1. Introduction

This report outlines the methodology, revision policy and data quality information relevant to the security export statistics. This annual statistic is designated as an official statistic under the Statistics and Registration Act 2007.

Its aim is to support users to understand the strengths and limitations of these statistics and reduce the risk of misusing data. This statistical report includes details about the Department for Business and Trade’s (DBT’s) compliance with the quality principles as stated in the code of practice for statistics.

2. Methodology

2.1 Overview  

The UK security export statistics is an annual publication that present figures on UK security exports in the 10 years up to and including 2023. The publication also includes global estimates of security exports, but as the methodology is different to that used to estimate UK exports, the UK and global export figures are not comparable with one another.

Security export figures are collected by Westlands Advisory (WA), on behalf of DBT and the UK Defence and Security Exports (UKDSE). To calculate the UK export statistics, WA conduct a thorough analysis of the UK security industry export performance using Companies House data and primary research with industry partners. To calculate the global export statistics, WA used global export datasets published by the World Bank to estimate global exports.

3. Identifying a security export

For the purposes of this release, a physical/cyber security export is defined as:

• any sale of physical security/cyber technology or services from a UK registered organisation, except sales to defence organisations (MoD, DoD) as this has been classified as a ‘Defence Export’

• to be included, the sale must be accounted to the UK office. If a UK company makes a sale from an office registered in another country and reports the revenues within that country, this will not be counted as a UK export, as the revenues have not been attributed to the UK

• joint ventures – only the UK value-added part of the venture is counted

3.1 UK security exports methodology

To calculate the export statistics, WA conducted a thorough analysis of the UK security industry export performance using secondary data sources and primary research. WA developed a structured database of physical and cyber security companies registered in the UK that provides the cornerstone and evidence of security export performance. The approach for determining figures for physical and cyber security exports was the same. The only difference was tagging by segmentation and sectors, as set out in the terms and definitions section. WA’s methodological approach can be summarised in the following sections.

3.2 UK exports data collection

WA collected both primary and secondary research to form the statistics. For secondary research, WA completed a comprehensive analysis of Companies House to capture all registered security companies. WA engaged other sources that hold information on security companies to ensure that a full representation of the UK industrial base was captured. These included:

• security industry association bodies such as members of UK’s Security and Resilience Industry Suppliers Community (RISC) (Aerospace, Defence and Security Group (ADS), British Security Industry Association (BSIA), and Tech UK ^{[footnote 1]} to ensure that all their members are included

• security event organisations and shows in the UK including International Security Expo, International Cyber Security Expo, The Security Event and Emergency Services Show, British Association of Public Safety Communications Officials (BAPCO), IFSEC

• WA used web scraping and crawlers to collect other open-source information on websites such as the cyber exchange, industry press and events

WA also launched an online survey that was sent out through the trade associations and security mailing lists to identify potential security exporting companies. Responses providing exact figures was low. This is due to multiple reasons including confidentiality, financial reporting cycles, accounting difficulties, or companies not wanting to release export information.

WA attended major UK security trade shows that fell within the contract start date. These included:

• Emergency Services Show

• International Security Expo and International Cyber Expo

• BAPCO

• Security and Policing 2024

• Counter Terror Expo

• The Security Event 

Engagement with WA at the shows was positive. Including the online survey, over 170 companies engaged in conversations and provided qualitative and quantitative information about export performance. This was all captured and used throughout the analysis.

3.3 Global security exports methodology overview

WA followed a similar methodology as used to calculate the UK export statistics but used global export data sets published by the World Bank.^{[footnote 2]}. More details on WA’s methodological approach to global exports can be found in following sections.

WA collected published export data from the World Bank. This included:

• exports of Goods and Services, High Technology Exports, Exports as a % of GDP

In addition, WA utilised internal data sets that track the financial performance of over 4000 the largest physical and cyber security companies around the world.

4. Data quality

This section provides a range of information that describes the quality of the outputs and their reliability. Quality is measured in terms of the dimensions of the European Statistical System.

4.1 Relevance

Data and information relating to UK security exports is fundamental to understanding trends in the security export market. A review and user engagement exercise were conducted over summer 2024 by DBT to get feedback on the statistics. These statistics are particularly relevant for:

• the UK public – the publication of the statistics helps to hold the government accountable to the taxpayer whilst informing them how investment is helping drive UK security exports

• UK government - to help identify the security market’s strength and weaknesses relative to other countries. To help inform policy and funding initiatives to facilitate greater growth of the UK security industry

• UKDSE - the statistics are used to understand performance of the UK security industry to help DSE provide advice and guidance to UK security companies win more business around the world and continue to grow exports. The data helps to target campaigns and public safety events that will drive more export opportunities

• security industry and trade organisations – the statistics provide information on where UK companies are having most success, which technologies are in demand, and how the market is likely to change in the future. They deliver insights to industry, helping to inform business and technology strategy, as well as prioritising export opportunities

4.2 Accuracy and reliability

UK exports

All data collected for the UK security export estimates were collated and stored in a database of 2108 security companies  registered in the UK. WA collated all financial data that was reported for the years 2020, 2021, 2022 and 2023. This included company revenues and reported export revenue.

Data was sourced and tagged in line with DSE physical and cyber security sectors, technology segments and regions. To ensure a transparent process, all data was tagged high, medium and low in confidence:

• high – sourced and company reported information

• medium – no official source or company report, but based on our analysis there is a strong confidence in the data

• low – limited sourced information available with assumptions based on industry benchmarks and comparable to similar organisations.

The tables below demonstrate the level of confidence of information and sources overall and the confidence of information and sources by technology segment

4.3 Data confidence - overall percentage of total

Confidence	Percentage of total (%)
high	76
medium	8
low	17

4.4 Data confidence - percentage of technology segment

Technology segment	high (%)	medium (%)	low (%)
Access control and identity	69	13	18
Command and control	70	12	18
Communications	69	12	19
Cyber security	67	12	21
Data and analytics	69	12	18
Fire equipment	68	13	19
Managed services	71	12	18
Disaster management	69	12	18
Risk services and protection	70	12	18
Surveillance	68	13	19
Vehicles	70	12	18
Personal protective equipment	69	12	19

4.5 Data confidence - percentage of destination region

Destination region	high (%)	medium (%)	low (%)
Africa	18	41	41
Asia Pacific	16	38	46
Central Asia	19	43	38
Europe	19	31	50
Latin America	18	42	39
Middle East	17	37	46
North America	17	40	43
Rest of World	23	30	47

Global exports

The World Bank ensures the highest quality of its data and products by adhering to internationally accepted standards, methodologies, sources, definitions, and classifications. This commitment is reflected in their use of:

• General Data Dissemination System (GDDS), link here: developed by the IMF and World Bank, this framework enhances the quality and dissemination of national statistics, guiding countries in the public release of comprehensive, timely, and reliable data.

• Data Quality Assessment Framework (DQAF), link here: an IMF and World Bank methodology that assesses data quality by incorporating best practices and international standards, providing a comprehensive view of data quality and its interrelations.

4.6 Timeliness and punctuality

This is an annual publication, referencing the calendar year 2023. The 2023 publication covers the calendar year from January 2023 to December 2023. Reports from Companies House that provide most of the information for UK security exports cover 2023.

4.7 Accessibility and clarity

In line with the government accessibility requirements, the UK security export statistics are provided in the HyperText Markup Language (HTML) which follows the AA accessibility standards for GOV.UK publications.  In this HTML web page, we provide a narrative and charts that can easily be toggled between a table and chart. Where there are images in the methodology note, we have commented on this throughout the report to cover this information.

DBT continues to review the accessibility of these statistics prior to each publication, ensuring it adheres to the government accessibility requirements. This release is also reviewed by the DBT Digital Team. For further information or additional requests, please refer to the contact details in this report. 

4.8 Coherence and comparability

These statistics are not comparable with the UK Defence Export statistics, as the data for the security statistics are collected on a revenue basis, as opposed to an orders basis for defence. The publications may also use different definitions for some geographical regions.  

5. Data analysis

5.1 UK exports 

Once the input of available data was complete, a thorough review of the sourced data was conducted. Due to the nature of the security market, confidentiality of information and company reporting timelines, not all required information is reported or available. For information that was not accessible, WA created assumptions to calculate the uncaptured exports that were not reported.

The process for this included the following steps:

• an analysis was completed on each technology segment. This was based on our industry experience, information gathered through the survey and interview process and working knowledge of UK security companies. This included analysis of the size of companies, number of employees, estimated revenues and office locations

• WA assessed the number of companies tagged in the segment, and which ones had reported numbers and which ones had not

• based on our knowledge of the size and scale of the companies that had not reported, WA created an assumption of how much of the export market had been captured to estimate the uncaptured market

• example technology sector: screening and detection

• there are over 40 companies who offer screening and detection products and services in the UK. However the majority of the market revenue is from 5 companies. Based on the customer profiles and size of market, we can be confident that when these five companies have reported they have accounted for over 90% of the market. The uncaptured exports can then be calculated based on this assessment

At a total market level, over 440 companies report security export figures. When all these companies have reported WA has assessed that they capture 87% of total exports. The remaining 13% of exports are made up from small companies that do not report export figures and from large multinational companies who are not pure play security companies and do not report specific UK export figures. At the time of reporting, 76% of 2023 export revenues have been reported. Regional analysis was based on the sourced data that included tagging by regional export sales. These figures were applied to the total export market.

5.2 Global exports

For the estimates of global security exports, an assessment of all countries was completed to understand their security exports using the following parameters:

1. Assessment of a country’s security industrial base – this was developed based on their strengths and weaknesses of developing, selling and implementing security products and services across technology segments. This included consideration of the major domestic security suppliers, relative size and reputation within the global security market.

2. Security export base – this was an assessment of countries being used as a strategic base for security companies to set up offices to export their products and solutions to other countries, rather than exporting from their headquarters. This is to ensure that the exports are comparable to the UK, where the industrial base has a number of companies that are headquartered outside of the UK but have registered offices and report large security exports from the UK.

3. Analysis of export reach – this was an assessment of overall export performance and specific ability to export security products based on trading partners, geopolitical alliances, and economic environments.

Based on the profile of each country an estimate of the percentage of the total goods and services exported that was security products was assigned. The percentage was assigned to the World Bank 2023 data for total exports of goods and services by country.

5.3 Output and validation

UK exports  

After input and analysis were completed, outputs of exports were developed by region, technology and sectors. Throughout the whole project, a robust review and quality assurance process was in place to ensure that data, assumptions, and outputs were transparent, reliable and defendable. Internal quality assurance meetings were completed weekly to review the status of project progress and quality of data and analysis. The methodology, analysis and assumptions were presented to DBT for feedback and approval at key project milestones.

Before final delivery, WA conducted an internal workshop to review data, analysis and outputs which involved sense checking information against security industry benchmarks, historical data, WA global data sets and other published government data sources. Following the delivery, DBT analysts performed a comprehensive sense check against historical data. This process aimed to investigate the distribution of key variables and identify any potential outliers. Additionally, the analysts conducted further checks to ensure the consistency of labelling across both categories and subcategories.

Global exports

For global exports, once all analysis and calculations were complete, the output gave estimated security exports by country. This was then validated against benchmarks including the total security market, internal security market dynamics and review of the performance of major security companies within each of the countries.

6. Terms and definitions

This section outlines the segmentation and definitions for physical and cyber security technology, solutions and services that have been used throughout this report and the statistical publication. Abbreviations used throughout this report and the statistical publication are also covered.

6.1 Physical security

Technology segmentation	Description
Access control and identity management	access control and identity management including cards, keypads, biometrics, door locks, bolts, physical barriers and area protection, perimeter fencing and counter-IED infrastructure
Command and control	command and control including information technology, computer-aided dispatch, physical security information management, geographical information systems, public service answering points, managed services and integration
Communications	communications including radio equipment, fiber optic and satellite equipment, network solutions and integration
Data analytics	data analytics including storage, big data solutions and data intelligence
Risk services	risk services including advisory and analysis, maritime protection, VIP protection and anti-theft systems
Detection technologies	detection technologies for the screening of baggage, vehicles and people from hand-held devices to large sensor arrays
Surveillance	surveillance including cameras, drone systems, CCTV systems, storage, analytics, networks, novel technologies for locating and identifying unmanned aerial vehicles and passive and active radar systems
Vehicles	vehicles including sirens and blue light services, fixed wing and rotary aircraft
PPE	personal protective equipment including shields, vests and CBRN suits
Fire equipment	fire equipment including active fire protection (detection and alarm systems, sprinklers, mists and inert gas systems), passive fire protection (structural fire protection, fire stopping and fire doors) and fire and rescue (appliances, hoses, uniforms and breathing apparatus)
Managed services	managed services including manned guarding, total security solutions, security as a service
Crisis management	provision of products and services in support of humanitarian aid and disaster relief efforts

6.2 Cyber security

Segmentation	Description
Training	awareness, training, and education - products or services in relation to cyber awareness, training or education
Professional services	cyber professional services - providing trusted contractors or consultants to advise on, or implement, cyber security products, solutions, or services for others
Endpoint and mobile security	endpoint and mobile security - hardware or software that protects devices when accessing networks (EDR / XDR)
IAM	identification, authentication, and access controls - products or services that control user access, for example with passwords, biometrics, or multi-factor authentication
Incident response management (MSS, monitoring)	incident response and management - helping other organisations react, respond, or recover from cyber-attacks
Information risk management (Data Security, DLP)	information risk assessment and management - products or services that support other organisations to manage cyber risks, for example around security compliance or data leakage
IoT	Internet of Things - products or services to embed or retrofit security for Internet of Things devices or networks
Network Security	network security- hardware or software designed to protect the usability and integrity of a network (NGFW, IPS/IPD, ATP)
SCADA	SCADA and Information Control Systems - cyber security specifically for industrial control systems, critical national infrastructure, and operational technologies
Threat intelligence (Security Operations and Incident Response – Technology)	threat intelligence, monitoring, detection, and analysis - monitoring or detection of varying forms of threats to networks and systems.
Application security	products and solutions to protect applications including web application firewalls, bot management, DDoS mitigation, code protection and application shielding, application security testing.
Cloud security	tools to protect data, policy and configuration management in the cloud including Cloud Access Security Broker (CASB), Cloud Security Posture Management (CSPM) and Cloud Workload Security.

---