As an IT security provider, Trend Micro always has to be one step ahead of cyber criminals. Frank Schwittay, Vice President Europe and Managing Director of Trend Micro Germany, tells us how the Japanese company with an unusual history manages to do just that – and how the digital transformation is shifting the parameters.
J-BIG: Mr. Schwittay, what do readers absolutely need to know about Trend Micro?
Frank Schwittay: Trend Micro is one of the largest IT security companies in the world and the global market leader in cloud security. We can now look back on a success story spanning more than 30 years. In 1988, the company was founded in California by three Taiwanese. Two of the co-founders are still active in the company today: Eva Chen as CEO and Steve Chang on the Board of Directors. The fact that the company’s founders have stayed with the company for decades in leading positions is very unusual in the industry – and with a woman at the helm, no less.
J-BIG: Despite this American-Taiwanese history, Trend Micro regards itself as a Japanese company. Why is that?
Frank Schwittay: For Trend Micro, it was clear early on that we wanted to see ourselves more as a Japanese company than an American one. The Japanese market has been of central importance to Trend Micro from the beginning. We were able to sign a number of contracts with OEMs here very early on in the company’s inception, which led to very rapid sales growth, especially in the Asian market. To this day, Trend Micro is the absolute market leader for IT security solutions in Japan, both in the B2B and B2C sectors. This success was ultimately the reason why the IPO took place on the Tokyo Stock Exchange in 2000. Our headquarters then also moved to Tokyo.
However, I would like to emphasise that Trend Micro has always operated on a very global scale, and continues to do so. We feel very strongly that we are a global company. This is also reflected in our internal structure: Today, our approximately 6,700 employees are spread relatively evenly across all continents, and the nine members of the Global Executive Team are also scattered around the world. Only our CFO – and of course the person responsible for our Japanese business – are actually in Japan. Having an international presence is important in our industry. After all, the cyber criminals who create threat situations for companies or individuals also operate all over the world.
J-BIG: Trend Micro promises businesses and individuals protection from these cyber criminals. How do you make that happen?
Frank Schwittay: Cyber criminals are very clever and hugely innovative. They use the mechanisms behind infrastructure changes like cloud computing to attack companies that are going through this transformation process. Our job as an IT security provider is to detect and respond to these threats as early as possible. That’s why more than two-thirds of Trend Micro’s global workforce is involved in research and development. Thousands of employees spend their days researching what’s happening on the other side: What drives cyber criminals? What specifically do they want to achieve? What kind of attacks should companies and private individuals in certain geographical regions or industries expect next? What security gaps exist in current systems?
Based on these insights, we anticipate threat scenarios and develop appropriate solutions. This results in a spirit of innoavtion that runs through the company’s entire history. If you ask me, this power to innovate is Trend Micro’s true strength.
J-BIG: What in your view are the most pressing threat scenarios at the moment?
Frank Schwittay: It’s not so much isolated scenarios – it’s the ever-increasing complexity of IT infrastructures, and thus of potential threats. I’ve been in the industry for over 20 years now, almost 17 of them at Trend Micro. In that time, we’ve seen a whole series of paradigm shifts. Decades ago, an IT infrastructure consisted of three parts, to oversimplify a bit: End devices such as computers, notebooks, or now smart devices, servers, and the internet gateway, which is the company’s connection to the web. For Trend Micro and our competitors, business consisted of developing software solutions for precisely these three areas and then marketing them – a purely product-based business.
That situation has changed drastically. IT infrastructures are dynamic and as a result change very quickly. About ten years ago, the dominant topic was server virtualization; currently, cloud computing is still very dominant, and looming over everything is the headline “digital transformation”. Add to that technologies like 5G: This involves a very different infrastructural approach, and there are major challenges here in terms of how to secure this infrastructure. Trend Micro is very active in this area – for example, we are cooperating with NTT Docomo on 5G. The Internet of Things, autonomous driving, or the smart factory are also related to 5G technology.
The overarching trend is that in the future, everything will be networked with everything else. It’s not about end devices and servers, but about massive ecosystems. This is a huge driver of innovation in the IT security sector. The more open everything is – and ultimately that’s what connectivity means – the more vulnerable the whole construct becomes. The ecosystems of the future will have access points in ever more places. And wherever there is an access route, we have to be ready and stay vigilant.
J-BIG: Has this also changed Trend Micro’s business?
Frank Schwittay: To a certain extent, definitely. Our main business is still software, but due to the increasing level of complexity, we are also moving more and more into a consulting role. IT security is now an integral part of the executive and board level agenda and is very closely related to risk management. Increasingly, companies today also have a Chief Risk Officer, and IT security has become a central responsibility for him or her.
With good reason: In terms of risk assessment, the potential damage from a hacker attack is much greater today than it was a few years ago – in terms of both money and reputation. When one of the world’s largest shipping companies was hit by a ransomware attack a few years ago, it ground to an almost complete halt for two weeks. The damage amounted to over 200 million US dollars. And in Germany, too, a number of cases were reported last year in which an attack shut down production for weeks.
Accordingly, the people we talk to within the company are also different than they were ten years ago: the board level, the CIO or the CISO (Chief Information Security Officer). In Germany, where we work with many family-owned SMEs, it’s often the owners. We come in wherever large, strategic projects such as digital transformation are driven forward.
In most cases, providing strategic support and advice in this area is not a service we sell, but it is part of our job as an IT security provider. Customers want to feel that we have the necessary expertise to provide them with comprehensive protection – also and especially as they look to the future. Our aspiration is to be able to approach companies and say, “We understand how you’re evolving right now. We understand the business strategy. And that’s why we also understand how your IT infrastructure is going to change – so much so that we can tell you today what you’re going to have to pay special attention to tomorrow in order to minimize the vulnerability of your infrastructure.” The earlier we are involved in the infrastructure design phase, the better we can support companies with advice and all our expertise. We can only be successful today if companies see us as a trusted advisor.
J-BIG: How would you define success?
Frank Schwittay: The greatest compliment for us as a business is not closing deals, although those are of course important. The highest praise is when a CIO or security executive tells us, “You’ve become so strategically important to us that we’re going to include you in all of our future considerations.” For me personally, that’s the definition of success. Of course, it’s also about revenue and growth, but in terms of the market, our ambition is to be strategically relevant.
J-BIG: What role does Trend Micro Germany play in your global structure?
Frank Schwittay: It certainly plays a key role in certain areas. Of our 125 employees in Germany, around 70 are involved in marketing our solutions, while the rest work in research and development. The so-called “Forward-Looking Threat Research Team,” which researches future global threat scenarios, is also managed from Germany. And the first German employee, Raimund Genes, was active in a senior global role as Trend Micro’s CTO until his death a few years ago.
Trend Micro Germany was founded in 1996, and the business took off very quickly in Germany. Also because the German market is strategically very important for us – as, in fact, it is for every company.
J-BIG: What constitutes the relevance of the German market for you?
Frank Schwittay: First of all, it’s the sheer economic power and size of the market that makes it so relevant. If you look at the global addressable market potential and break it down to country level, the German market is in third or fourth place. And indeed, Trend Micro has seen the same trend: At the country level, Japan is by far the biggest revenue generator, followed by the U.S. and Germany in third place.
What works in our favor is that we cover every application scenario. One focus in both Japan and Germany is on public sector business, but the midmarket segment is also reporting very good sales figures here in Germany. At the same time, we offer solutions for very small businesses and are extremely well positioned when it comes to large companies. It is actually safe to assume that every large, globally active corporation in Germany is a Trend Micro customer.
We currently derive more than 70 percent of our revenues from small and medium-sized enterprises and large customers, and we continue to see great potential here. In those product segments in in which we are active, we have over the years either become the market leader in Germany or are at least in second place. This is also our ambition for the future. At present, for example, the whole topic of “smart factories,” i.e., digitization and automation in production, cloud computing, and digital transformation are key growth areas – not only, but also in Germany.
J-BIG: How do the German branch and headquarters in Japan work together?
Frank Schwittay: We are in constant communication about how we build commercialization strategies. Strategic issues around global business development or relationships between Trend Micro and Japanese companies are, of course, driven primarily from Japan. But many Japanese companies have their European headquarters in Germany and have a very large footprint in Europe – in the form of production facilities or logistics centers, for example. Of course, this also means a lot of IT infrastructure. When a contract is signed with a Japanese customer in Japan, it goes without saying that I, as the person responsible for Europe, get in touch with the respective contact person in Europe.
Interaction is also very close on a global level. Although Trend Micro is now a fairly large company with sales of around 1.6 billion US dollars, we operate almost like a family business. That’s part of the company’s culture and mentality. Of course, there are hierarchies at Trend Micro as well, but we practice a very, very open style of communication. That’s the only way we can gain the innovative strength we need to withstand the increasing pace and pressure to innovate.
Let me give you an example: When our CEO Eva Chen comes to Europe twice a year, she doesn’t want to talk only to strategic customers, but meet as many country organizations as possible. We then get all employees together and do a half-day workshop with her, in which we talk quite openly about everything. Even after 17 years with the company, I still find that very remarkable. Within the executive team, we even exchange ideas on a weekly basis. At the moment, of course, we only do this by video – Trend Micro also follows a “no travel policy” – but we believe it’s very important to have a continuous international exchange.
J-BIG: Corona has forced many people to work from home, which also creates certain IT-related risks. Do you specifically prepare for such pandemic scenarios?
Frank Schwittay: Generally, we don’t, and here’s why: There was nothing fundamentally surprising or new about the use cases of employees working away from the office. The underlying security questions have therefore already been addressed: What kind of IT security and equipment is needed? What security approaches are there when an employee uses his company laptop to connect to their home network? Solutions already exist for all these questions. In the present case, it was the sheer volume that became a challenge. Overnight, this familiar use case no longer applied to just a small portion of employees, but to nearly everyone – it hit companies like a tsunami. The nature of the attacks has remained virtually the same, only their number and the potential target area have increased abruptly.
J-BIG: Have you noticed any concrete effects on your business?
Frank Schwittay: Definitely. On the one hand, some companies have put projects on hold completely for the time being. This mainly happened in sectors that are suffering massively from the Corona situation, such as the tourism industry.
On the other hand, many companies needed advice and operational support with the aforementioned remote working situation. Existing customers had to scale up their internet gateways dramatically and make them more permeable because of the enormous number of VPN users. But there is another aspect that is just as important: the awareness and attentiveness of employees. Many were used to coming to their workplace every day, where everything is secured via the corporate network. They may never have thought about whether and how their actions could affect IT security. There was a great need for training here, and many companies approached us about this.
Of course, cyber criminals have also been very quick to take advantage of the situation, which has significantly increased the threat scenarios for companies. We noticed this very strongly through an immense increase in inquiries. For many companies, this was a kind of wake-up call.
J-BIG: Corona also puts a stop to travel and face-to-face communication. In your view, does that change the way people interact? Is there anything in particular that you miss?
Frank Schwittay: We’ve all gotten used to video conferencing by now, but at the same time, a certain fatigue has set in. I notice this in myself: If I have video conferences continuously from morning to night, I’m much more exhausted at the end of the day than usual.
There’s also a huge difference between seeing colleagues or customers in person and only seeing them on screen. The body language, the form of interaction, is completely different. I think you can exchange ideas very well in one-on-one video calls, but for team meetings and workshops, it’s a disaster. How can you really be creative in such a setting?
But what I personally miss the most is something else: At Trend Micro, as at many other Japanese companies, it is customary to go out for dinner after a meeting. People continue to talk about business over dinner, and completely new aspects are introduced into the discussion. That’s something we don’t have at the moment. Such informal meetings are also crucial for customer relationships. As soon as I can, I will definitely travel to Japan again and visit many customers. I miss that very much.
J-BIG: Finally, a look into the future: Do you expect the nature of Trend Micro’s business to change fundamentally as a result of technological advancements?
Frank Schwittay: The requirements for our solutions will change, but in the end, IT security is still a people business – despite all the technology. Business is still done between people, and when it comes to security, trust plays a central role. In part, this trust is grounded in our products and solutions, but the interpersonal level is just as important. That’s part of what fascinates me about the industry, and at Trend Micro, we try to embrace and encourage this human level.
Unlike many other companies in the IT security industry, Trend Micro has also never diversified into other fields. Our philosophy is quite clear: Cobbler, stick to your last. IT security has always been the cornerstone of our DNA, and it will continue to be so in the future. We believe that this area requires such dedication and focus that pursuing anything else would only be a distraction.