UK security export statistics 2022: methodology and quality report
Updated 2 January 2024
1. Introduction
In April 2022 the Department for Business and Trade Defence and Security Exports (DSE) engaged Westlands Advisory (WA) to calculate UK Security Export Statistics for 2021 and 2022. The following paper outlines the methodology and approach including:
- project objectives
- definition
- segmentation
- methodology for UK Security Exports
- methodology for Global Exports
2. Project objectives
UK security export statistics are vital to provide an analysis of how the UK industry is performing in the global security market. They are important to several stakeholders.
- the UK public – the publication of the statistics helps to hold the government accountable to the taxpayer whilst informing them how investment is helping drive UK security exports
- UK government - to help identify the security market’s strength and weaknesses relative to other countries. To help inform policy and funding initiatives to facilitate greater growth of the UK security industry
- DBT DSE - the statistics are used to understand performance of the UK security industry to help DSE provide advice and guidance to UK security companies win more business around the world and continue to grow exports. The data helps to target campaigns and public safety events that will drive more export opportunities
- security industry and trade organisations – the statistics provide information on where UK companies are having most success, which technologies are in demand, and how the market is likely to change in the future. They deliver insights to industry, helping to inform business and technology strategy, as well as prioritising export opportunities
3. Definition of a security export
For this project, a physical/cyber security export is defined as:
- any sale of physical security/cyber technology or services from a UK registered organisation, except sales to defence organisations (MoD, DoD) as this has been classified as a ‘Defence Export’
- to be included, the sale must be accounted to the UK office. If a UK company makes a sale from an office registered in another country and reports the revenues within that country, this will not be counted as a UK export, as the revenues have not been attributed to the UK
- joint ventures – only the UK value-added part of the venture is counted
4. Segmentation
The following tables outline the segmentation for physical and cyber security technology, solutions and services that have been used throughout the project.
4.1 Physical security
Technology segmentation | Description |
---|---|
Access control and identity management | access control and identity management including cards, keypads, biometrics, door locks, bolts, physical barriers and area protection, perimeter fencing and counter-IED infrastructure |
Command and control | command and control including information technology, computer-aided dispatch, physical security information management, geographical information systems, public service answering points, managed services and integration |
Communications | communications including radio equipment, fiber optic and satellite equipment, network solutions and integration |
Data analytics | data analytics including storage, big data solutions and data intelligence |
Risk services | risk services including advisory and analysis, maritime protection, VIP protection and anti-theft systems |
Detection technologies | detection technologies for the screening of baggage, vehicles and people from hand-held devices to large sensor arrays |
Surveillance | surveillance including cameras, drone systems, CCTV systems, storage, analytics, networks, novel technologies for locating and identifying unmanned aerial vehicles and passive and active radar systems |
Vehicles | vehicles including sirens and blue light services, fixed wing and rotary aircraft |
PPE | personal protective equipment including shields, vests and CBRN suits |
Fire equipment | fire equipment including active fire protection (detection and alarm systems, sprinklers, mists and inert gas systems), passive fire protection (structural fire protection, fire stopping and fire doors) and fire and rescue (appliances, hoses, uniforms and breathing apparatus) |
Managed services | managed services including manned guarding, total security solutions, security as a service |
Crisis management | provision of products and services in support of humanitarian aid and disaster relief efforts |
4.2 Cyber security
Segmentation | Description |
---|---|
Training | awareness, training, and education - products or services in relation to cyber awareness, training or education |
Professional services | cyber professional services - providing trusted contractors or consultants to advise on, or implement, cyber security products, solutions, or services for others |
Endpoint and mobile security | endpoint and mobile security - hardware or software that protects devices when accessing networks (EDR / XDR) |
IAM | identification, authentication, and access controls - products or services that control user access, for example with passwords, biometrics, or multi-factor authentication |
Incident response management (MSS, monitoring) | incident response and management - helping other organisations react, respond, or recover from cyber-attacks |
Information risk management (Data Security, DLP) | information risk assessment and management - products or services that support other organisations to manage cyber risks, for example around security compliance or data leakage |
IoT | Internet of Things - products or services to embed or retrofit security for Internet of Things devices or networks |
Network Security | network security- hardware or software designed to protect the usability and integrity of a network (NGFW, IPS/IPD, ATP) |
SCADA | SCADA and Information Control Systems - cyber security specifically for industrial control systems, critical national infrastructure, and operational technologies |
Threat intelligence (Security Operations and Incident Response – Technology) | threat intelligence, monitoring, detection, and analysis - monitoring or detection of varying forms of threats to networks and systems. |
Application security | products and solutions to protect applications including web application firewalls, bot management, DDoS mitigation, code protection and application shielding, application security testing. |
Cloud security | tools to protect data, policy and configuration management in the cloud including Cloud Access Security Broker (CASB), Cloud Security Posture Management (CSPM) and Cloud Workload Security. |
5. UK security exports methodology
To calculate the export statistics WA conducted a thorough analysis of the UK security industry export performance through a transparent methodology and approach. WA developed a structured database of physical and cyber security companies registered in the UK that provides the cornerstone and evidence of security export performance.
WA’s approach can be summarised by the following 4 activities.
The same approach was taken for both physical and cyber security exports. The only difference was tagging by segmentation and sectors as set out in the definitions above.
5.1 Data collection activities
Secondary Research: WA completed a comprehensive analysis of Companies House to capture all registered security companies. The team engaged other sources that hold information on security companies to ensure that a full representation of the UK industrial base was captured. These included:
- security industry association bodies such as members of UK’s Security and Resilience Industry Suppliers Community (RISC) (Aerospace, Defence and Security Group (ADS), British Security Industry Association (BSIA), and Tech UK [footnote 1] to ensure that all their members are included
- security event organisations and shows in the UK including International Security Expo, International Cyber Security Expo, The Security Event and Emergency Services Show, British Association of Public Safety Communications Officials (BAPCO), IFSEC
- WA used web scraping and crawlers to collect other open-source information on websites such as the cyber exchange, industry press and events
Primary Research: WA launched an online survey that was sent out through the trade associations and security mailing lists. As expected, responses providing exact figures was low. This is due to multiple reasons including confidentiality, financial reporting cycles, accounting difficulties, or companies not wanting to release export information.
In addition, WA attended major UK security trade shows that fell within the contract start date. These included:
- IFSEC
- Emergency Services Show
- International Security Expo and International Cyber Expo
- Security and Policing 2023
- Counter Terror Expo
- The Security Event
Engagement with WA at the shows was positive. Including the online survey over 100 companies engaged in conversations and provided qualitative and quantitative information about export performance. This was all captured and used throughout the analysis.
5.2 Data input – collating and organising all information in a structured data set
All data collected was collated and stored in a database of over 2000 security companies registered in the UK. WA collated all financial data that was reported for the years 2020, 2021 and 2022. This included company revenues and reported export revenue.
Data was sourced and tagged in line with DSE physical and cyber security sectors, technology segments and regions. To ensure a transparent process, all data is tagged high, medium and low.
- high – sourced and company reported information
- medium – no official source or company report, but based on our analysis there is a high confidence in the data
- low – limited sourced information available with assumptions based on industry benchmarks and comparable to similar organisations.
5.3 Data analysis
Once the input of available data was complete, a thorough review of the sourced data was conducted. Due to the nature of the security market, confidentiality of information and company reporting timelines, not all required information is reported or available. For information that was not accessible, WA created assumptions to calculate the uncaptured exports that were not reported.
The process for this included the following steps:
- an analysis was completed on each technology segment. This was based on our industry experience, information gathered through the survey and interview process and working knowledge of UK security companies. This included analysis of the size of companies, number of employees, estimated revenues and office locations
- WA assessed the number of companies tagged in the segment, and which ones had reported numbers and which ones had not
- based on our knowledge of the size and scale of the companies that had not reported, WA created an assumption of how much of the export market had been captured to estimate the uncaptured market
- example technology sector: screening and detection
- there are over 40 companies who offer screening and detection products and services in the UK. However the majority of the market revenue is from 5 companies. Based on the customer profiles and size of market, we can be confident that when these five companies have reported they have accounted for over 90 percent of the market. The uncaptured exports can then be calculated based on this assessment
At a total market level, over 448 companies report security export figures. When all these companies have reported WA has assessed that they capture 87 percent of the total exports. The remaining 13 percent of exports are made up from Small companies that do not report export figures and from large multinational companies who are not pure play security companies and do not report specific UK export figures.
At the time of reporting 75 percent of 2022 export revenues have been reported.
Regional analysis was based on the sourced data that included tagging by regional export sales. These figures were applied to the total Export Market.
5.4 Output
After input and analysis were completed, outputs of exports were developed by region, technology and sectors. Throughout the whole project, a robust review and quality assurance process was in place to ensure that data, assumptions, and outputs were transparent, reliable and defendable. Internal Quality Assurance meetings were completed weekly to review the status of project progress and quality of data and analysis.
The methodology, analysis and assumptions were presented to DSE for feedback and approval at key project milestones. Before final delivery WA conducted an internal workshop to review data, analysis and outputs which involved sense checking information against security industry benchmarks, historical data, WA global data sets and other published government data sources.
6. Global export market methodology
As part of the project, WA was required to analyse the global security export market and assess how the UK compared to other countries. WA followed a similar methodology as used to calculate the UK export statistics but used global export data sets published by the World Bank.[footnote 2]
6.1 Activity 1: data collection and input
WA collected published export data from the World Bank. This included:
- exports of goods and services
- high technology exports
- exports as a percentage of GDP
In addition, WA utilised internal data sets that track the financial performance of over 4000 the largest physical and cyber security companies around the world.
6.2 Activity 2: data analysis
An assessment of all countries was completed to understand their security exports using the following parameters:
- Assessment of country security industrial base – conducted based on their strengths and weaknesses of developing, selling and implementing security products and services across technology segments. This included consideration of the major domestic security suppliers, relative size and reputation within the global security market.
- Security export base – assessment of countries being used as a strategic base for security companies to set up offices to export their products and solutions to other countries rather than exporting from their Headquarters. This is to ensure that the exports are comparable to the UK, where the industrial base has a number of companies that are headquartered outside of the UK but have registered offices and report large security exports from the UK.
- Analysis of export reach – assessment of overall export performance and specific ability to export security products based on trading partners, geopolitical alliances and economic environment.
Based on the profile of each country an estimate of the percentage of the total goods and services exported that was security products was assigned. The percentage was assigned to the World Bank 2021 data for total exports of goods and services by country.
6.3 Activity 3: output and validation
Once all analysis and calculations were complete, the output gave estimated security exports by country. This was then validated against benchmarks including the total security market, internal security market dynamics and review of the performance of major security companies within each of the countries.