB 669 billion. With exports constrained, the domestic market will continue to be the main engine of growth for Russia’s cybersecurity industry,’ Sivak said.
Export potential for Russian software should not be limited to direct sales alone, said Alexei Khmelnitsky, chief executive of RooX. ‘An equally important, and often more effective, route to global markets is through supporting export-oriented Russian businesses. By relying on domestic IT solutions, including the digitalisation of production and sales, cybersecurity and artificial intelligence, Russian exporters can gain a competitive edge through tighter technological integration,’ he said.
‘Russian cybersecurity has growth potential both at home and abroad. Internationally, this is underpinned by strong capabilities in specific segments, such as protection against insider threats and data leaks, including DLP systems. Some products developed by Russian companies were highly regarded globally as recently as a decade ago and were recognised by analysts at Gartner, IDC and Forrester as market leaders. The geography of sales has since shifted, but demand remains,’ said Vladimir Ulyanov, head of analytics at Zecurion.
A survey by the Centre for Strategic Research found that more than 92% of respondents expect Russia to export cybersecurity solutions primarily to CIS countries. Nearly 70% see potential in cooperation with BRICS nations, while more than half also point to Latin America and the Middle East. Africa was viewed as the least promising destination, with only 15.4% of respondents considering the region attractive for cybersecurity exports, likely reflecting weaker demand and underdeveloped digital infrastructure. The survey also suggests that respondents expect a significant expansion in exports of Russian cybersecurity solutions after 2027.
The global cybersecurity market is approaching $200 billion, according to various estimates. Russia has set a long-term goal of significantly increasing its share. Data from Gartner and Statista show that, as of the end of 2024, the US remained the dominant player with a 44% share, followed by China at 8%, the UK at 6% and Japan at 5%. Russia’s share is estimated at around 2%.
In February, the Russoft Association of Software Developers reported that Russian software developers generated around RUB 800 billion in revenue from international markets last year, a 46% increase year-on-year.
Russoft estimates that at least 5,100 companies in Russia are professionally engaged in software development, with roughly 3,000 having experience operating abroad.
Analysts attribute the rise in export revenues among Russian IT companies in part to the limited size of the domestic market and a slowdown in import substitution projects among local clients. In this environment, developers are ‘increasingly turning to markets in friendly countries that are seeking to build their own technological sovereignty’. Russoft notes that the push into these markets has become ‘widespread’, but many companies lack the resources to balance domestic operations with expansion abroad.
Original: NG/Кибербезопасность стала двигателем экономического роста в РФ
