With the objective of learning from the rich experiences and lessons that other countries have gained from small- and medium-sized enterprise (SME) export assistance programs, the Asia Pacific Foundation of Canada presents a new research report series, “Going Global.” To read the entire report, please jump to the blue download tab at the end of this piece.
The Cyber Growth Partnership (CGP) is a collaboration of British industry, government, and academia working to identify opportunities, promote cybersecurity exports, and establish the United Kingdom’s brand internationally. Industry members of the CGP are ARM, Atkins, BAE Systems Applied Intelligence, Becrypt, BT, CISCO, HP, Intercede, L3 TRL, Raytheon, Sophos, and Surevine. Academic partners are Queen’s University Belfast and the Engineering and Physical Sciences Research Council. Government representation comes from the Cabinet Office, Department for Business, Energy and Industrial Strategy; Government Communications Headquarters; and the Department for International Trade.
The CGP came out of the U.K. government’s Plan for Growth, which recognized cybersecurity as an engine of economic growth, and the export of cybersecurity products and services as an important driver.  In essence, the CGP seeks to make the U.K. an important player in the global security market, which is valued at some £100B per annum.  The U.K. government’s stated approach to export promotion in this sector “is to place U.K. industry at the forefront of the global cybersecurity supply base, helping countries to combat cybercrime, cyber terrorism and state-sponsored espionage, while being consistent with British values, including human rights.”  The United States is the largest market for U.K. exports of cybersecurity products and services (31%), followed by China (19%) and Japan (10%).  Some 13 export destinations account for the bulk (67%) of U.K. exports. 
OBJECTIVES OF THE PROGRAM
The CGP seeks to achieve three specific objectives:
- Increase U.K. firms’ understanding of the export markets for cybersecurity products and services, and promote access to these markets;
- Develop the U.K.’s cybersecurity products and services to ensure that they match the needs of the international market and promote the U.K.’s brand in overseas markets; and
- Foster research and innovation in the cybersecurity sector and ensure that the necessary skills are available to promote the sector’s development.
To increase companies’ understanding of export markets and promoting access to these markets (Objective 1), the CGP holds a number of target export workshops designed to identify potential foreign market opportunities and develop appropriate mechanisms to capitalize on them.  Working with its partners, the CGP seeks to determine the specific type and level of support needed by the sector to access these foreign market opportunities. The U.K. government has commissioned research that has provided data on the global security market, including trade statistics for various countries and the types of security equipment imported.  This research is widely shared with U.K. firms. In 2010, British Embassies and High Commissions around the world participated in a survey to provide U.K. companies with information on the specific cybersecurity market opportunities in their jurisdictions. This survey is updated regularly to ensure that U.K. firms have a solid handle on the needs of each market. In addition to this work, which is provided as a service to U.K. firms, individual companies may also commission more tailored research on specific countries or sub-sectors of the cybersecurity market in particular countries. Through the Overseas Market Introduction Service, U.K. firms have the option of retaining the services of UKTI to conduct research geared toward addressing company-specific issues in markets of interest. The UKTI’s Advisory Group feeds both quantitative and qualitative data collected into its Forced Choice Model (an evidence-based decision-making tool) to determine the government’s priorities, identify high-value markets, and develop appropriate strategies.
The U.K. government focuses on cybersecurity opportunities in specific geographic markets: the Gulf States, Brazil, India, and Malaysia. These have been identified as high-growth markets and regions of the world that are politically inclined to engage with the U.K. Other markets of interest include the U.S., China, and Japan, where U.K. companies already have an established presence. A number of overseas trade missions and events provide U.K. cybersecurity firms with a deeper understanding of the dynamics of overseas markets. 
The CGP is working to showcase U.K. small and medium-sized enterprises (SMEs) around the world in major trade missions to established markets such as the U.S., but also to emerging markets. One such company is Intercede, a medium-sized firm listed on the London Stock Exchange. Intercede provides solutions that allow customers to verify the identities and credentials of people and machines attempting to access their online and physical facilities. The company is a founding member of the CGP and has participated in a number of high-level trade missions. Membership in the program has also provided this company with access to U.K. primes. 
The U.K. has specific expertise in a number of areas of cybersecurity, including network surveillance and analysis, advisory and assurance services, security endpoint technologies, social media analytics, and mobile device and infrastructure security.  In order to develop and improve the U.K.’s cybersecurity offerings (Objective 2), the CGP operates a number of accreditation programs for its companies’ products, services, and people. In addition, the CGP has launched an online hub to map and promote U.K. cybersecurity firms, and has established the Cyber Demonstration Centre to showcase the latest innovative technologies and cybersecurity services being developed in the U.K. Using state-of-the-art audiovisual and video-conferencing technology, U.K. SMEs can demonstrate their capabilities to clients around the world in real time and high definition. These initiatives are also supplemented by the Cyber Security Early Stage Accelerator Programme to support the development of the next generation of U.K.-based cybersecurity firms. The CGP also operates the Suppliers to Government scheme that allows SMEs to badge themselves as important suppliers to the U.K. government when seeking opportunities internationally. The scheme allows companies to utilize the U.K. government’s logo in their marketing materials, and gives them the option to be included in a list of suppliers on the UK.gov website.
To foster research, innovation and skills development in the cybersecurity sector (Objective 3), the CGP operates cyber insight camps to encourage undergraduate university students to consider careers in cybersecurity. The camps provide hands-on experience in cybersecurity and the opportunity to earn an industry-recognized foundation qualification in the discipline. Geared to computer science students and recent graduates, these camps aim to strengthen technical skills as well as provide business and communication skills required by the industry. Participants receive guidance and mentoring from experts in the field to assist them in making the decision to pursue a professional career in cybersecurity. The CGP is also involved in Cyber Security Challenge UK, an organization dedicated to recruiting new people into the cybersecurity industry through a series of educational and networking events. The CGP’s objective of innovation and skills development is also supported by the designation of eight U.K. universities as Academic Centres of Excellence in Cyber Security Research: the University of Bristol; Imperial College London; Lancaster University; the University of Oxford; Queen’s University Belfast; Royal Holloway, University of London; the University of Southampton; and University College London.
OUTCOMES ATTRIBUTABLE TO THE PROGRAM
The CGP may be assessed using a number of metrics, including global market share, export sales, number of U.K. SMEs interested in and/or engaged in exporting, and the number of export-related jobs created. One may also assess the CGP by reference to the number of professionals trained in cybersecurity, as well as the flow of new and innovative cybersecurity products and services. The CGP has made a significant contribution to the U.K.’s global ambitions in the area of cybersecurity exports. For example, the value of the U.K.’s cybersecurity sector has grown by 70% from a base of £10B in 2011 to over £17B in 2014. The sector employs some 100,000 people. The CGP also notes that U.K. exports of cyber-related products and services stood at £1.47B in 2014, up 35% since 2012, and the U.K.’s global market share has increased from 3.6% to 4.4%.  While the U.S. and China are leaders in this area, the U.K. is now on par with other countries such as Japan and Germany. Because of the efforts of the CGP, the U.K. seems poised for further growth in cybersecurity exports. The CGP has identified over 2,000 SMEs with expertise in cybersecurity that have an interest in exporting – a statistic that bodes well for the country’s ambition to become a major player in cybersecurity exports. 
APPLICATION TO CANADA
A focus on cybersecurity exports is likely an excellent opportunity for Canadian SMEs. To date, this country’s cybersecurity strategy has been domestically focused, but Canadian firms do have the expertise to explore foreign markets.  The CGP, with its emphasis on partnership between government, industry, and academia, provides a useful template for the development of a Canadian cyber export strategy. It is suggested that the federal government take the lead on this and work collaboratively with MaRS Innovation or other incubators as well as more established Internet security companies to develop an export program geared specifically to this sector.
The work of the Ontario Centres of Excellence (OCE) is also interesting in this regard. The OCE, in partnership with the Natural Sciences and Engineering Research Council and PROMPT, a non-profit organization that funds R&D partnerships between industry and public research institutions, has launched the Cybersecurity R&D Challenge to promote the development of new cybersecurity products and services. This $3M initiative seeks to promote joint industry-academic partnerships in Ontario and Quebec in the area of cybersecurity that have the potential to benefit both provinces economically.
In terms of export market initiatives, Global Affairs Canada is a key partner in the Global Markets Action Plan that underpins Canada’s international trade strategy and targets foreign markets of interest to Canadian firms. The Plan also seeks to promote Canada’s innovation advantage – an emphasis that fits well with opportunities that exist in the global cybersecurity market. 
There are clearly pockets of activity in Canada focused on technical innovation in cybersecurity and export market development, but there is a clear need for an overarching co-ordinating mechanism. As the CGP has demonstrated, a multi-pronged strategy led by the government with strong input from industry and academia is more likely to be successful in building export capability in this highly competitive global market.
 HM Treasury and Department for Business, Innovation and Skills. March 2011. The Plan for Growth.
 KMatrix. March 2012. UK Security Sector Report for 2011.
 UK Trade and Investment. April 2013. Cyber Security: The UK’s approach to exports.
 UK Trade and Investment. February 2014. Increasing our security exports: A new government approach.
 Cyber Connect UK is an initiative of CGP and serves as the voice of SMEs in the cybersecurity industry. Through its Cyber Connect portal, SMEs are made aware of activities, events, initiatives, and opportunities that support the U.K.’s export strategy. Workshops are open to all U.K. SMEs with an interest in exporting to the priority overseas markets. No previous experience in those markets is required to participate.
 KMatrix is the firm selected to provide data on cybersecurity trade.
 Cabinet Office. April 2016. The UK Cyber Security Strategy 2011-2016 Annual Report.
 On international engagements, major customers such as foreign government departments have a preference for dealing with a single prime contractor that takes the lead and interfaces between a consortium of U.K. firms and the client. UKTI facilitates discussions between U.K. prime contractors and SMEs via events such as its SME Symposium.
 It should be noted that the opportunities to provide these capabilities are often embedded in initiatives such as major infrastructure projects. The CGP makes a deliberate attempt to avoid defining opportunities too narrowly and seeks to tie cybersecurity exports to exports in other areas such as energy, health care, and transportation.
 Cabinet Office. April 2016. The UK Cyber Security Strategy 2011-2016 Annual Report.
 These companies are registered with the Cyber Exchange, an initiative of the CGP. Registration is free and firms provide a profile with details of their expertise, U.K. location, and specific sectors they service (e.g. health care, financial services, retail). Based on registrations, the CGP maps the location of these firms and provides a search tool to simplify access to the information.
 Government of Canada. 2010. Canada’s Cyber Security Strategy: For a Stronger and More Prosperous Canada. https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/cbr-scrt-strtgy/index-eng.aspx
 Global Affairs Canada. Global Markets Action Plan. http://international.gc.ca/global-markets-marches-mondiaux/plan.aspx?lang=eng