The Internet has matured quickly over the last few decades and an increasing threat by hackers and digital criminals has become more widespread. In the last few years large organisation have been hit with high-profile ransomware campaigns, including our much-cherished NHS. This has cemented the need for the fast-growing emerging industry: Cyber Security.
The new-breed of security professionals not only exist as extensions to Network and IT consultants, they appear as very specific Cyber-security teams within large businesses. There are a multitude of innovative products, applications and services now competing to grab a proportion of the market, and it’s expanding at pace. But how do we measure it?
Companies working in the field are difficult to identify since they are related to a wide variety of SIC codes. For this reason, The Data city has decided to create an RTIC – Real Time Industrial Classification – that gathers all companies working in Cyber Security in the UK within our platform, the Data Explorer. The resulting dataset is market leading as far as it is the most accurate and complete ever produced for the sector in the UK.
The growth of the Cyber Security sector
The graph below tells us that the Cyber Security sector has steadily grown since the 1990s. 2017 is the year that records the higher number of new starts, encouraged by the publication of the National Cyber Security Strategy (2016), the creation of the National Cyber Security Centre (2017), significant investment in world-leading innovation centres –London and Cheltenham, increasing support for entrepreneurs and start-ups, and the marketisation of academic research.
Breakdown of the sector
The Cyber Security sector is defined into 11 discreet sub-sectors totalling over 2400 companies, nearly double the number identified by the UK Governments DCMS.
As many will be able to note, the last taxonomy is not present in the UK Cyber Security Sectoral Analysis Report, however and after long sessions with experts in the field (BIES), the Data City identified “Innovation and Research” as a relevant node within the cyber security sector. Therefore, the team has also proven able to complete and refine taxonomies currently used by principal actors to discern economic fields of activity.
The table gathers the number of companies the Data City Explorer classified for each taxonomy. “Identification, authentication and access controls” is the taxonomy with more related companies (1422), showcasing the market value of cyber security as a means to manage individual and collective access to intranets, data banks or official sites. Closely behind, “Network Security” counts 1356 companies, illustrating that keeping networks safe is a great priority for businesses.
When assembling these lists together and creating an RTIC, the final number of companies identified as working in the Cyber Security sector ascends to 2403. This result communicates that many companies present in one list are also present in other lists and have overlapping responsibilities within cyber security’s supply chain.
The data provided by the Explorer can be effectively transformed into information that tells a relevant story about the cyber sector. Fundamentally, the Cyber Security sector is mostly built by small and medium business that accumulate very little of the sector’s total net worth.
In 2019, all companies present in the list sum up a net worth of approximately £15bn, almost doubling up estimates recently provided by UKTN. Nonetheless, it is crucial to look more carefully into the data to understand the participation of companies in this final figure. It is important to point out that up to 30% of the companies in this list have a net worth value below £0, meaning that almost a third of the sample have higher debt than profit.
The data highlights that 50% of the companies gathered in the RTIC have a net worth value below £15,000 whilst the 75% of the sample have it below £227,000. Ultimately, the top 5% of companies (120) in this list have an individual net worth value over £6 million, while the 1% (24 companies) represent over £18bn of the total net worth of the sector.
A similar situation can be seen with the number of people employed by these companies, as a very small number of companies employ most of the work force.
The available data for 2019 showcases that there were over 77,717 people employed by the companies present in the cyber list. Companies most commonly employ 6 people, however, there are businesses employing up to 6,500 individuals. Specifically, the top 5% companies employ over 150 people each whilst the top 1% employs a minimum of 1,900. This information suggests that there is a very high concentration of human capital in the top end of the sample.
The data also pinpoints key cities where growth has taken place. There’s a good spread across the country with large numbers in London, followed by Manchester and Birmingham.
The increasing importance of Cyber life for the UK society made this sector one of the most resilient through the economic crisis of 2008, showing a prompt and effective recovery. During the 2010s, the sector grew at an ever faster pace, prompting the interest and investment of public institutions. However, the UK is still lacking a SIC code that represents a sector worth more than £19bn. This highlights the inefficiency of SIC codes to define new industrial sectors, and highlights the benefits of RTIC as framework to model and understand the economy.
If you’d like to see the data behind these insights you can register and access them here. To build your own dataset have a look at Data Explorer.