UK Security Tech Sector: 2023 evaluation

Ministerial Foreword

Via the On-line Security Invoice this authorities is delivering on its dedication to make the UK the most secure place on the earth to be on-line whereas defending free expression. We additionally recognise the essential function of the UK’s security tech sector in defending customers on-line, by way of modern and world-leading expertise.

The UK’s security tech sector was first highlighted in 2020, when the inaugural Safer Expertise, Safer Customers report set out the UK’s function in growing options which are getting used worldwide to safeguard and shield on-line customers from hurt, and to detect and take away unlawful content material.

Within the final 4 years, the sector has continued to go from energy to energy. This analysis now finds over 130 security tech companies lively within the UK, with robust capabilities in areas corresponding to age assurance, model and platform security, digital forensics, content material filtering, and detecting and countering societal points corresponding to fraud and disinformation. This breadth of expertise helps to maintain the UK on the forefront of tackling on-line harms, and ensures that our digital economic system and tech platforms have the instruments they should maintain customers protected on-line.

Expertise is growing at an exponential scale, and this implies we have to be more and more vigilant and reply quickly to make sure UK residents are protected from on-line  harms. The UK security tech sector is assembly this problem. It is without doubt one of the quickest rising tech sectors within the UK, with revenues rising 20% within the final 12 months alone to £456 million, and it now employs over 3,300 workers throughout the UK.

The sector has attracted vital investor curiosity previously 12 months. 2022 was a powerful 12 months for corporations elevating exterior fairness funding, with £64 million raised throughout 16 offers. 2022 was additionally a document 12 months for M&A exercise.

The Division for Science, Innovation and Expertise (DSIT) recognises the necessity to assist new innovation to guard customers, and has not too long ago funded a brand new ‘Security Tech Problem Fund’, with three modern tasks set to obtain funding to develop applied sciences that may assist shield kids by figuring out and disrupting the sharing of hyperlinks to little one sexual abuse materials on-line.

In March, the federal government additionally dedicated as much as £3.5 billion for DSIT to assist our ambitions to make the UK a scientific and technological superpower. The protection tech sector is a key a part of guaranteeing that digital progress is protected and safe by design, and that the UK stays each the most secure place to be on-line, and a number one location for growing modern options to maintain customers protected on-line. We are going to proceed to assist the sector, and by working collectively, we’ll construct a safer digital world for all.

Paul Scully MP
Minister for Tech and the Digital Financial system

Key findings

This analysis highlights that there was continued progress throughout income, employment and funding throughout the security tech sector in 2022. Key metrics are coated beneath.

Corporations

The variety of UK corporations offering security tech services and products has now reached 133 corporations, a rise of 14% since final 12 months.

Evaluation of firm measurement throughout the sector means that the sector is maturing. There are a variety of potential drivers for this, which embody implementation of regulation in numerous international areas, diversification of services and products to achieve new markets, and rising M&A exercise within the sector.

Revenues and employment progress

We estimate that whole security tech sector revenues have reached £456 million in the newest monetary 12 months.

This displays a rise of 20% (£75 million) since final 12 months’s evaluation.

We estimate that the protection tech sector stays on observe to hit £1 billion in annual revenues by the mid-2020s, primarily based on its common compound annual progress charge (CAGR) since baseline. This may nonetheless be contingent on wider elements influencing the sector, corresponding to entry to finance and implementation of laws.

Throughout the security tech sector there are presently an estimated 3,300 Full-Time Equal (FTE) workers. This is a rise of 16% (450 folks) since final 12 months’s report.

Funding efficiency

Funding efficiency has remained per the earlier 12 months, producing £63 million throughout 16 offers in 2021, as much as £64 million throughout 16 offers in 2022.

Constant funding with earlier years is important given the difficult macro funding panorama, which consultees observe is impacting the extent to which corporations can entry funding.

General funding can also be possible greater given the high-value and non-disclosed mergers and acquisitions which have occurred throughout the sector. Every funding highlights the rising consciousness of security tech options from main international organisations. Merger and acquisition exercise consists of, e.g.,

• Crisp, acquired by Kroll

• eSafe World, acquired by Smoothwall, acquired by Household Zone

• SuperAwesome, acquired by Epic Video games

• Factmata, acquired by Cision

• Atomwide by AdEPT

• SpiritAI by Twitch (Amazon)

• Cubica by Chemring / Roke

Help for the protection tech sector

DSIT has supported quite a lot of initiatives in recent times, together with each the Security Tech Innovation Community and two Security Tech Problem Funds, the newest of which is reside and goals to sort out little one sexual abuse materials (CSAM).

In April 2022, DSIT revealed the Yr 2 Media Literacy Motion Plan, setting out the federal government’s expanded work programme as a part of the Media Literacy Technique. This included establishing the Media Literacy Programme Fund, which provides grants to organisations to assist their media literacy exercise, together with tackling disinformation.

Since 2015, procurement knowledge means that the UK public sector has commissioned a complete of 326 contracts in relation to Belief and Security and on-line security – with whole contract values equalling £76 million. Key consumers embody DSIT, Ofcom, Dwelling Workplace and the Division for Training.

1. Introduction and background

1.1 Introduction

In Might 2020, DCMS revealed ‘Safer Expertise, Safer Customers: the UK as a World-Chief in Security Tech’. This was up to date in 2021 and 2022 with annual proof primarily based snapshots, highlighting appreciable progress, and illustrating the big selection of modern corporations centered on tackling on-line harms by way of a variety of technical options that function throughout the sector.

Perspective Economics, with assist from PUBLIC and Professor Mary Aiken (College of East London), has been commissioned by the Division for Science, Innovation & Expertise (DSIT) to conduct an up to date sectoral evaluation of the UK on-line security expertise sector (referred hereafter as security tech), figuring out how the protection tech sector has grown within the final 12 months.

This report explores the variety of companies providing security tech options, and supplies an up to date market estimate of the scale of the sector within the UK, measured by way of income, employment, and funding. It additionally supplies minor product and repair updates to the protection tech sector definition and market taxonomy first developed within the baseline report. This analysis ensures that there’s a constant longitudinal proof base to assist observe the long-term progress of the UK security tech sector.

This focuses on corporations that:

• Work to assist hint, find and facilitate the removing of unlawful content material on-line

• Work with social media, gaming, and content material suppliers to determine dangerous behaviour inside their platforms

• Monitor, detect and share on-line hurt threats with trade and legislation enforcement in real-time

• Develop trusted on-line platforms which are age-appropriate and supply parental reassurance for when kids are on-line

• Establish and reply to on-line fraud and scams

• Confirm and guarantee the age of customers

• Actively determine and reply to situations of on-line hurt, bullying, harassment and abuse

• Filter, block and flag dangerous content material at a community or gadget degree

• Detect and disrupt false, deceptive or dangerous narratives

• Advise and assist a group of moderators to determine and take away dangerous content material

1.2 Crew and acknowledgements

The examine group included Sam Donaldson (Research Lead, Perspective Economics), Conor Tinnelly (Senior Advisor, Perspective Economics), and Professor Mary Aiken (College of East London).

DSIT and Perspective Economics want to acknowledge the consultees, nationally and internationally, who contributed to the event of this report by way of participation in a sequence of one-to-one consultations with the analysis group. In whole, our analysis engaged with greater than thirty trade and coverage representatives.

Past the core statistics set out inside this report, the group continues to be impressed by the dedication, dedication, and imaginative and prescient of most of the companies consulted all through this analysis.

The protection tech sector has persistently demonstrated vital progress every year within the UK. Additional, it has supported authorities, civil society and trade in tackling and mitigating the influence of dangerous and criminal activity on-line.

1.3 Scope

This analysis seeks to determine suppliers of security tech services or products, with a transparent presence within the UK market (UK registered), and which are lively and undertake industrial exercise. For analysis functions, the next is taken into account inside this report; nonetheless, we recognise the broader  contribution of many organisations concerned throughout the wider on-line security ecosystem.

Analysis scope

Security tech suppliers which:

• have a transparent presence within the UK market (registered and lively standing)

• exhibit an lively provision of business exercise associated to security tech (e.g., by way of the presence of an internet site / social media)

• present security tech services or products to the market (i.e., promote or allow the promoting of options to clients)

• have identifiable income or employment throughout the UK

Part 2 of this report units out the kind of organisations inside scope and units out the services and products usually supplied.

1.4 Methodology

The analysis group up to date the protection tech taxonomy^{[footnote 1]} for services and products thought of in scope. The group recognized firm buying and selling knowledge for 133 security tech suppliers utilizing Corporations Home knowledge (for monetary metrics), Beauhurst (a analysis platform that identifies high-growth and excessive potential corporations within the UK, together with funding knowledge), internet knowledge,  and thru direct session with trade members.

The complete methodology used for this analysis is about out in Appendix A.

Stage	Description
Desk Analysis	The analysis group undertook an preliminary fast evaluate of literature and knowledge regarding the protection tech market (together with wider insurance policies and laws) to determine new corporations, think about new language or enterprise fashions adopted by the sector, and to determine how organisations have responded to the standing of the On-line Security Invoice and different worldwide laws.
Taxonomy Replace	The analysis group reviewed and up to date the earlier security tech taxonomy to account for the altering security tech panorama. The up to date taxonomy has been developed by way of collaboration with educational companions and trade specialists.
Identification of Companies	The analysis group has recognized 133 devoted corporations to be included on this 12 months’s examine.
One-to-One Consultations	This analysis is knowledgeable by upward of 30 direct interview consultations with a variety of security tech stakeholders (within the UK and internationally), specializing in the views of trade. This included gathering suggestions concerning the respective strengths, challenges, and alternatives going through the sector.
Information Enrichment and Sector Modelling	The analysis group has constructed on the metrics set out throughout the earlier iterations of this analysis, utilizing Corporations Home knowledge (for monetary metrics), Beauhurst (knowledge on funding raised and accelerator participation), and inner modelling for figuring out security tech associated exercise.

2. Scoping the protection tech sector

2.1 Introduction

Security tech suppliers develop applied sciences or options to facilitate safer on-line experiences, and to guard customers from dangerous content material, contact or conduct.

This definition was established within the baseline Security Tech Sectoral Evaluation (2020) report and expanded by way of a market taxonomy that offered scope to determine a variety of services and products used to assist make customers safer on-line. This finally distinguishes the protection tech sector from adjoining sectors. For instance, there could arguably be some overlap between security tech and fields corresponding to cyber safety, FinTech, and RegTech; nonetheless, we search to determine corporations which are distinct when it comes to give attention to on-line security, in comparison with areas corresponding to knowledge safety.

2.2 Updating the sector taxonomy

The unique security tech taxonomy was developed in 2020, created and examined with assist from DCMS and trade stakeholders. Nonetheless, a lot has modified previously three years with respect to customers, units, applied sciences, harms, markets, and the legislative backdrop.

As such, now we have up to date the taxonomy to replicate the evolving breadth and depth of the sector, with minor adjustments to permit for time-series evaluation (see full define of steps taken in Appendix B).

We have now subsequently made two updates to the taxonomy within the present iteration, which embody:

• Fraudulent promoting as a hurt: This replace has been made to replicate  new corporations that assist determine and counter fraudulent promoting and scams on-line.

• Violation of privateness as a hurt: This replace has been made to replicate the brand new corporations recognized that work to assist people in sustaining and limiting entry to private knowledge, or reply to incidents of doxxing, intimate picture abuse (also called ‘revenge porn’^{[footnote 2]}), or types of knowledge misuse.

The taxonomy has been developed for example the scope of the protection tech sector and has primarily been used to assist DSIT mapping of security tech corporations. The analysis additionally recognises numerous use circumstances and applied sciences throughout the security tech sector, and acknowledges that many corporations throughout the sector can present services or products throughout the completely different ranges of the taxonomy.

It’s also recognised that a number of of the bigger tech corporations are actively concerned within the manufacturing or improvement of security tech options (e.g., Microsoft’s PhotoDNA, and AWS’ Rekognition Picture Moderation API). Nonetheless, as with earlier iterations, these suppliers usually are not measured inside this sectoral evaluation, which is concentrated on devoted third-party security tech suppliers. The UK additionally has a very lively group of charitable and consultant organisations concerned in tackling points regarding on-line security, which are additionally excluded from this sectoral evaluation.

Security tech sectoral taxonomy 2023

Heading	Description	Hurt	Method	Profit	Applied sciences
System Huge	Tracing, Finding and Eradicating Unlawful Content material	Terrorist content material, Excessive/Revenge Pornography, Baby Sexual Abuse and Exploitation, Fraudulent Commercial	Moderation and Monitoring of Dangerous Conduct and / or Content material	Safety from dangerous on-line conduct and content material	Laptop Imaginative and prescient, Machine Studying
Platform Degree	Platform Governance (platform degree response to unlawful content material, together with stopping content material from being revealed)	Terrorist content material, excessive/revenge pornography, Baby Sexual Abuse and Exploitation, sharing of indecent photographs, encouraging or aiding suicide, harassment, hate crime	Pre-moderation, detection, flagging and removing of content material at platform degree	Safety from unlawful on-line content material	Menace detection and reporting, platform monitoring, hashing, content material filtering, automated and human moderation, picture processing, Laptop Imaginative and prescient, Machine Studying
Platform Degree	Platform Moderation and Monitoring (prevention, detection and motion in opposition to dangerous conduct and / or content material)	Extremist content material, cyberbullying, coercive behaviour, intimidation, violent content material, poisonous content material, advocacy of self-harm, fraudulent commercial	Moderation and monitoring of dangerous conduct and / or content material	Safety from unlawful on-line content material	Menace detection and reporting, platform monitoring, hashing, content material filtering, automated and human moderation, picture processing, Laptop Imaginative and prescient, Machine Studying
Platform Degree	Age oriented on-line security – age-appropriate design	Age-inappropriate content material, unsafe areas	Security by design	Design and improvement of user-centred on-line environments to maintain kids protected	Age applicable internet companies, consent administration
Platform Degree	Age oriented on-line security – age assurance	Age-inappropriate content material, unsafe areas	Age detection and verification	Safety from age-inappropriate content material	Age assurance mechanisms, age estimation, e-IDs, database matching / attribute change
Endpoint Degree	Person Initiated Safety	Age-inappropriate content material, unsafe areas, misuse of knowledge, violation of privateness	Security by design, age-based safeguarding	Creating protected on-line experiences for youngsters, selling knowledge possession and rights	Endpoint safety, software program and functions
Endpoint Degree	Community Filtering	Extremist content material, cyberbullying, coercive behaviour, intimidation, violent content material, dangerous instruction	Detection and blocking entry to dangerous or inappropriate content material	Stopping entry to dangerous materials inside outlined settings	Content material filtering and monitoring
Info Surroundings	Info Governance (Detecting and disrupting false, deceptive and/or dangerous narratives)	Misinformation, Disinformation	Truth checking, disinformation analysis and disruption	Making certain citizen data accuracy and belief within the data atmosphere and wider society	Disinformation analysis, web site assurance, AI/ML enabled automated fact-checking
Different	On-line Security Skilled Providers (Compliance and Skilled Providers)	All	Compliance, analysis, frameworks and methodologies for auditing, evaluating or mitigating on-line harms	Enabling the event of safer on-line communities, and embedding security by design	Advisory assist with implementing technical options

---

3. UK security tech: market profile

This chapter units out a abstract of the market profile of the UK’s security tech sector.

Key findings

• There are a minimum of 133 devoted security tech industrial suppliers primarily based within the UK.

• The variety of corporations within the UK security tech ecosystem has virtually doubled for the reason that baseline examine.

• In addition to utilizing language that aligns to on-line hurt, security tech suppliers are additionally positioning and providing their options to established markets, corresponding to promoting, retail, and to bigger organisations which have issues over model security, integrity of provide chain, and status.

3.1 Variety of security tech suppliers

Utilizing the protection tech definition and taxonomy, now we have recognized 133 organisations devoted to offering related security tech services and products that are registered throughout the UK. A further eight organisations have been recognized which are thought of as diversified (i.e., security tech is a part of what they supply) or are non-commercial in scope. Throughout each teams, the UK is house to over 140 organisations that concentrate on supporting and growing security tech options.

For functions of market evaluation, we’ll give attention to the 133 devoted suppliers. Nonetheless, we recognise that there are possible a number of suppliers throughout the market which have the related abilities and experience to change into extra concerned with security tech in future years. These might embody corporations presently utilizing AI or designing cyber safety options centered on risk intelligence, or AdTech corporations that target accountable promoting and model security, applied sciences that might arguably be deployed throughout the context of retaining customers safer on-line for social functions. This can be a development that’s prone to change into extra obvious, arguably with an elevated variety of corporations utilising Belief and Security terminologies being recognized throughout preliminary scoping workout routines.

3.2 Services and products

For the 133 organisations inside scope of the industrial evaluation, now we have recognized firm descriptions of what they provide by way of internet scraping and direct session. The character of this sector implies that some organisations present numerous services and products – for instance, content material moderation, sentiment evaluation, and advisory companies. With this in thoughts now we have recognized the very best match of every of the industrial organisations in opposition to the taxonomy classes for example the general sector composition.

Determine 3:1 Greatest match taxonomy classification

Taxonomy classification
Platform Degree	31 (23%)
Age Oriented On-line Security	20 (15%)
Person Safety	19 (14%)
On-line Security Skilled Providers	18 (14%)
System-Huge Governance	16 (12%)
Community Filtering	15 (11%)
Info Surroundings	14 (11%)

Supply: Perspective Economics (n=133)

The change in whole variety of security tech suppliers throughout every ‘finest match’ taxonomy grouping for the reason that baseline examine was carried out is offered beneath:

Desk 3:1 Change in taxonomy classification since baseline

Taxonomy classification	2019 (baseline)	2020	2021	2022	Change since baseline
System-wide governance	10	13	14	16	6 corporations
Platform-level	11	20	29	31	20 corporations
Age oriented on-line security	10	15	15	20	10 corporations
Person safety	13	13	15	19	6 corporations
Community filtering	10	14	14	15	5 corporations
Info atmosphere	6	12	14	14	8 corporations
On-line security skilled companies	10	13	15	18	8 corporations
Whole	70	100	117	133	+63 corporations

Supply: Perspective Economics

Longitudinal evaluation means that:

• The variety of corporations within the UK security tech ecosystem has virtually doubled for the reason that baseline examine, highlighting the fast emergence of this sector,  with encouraging progress by way of start-ups and inward funding.

• The quantity of corporations that present platform-level options corresponding to content material moderation or model security has considerably elevated and is now the biggest class, with practically 3 times as many corporations working on this house since 2019.

• The variety of corporations offering age oriented on-line security has doubled for the reason that baseline evaluation.

Sometimes, inside a tech sectoral evaluation – we would count on to see a majority of corporations clustered in a single sub-sector. Nonetheless, the evaluation means that the UK has, albeit from a small base of corporations, a variety of area of interest product and repair capabilities out there throughout the market.

That is significantly essential when it comes to sector vary and resilience, because it implies that the UK market is house to a wide-reaching pool of experience and functionality, from which options might be deployed in opposition to a variety of on-line harms for a lot of completely different buyer teams.

3.2.1 Agency positioning and path to market

As famous beforehand, the taxonomy developed to outline the protection tech sector for the unique examine was revealed in 2020, and has assisted DSIT in successfully mapping the sector and figuring out high-level sector tendencies.

Nonetheless, it’s also essential to tell apart how security tech suppliers describe their providing of their ‘personal phrases.’ This will assist the evaluation of market tendencies, routes to market and funding.

Evaluation of firm internet knowledge means that along with utilizing language that aligns to on-line hurt; many corporations are additionally positioning and providing their options to established markets corresponding to promoting, retail, together with bigger manufacturers which are involved about model security, integrity of provide chains, and status. We spotlight a number of the key terminology utilized by corporations beneath:

Determine 3:2 security tech sector phrase cloud

Supply: Perspective Economics ^{[footnote 3]}

The most typical phrases utilized by the sector relate to content material moderation and removing (38 mentions), little one security (31), model security (24), age (23), and legislation enforcement (16).

Instance technical options supplied by corporations embody:

• Detection and removing of unlawful or dangerous content material e.g., by way of digital forensics offered to legislation enforcement

• Person safety on the gadget degree (e.g. guaranteeing {that a} telephone or pill is safer for a kid to make use of) that may be pre-installed onto a tool, or put in immediately by a toddler, mother or father or guardian;

• Provision of content material moderation and risk intelligence experience on a Enterprise-to-Enterprise (B2B) and Software program-as-a-Service (SaaS) foundation;

• Supporting group moderation and administration inside gaming platforms, boards and apps;

• Community and content material filtering supplied to varsities and the schooling sector;

• Detection of disinformation and deceptive narratives for customers and media suppliers.

3.3 Location

This part units out the situation of security tech suppliers, suggesting that over half of all suppliers have a registered or buying and selling presence in London or the South East (57%), with different corporations unfold comparatively evenly throughout different areas.

Information for the newest 12 months means that the rise of foreign-owned security tech suppliers establishing within the UK has resulted in an elevated security tech presence in London.

Nonetheless, as set out in earlier research, there are additionally identifiable security tech clusters in areas corresponding to Leeds, Edinburgh and Cambridge. Security tech workplace areas are outlined  in Fig 3.3, and regional employment is explored in Part 4.

Determine 3:3 Registered and buying and selling areas of UK security tech corporations

Supply: Perspective Economics (n=210)

4. Financial contribution of the protection tech sector

Key findings

• We estimate that whole UK security tech sector revenues for the final monetary 12 months (modal: FY ending 2022) have reached £456 million, a rise of 20% since final 12 months’s report (+£75 million).

• We estimate that throughout the protection tech sector, there are presently 3,300 Full-Time Equal (FTE) workers. This is a rise of 16% (450 folks) since final 12 months’s report.

• We anticipate that, according to the baseline examine projections, the sector might attain its ambitions of £1 billion turnover by the mid-late 2020s. Nonetheless, the trade consultations have raised quite a lot of challenges going through security tech start-ups; significantly across the prices of coaching knowledge, and wider market uncertainty.

4.1 Introduction

This part outlines how the protection tech sector has grown in recent times, together with estimates for annual income and employment.

Whereas the protection tech sector has demonstrated vital progress in recent times, it’s nonetheless an rising and nascent space. As such, many organisations are at ‘pre-revenue’ or micro stage, and subsequently don’t present full annual accounts. We subsequently estimate whole sectoral revenues by way of a mixture of identified firm accounts, direct consultations, and company-level estimation as applicable.

4.2 Firm registrations

Determine 4.1 units out the incorporation date (when the enterprise began) of the 133 devoted security tech suppliers, which highlights appreciable progress during the last 5 years.

Encouragingly, there are examples of early-stage corporations which have demonstrated high-growth comparatively shortly following institution e.g. SuperAwesome, Crisp and Yoti.

Additional to this, a timeline of key milestones throughout the security tech ecosystem can also be offered.

Determine 4:1 UK security tech corporations, date of incorporation and key sectoral milestones

1997	Web Watch Basis established

2001	Smoothwall established to supply internet filtering for colleges

2002	Emergence of content material moderation corporations corresponding to Tempero

2005	Expertise for detecting visible threats and picture content material – Picture Analyzer based within the UK; Crisp based in Leeds – stopping dangerous content material from damaging enterprises, social platforms, democracy and public well being

2008	UK Council for Baby Web Security based

2009	Full Truth based within the UK to boost the standard of public debate and entry to fact-checked data

2011	CameraForensics based – their platform is utilized by legislation enforcement businesses globally to determine and safeguard victims of abuse

2013	Emergence of a number of the UK’s largest security tech corporations: SuperAwesome, SafeToNet, Gooseberry Planet

2014	Yoti based; Web Issues launches in Might 2014; the UK Prime Minister hosts the primary #WePROTECT World Summit in December 2014

2016	Important new corporations are established e.g. Cyacomb, Qumodo, Vigil AI and Securium based

2017	Logically, Factmata based; Germany implements Community Enforcement Act (NetzDG)

2018	GDPR comes into power in Might 2018; UK Council for Web Security launches

2019	On-line Harms White Paper revealed

2020	Authorities publishes Response to On-line Harms White Paper; On-line Security Tech Trade Affiliation (OSITA) based; CPPA established in California

2021	Australia On-line Security Act

2022	On-line Security Invoice launched to Parliament in UK; UK Digital Technique recognises the significance of Security Tech; DSIT (previously DCMS) Security Tech Problem Fund; Singapore On-line Security Invoice; Eire On-line Security and Media Regulation Invoice; EU Digital Providers Act

Supply: Perspective Economics

4.3 Estimated firm measurement

Of the 133 organisations recognized for industrial evaluation, the bulk are micro (<10 workers) or small corporations (<50 workers) representing 50% and 37% of corporations respectively. Nonetheless, comparability with the baseline examine (2019) means that in addition to a larger quantity of corporations working throughout the sector, the proportions of medium, and small suppliers have all elevated – suggesting rising maturity and progress amongst a variety of suppliers which are securing their enterprise fashions and buyer base.

Desk 4:1 Security tech corporations by measurement

Class	Definition	No. of corporations (baseline)	No. of corporations (2022)
Massive firm	Workers > 250 and Turnover > €50 million or Steadiness sheet whole > €43 million	1 (1%)	2 (2%)
Medium firm	Workers > 50 and < 250 and Turnover < €50 million or Steadiness sheet whole < €43 million	6 (9%)	15 (11%)
Small firm	Workers > 10 and < 50 Turnover < €10 million or Steadiness sheet whole < €43 million	22 (31%)	49 (37%)
Micro firm	Employment < 10 and Turnover < €2 million or Steadiness sheet whole < €2 million	41 (59%)	67 (50%)
Whole		70	133

Supply: Perspective Economics

4.4 Estimated employment

We estimate that there are roughly 3,300 folks working inside devoted security tech corporations primarily based within the UK. This has been estimated by way of firm accounts, internet knowledge and session knowledge.

As with the baseline evaluation, employment throughout the sector is nicely distributed throughout UK areas, with the bulk (51%) outdoors of London, and hotspots together with Yorkshire and the Humber (15%), North West (8%) and Northern Eire (6%). It is very important observe that that is partly as a result of nascent nature of the sector, and a number of other vital employers unfold throughout UK areas.

Regional employment is important for the sector, with a number of of the biggest security tech suppliers within the UK together with Crisp (over 250), SuperAwesome (over 250), and Yoti (over 200) working outdoors of London and serving worldwide markets.

4.5 Estimated income for the sector

We estimate that in whole, the protection tech sector generated £456 million in annual revenues in 2022. Determine 4.2 highlights how the sector has grown for the reason that baseline examine, suggesting that the sector has doubled in measurement within the final three years.

This additionally highlights an efficient common compound annual progress charge of c. 25% for the reason that baseline report.

Determine 4:2 Income progress since baseline

Yr	Income
2019	£226 million
2020	£314 million
2021	£381 million
2022	£456 million

Supply: Perspective Economics

4.6 Progress situations

Earlier iterations of this report have steered that the protection tech sector could attain over £1bn in annual revenues by the mid-2020s.

Utilizing the previous 4 years of knowledge, the venture group has reassessed common yearly progress of firm income for the reason that baseline report (which now suggests a compound annual progress charge^{[footnote 4]} of c.25% per 12 months^{[footnote 5]}). It is very important observe that this progress has occurred in opposition to the backdrop of worldwide financial uncertainty and the rising regulatory panorama inside which security applied sciences might be utilized (wider elements are mentioned within the part beneath, as recognized by way of consultations).

Regardless of recognized points, the sector nonetheless has a powerful annual progress charge, which means that income might nonetheless surpass the c. £1 billion income mark by 2026 if the typical 25% progress every year is upheld by the sector.

Determine 4:3 security tech progress situations

Supply: Perspective Economics

The protection tech sector continues to develop at a very robust charge in comparison with different tech industries. Nonetheless, while many consultees are assured about income prospects, others have highlighted the necessity for assist with a transparent regulatory panorama, and assist to develop home demand for security tech options.

4.7 Consultee views on elements supporting progress within the UK security tech Sector

The analysis group sought to discover the drivers and limitations to progress throughout the UK security tech sector so as to collect views amongst each established and early-stage corporations. A lot of elements have been recognized as vital for the sector. These embody:

• An elevated societal consciousness concerning on-line harms, alongside an expressed loss in belief amongst these utilizing tech platforms: A continued development, consultations counsel that clients have change into rather more educated concerning on-line rights. That is pushed by elevated information protection of real-world occasions impressed by on-line interactions, laws (e.g., GDPR and the Digital Service Acts within the EU, COPPI in america) and elevated transparency reporting mechanisms (e.g., Australian eSafety Commissioner’s Fundamental On-line Security Expectations^{[footnote 6]}).

• An elevated consciousness throughout the tech group of the belief and security ecosystem – however continued points with variety: A number of consultees have famous an elevated consciousness and curiosity amongst tech employees concerning moral design and the way platforms implement belief and security. Whereas this displays a optimistic cultural shift throughout the tech group, a number of consultees have additionally highlighted the shortage of variety throughout the trade, noting that longer-term, the promotion of tech careers to minority teams will possible assist the event of options constructed round private experiences of on-line hate.

• Important knowledge prices and a difficult funding panorama: Consultees have famous the difficult panorama that exists for corporations growing a brand new product throughout the security tech house. They observe excessive prices, together with potential moral and authorized restrictions which are inherent when it comes to  accessing knowledge. The consensus is that that is negatively impacting many early stage corporations – significantly these with a monetary ‘burn charge’ to contemplate while striving to develop merchandise and produce them to market.

• An elevated expertise pool  – however numerous enterprise necessities: Some security tech suppliers have famous that there’s an elevated expertise pool to attract from on account of the restructuring of a number of large tech corporations. Whereas some corporations have famous that this may occasionally assist recruitment, others have famous that the sector nonetheless faces the technical talent gaps typical throughout all tech sectors. A number of consultees have additionally famous that whereas there’s an elevated expertise pool, the price of product improvement and the difficult funding panorama has meant that corporations are reassessing the place and the way their sources must be allotted. A number of corporations have steered that they’ve opted to recruit gross sales workers rather than technical workers for 2 causes: i) to determine and to market their product to the agency’s recognized buyer base so as to enhance income and assist commercialisation, and ii) in lieu of getting the sources out there to make use of technical workers.

• Market desire to minimise toxicity and abuse from platforms, and to disassociate platforms from dangerous or damaging materials – however solely when the answer doesn’t danger alienation of the platform customers: Consultations counsel that general there’s a maturing sector with elevated utility in numerous markets. For instance, there are a selection of corporations now providing moderation / monitoring companies which prolong past figuring out and eradicating dangerous or unlawful content material. These corporations additionally present group administration companies which assist optimistic on-line interactions with the goal of bettering the general notion of a model and the extent of buyer engagement on-line. Consultations additionally counsel, nonetheless, that there’s probably much less demand from platforms in terms of different functions of security tech, corresponding to the usage of security tech to take away probably dangerous, however not unlawful, misinformation. Consultees counsel that such a intervention could also be considered by some platform customers as politically motivated, or a type of censorship. This will have destructive implications on how customers view and interact with a platform, and is a possible cause as to why some platforms restrict the applying of security tech on this space.

• Enhanced legislative and regulatory concerns, significantly in tackling unlawful and dangerous content material – and an emergent effort to introduce worldwide requirements: As famous, earlier and upcoming nationwide laws is enjoying vital function in rising the demand for options offered by the protection tech sector, and has supported the efforts of UK corporations to export to international markets – significantly these markets with established and nicely outlined laws. Further initiatives such because the World Coalition for Digital Security additionally enhance consciousness round on-line harms by way of a multistakeholder strategy with ambitions to speed up public-private cooperation to sort out dangerous content material and conduct on-line. Whereas the present regulatory panorama displays a optimistic course of journey, consultees counsel that the tempo at which new regulation is carried out in numerous markets can have vital impacts on the growing sector.

• A robust export market that displays the excessive demand for UK security tech options globally – but in addition sign potential limitations confronted by the sector domestically: UK security tech corporations have a powerful worldwide presence, supporting shoppers in North America, the European Union, Australia and additional afield. Consultees have famous that in some methods gross sales in export markets are pushed by the already established on-line security laws in numerous areas (e.g. Digital Service Act throughout the EU, the Community Enforcement Act in Germany, the On-line Security Act in Australia, and the Age Acceptable Design Code Act in California) whereas additionally noting that passage of the On-line Security Invoice will additional assist the home market within the UK.

• Elevated utility of generative AI, presents challenges and alternatives to corporations working within the security tech sector: Constructing on the consensus recognized within the 2020 security tech report, content material is being generated at a quantity that can’t presently be moderated solely by people. This can be a development that’s prone to proceed with elevated utility of generative AI. Whereas new applied sciences corresponding to OpenAI’s ChatGPT are prone to enhance effectivity and enhance the protection tech market providing, it’s also possible that this expertise will introduce new challenges to the sector. This might embody, for instance, rising situations of artificial knowledge which may have implications for corporations in how to answer dangerous content material.

5. Funding and funding panorama

Key findings

• The tracked security tech sector corporations have raised £296 million in exterior funding between 2016 and 2022.

• 2022 was a powerful 12 months for security tech, with £64 million raised throughout seventeen offers.

5.1 Introduction

This part units out an outline of the funding panorama for the corporations recognized inside this sectoral evaluation, utilizing the Beauhurst platform as an proof supply.

Beauhurst tracks introduced and personal investments, together with the efficiency of high-growth corporations within the UK. It additionally displays UK enterprise participation inside well-known enterprise accelerator and incubator initiatives, and tracks the place companies have secured funding from public our bodies corresponding to Innovate UK.

Important merger and acquisition exercise

Exterior of the Beauhurst platform, we additionally observe M&A exercise. We have now recognized eight M&A offers; and while these values are usually undisclosed, general, these are prone to be price tons of of tens of millions in 2021 to 2022 – signalling a major 12 months for exits and acquisition exercise e.g.

• Crisp, acquired by Kroll

• eSafe World, acquired by Smoothwall, acquired by Household Zone

• SuperAwesome, acquired by Epic Video games

• Factmata, acquired by Cision

• Atomwide by AdEPT

• SpiritAI by Twitch (Amazon)

• Cubica by Chemring / Roke

Please observe that whereas the evaluation on this part covers funding raised in 2022, that is usually reflective of the retrospective efforts of security tech corporations to boost funding. Whereas funding figures for 2022 are per that of the earlier 12 months, consultations counsel that the funding panorama is difficult each for security tech suppliers, and extra usually. Consultees have highlighted a number of sector particular elements influencing funding. These embody, investor consciousness of the sector, potential for corporations to determine the correct product to market match, the coverage panorama, and the infrastructure out there to assist the sector in elevating funding (e.g., enterprise assist and accelerators related to security tech corporations).

5.2 Funding Exercise to Date

Throughout the final 5 years, the quantity and worth of exterior funding inside security tech corporations has grown considerably.  In 2015, the protection tech sector raised £6 million in exterior funding throughout ten offers. By 2022, this has elevated tenfold to £64 million throughout sixteen offers, reflecting the elevated scale and maturity of corporations throughout the sector because it has developed.

Earlier iterations of the protection tech sectoral evaluation have recognized quite a lot of high-growth success tales which replicate a rising understanding of the necessity for security tech options. Examples of great investments in 2022 embody College (£30 million), Logically (£18 million) and Pimloc (£5.5 million).

Determine 5:1 Annual funding into the protection tech sector

Supply: Beauhurst

Merger and acquisition exercise

Determine 5.1 presents an outline of funding exercise. Nonetheless, it is very important acknowledge the latest mergers and acquisitions throughout the security tech sector. These embody excessive profile M&A exercise for undisclosed sums that centred on security tech corporations corresponding to SuperAwesome (acquired by Epic Video games), Smoothwall (acquired by Household Zone), and Crisp (Kroll). Whereas figures are undisclosed, it’s assumed that these offers have been of appreciable worth, highlighting the acknowledged worth of security tech options when the product to market match is true. Kroll for instance, are prone to incorporate Crisp’s companies into their danger evaluation capabilities, whereas Epic Video games will profit from SuperAwesome’s capabilities in age assurance and age-appropriate knowledge administration.

5.3 Funding evaluation

The next subsections set out an outline of security tech funding by stage of evolution (maturity), taxonomy classification, and site.

Seed: A younger firm with a small group, low valuation and funding obtained (low for its sector), unsure product-market match or simply getting began with the method of getting regulatory approval. Funding prone to come from grant-awarding our bodies, fairness crowdfunding and enterprise angels.

Enterprise: An organization that has been round for a couple of years, has both obtained vital traction, expertise or regulatory approval development and funding obtained and valuation each within the tens of millions. Funding prone to come from enterprise capital corporations.

Progress: Firm that has been round for five+ years, has a number of workplaces or branches (usually internationally), has both obtained substantial revenues, some revenue, extremely priceless expertise or secured regulatory approval, vital traction, expertise or regulatory approval development, funding obtained and valuation each within the tens of millions. Funding prone to come from enterprise capital corporations, corporates, asset administration corporations, mezzanine lenders.

Supply: Beauhurst definition

Funding by stage of evolution

The Beauhurst funding platform means that since 2015 just below half (46%) of all funding was raised by corporations on the Seed stage. An additional 43% was raised by corporations on the Enterprise stage, and simply 11% of fundraising occurred for corporations on the Progress stage.  This may occasionally replicate the exit-nature of the sector (examples are outlined above and embody, e.g., SuperAwesome and many others)., with most of the bigger security tech suppliers not too long ago merged or acquired by multinational organisations.

Evaluation of funding raised in 2022 suggests a comparatively bigger proportion of Progress stage corporations elevating many of the funding (19% of corporations, 76% of funding). The evaluation for 2022 is printed in Determine 5:2 which additionally outlines variety of investments and worth by Beauhurst funding stage.

Determine 5:2 Variety of investments and worth of funding by stage of evolution (2022)

Stage	Variety of investments
Seed	9 (56%)
Enterprise	4 (25%)
Progress	3 (19%)

Stage	Worth of investments
Seed	£6.5 million (10%)
Enterprise	£8.8 million (14%)
Progress	£48 million (76%)

Funding by area

The next diagram units out an outline of funding (worth) inside devoted security tech suppliers for 2022 by area. This demonstrates that London was essentially the most lively area for funding (reflecting 56% of whole funding made). Yorkshire and the Humber additionally carried out strongly with 29% of whole funding raised.

Determine 5:3 Funding by area

Supply: Beauhurst

The remaining funding was distributed throughout the South East, Scotland, and North West (15% of funding raised).

Funding by firm providing

For the 15 corporations that secured funding in 2022, the evaluation means that:

• £38 million has been invested in corporations that present options that determine and take away unlawful content material, or that can be utilized to assist legislation enforcement. This consists of corporations corresponding to College, Raven Science, Cyacomb, Securium and Pimloc.

• £8.1 million has been invested in corporations that present options that assist content material moderation and model administration. This consists of corporations corresponding to Arwen AI, Checkstep, and ContexAI.

• £18 million has been invested in Logically, a agency centered on tackling disinformation on-line.

• £1.5 million has been invested in corporations that present options that assist age oriented on-line security. This consists of corporations corresponding to GoBubble, Azoomee, Verifymyage and SafetoNet.

• Please observe that the classification of every of the protection tech corporations listed above is indicative, with most of the corporations providing companies in a couple of space, e.g., Cyacomb is famous as offering companies to sort out unlawful content material, however can be included in content material moderation.

5.4 Grants and assist

Beauhurst has additionally been used to determine the place tracked corporations have been in receipt of grants from public our bodies. Please observe that this evaluation displays solely grants obtained by corporations tracked on the platform, and is subsequently unlikely to current a full view of the sector, as a substitute providing an indicative view solely.

We have now recognized 55 grants obtained by 24 tracked security tech suppliers since 2015. The worth of grants vary from c. £1,000 to £475,000, with the median worth of grants of c. £100,000.

In whole, c.£7.4 million price of funding was made out there by way of grants. The determine beneath demonstrates how nearly all of funding was awarded to corporations on the seed stage, which can also be per the full variety of grants.

Determine 5:4 Funding awarded, and variety of grants awarded by stage of evolution

Stage	Variety of grants
Seed	40 (73%)
Enterprise	10 (18%)
Progress	3 (5%)
Established	2 (4%)

Stage	Worth of grants
Seed	£5,400,000 (74%)
Enterprise	£1,100,000 (15%)
Progress	£419,000 (6%)
Established	£393,000 (5%)

Supply: Beauhurst

Innovate UK KTN was the primary supplier of grants to the protection tech sector, with whole worth detailed beneath alongside the names of different recognized grant programmes:

Desk 5:1 Grant worth by funder

Grant supplier	Quantity awarded	Proportion of whole
Innovate UK KTN	£5.4 million	74%
Defence and Safety Accelerator (DASA)	£1.1 million	£15%
SMART – Innovation funding for SME prototype improvement	£220,000	3%
SMART Scotland: Feasibility venture research	£200,000	3%
SMART – Innovation funding for SMEs (Proof of idea grant)	£99,000	1%
Different [footnote 7]	£252,000	3%
Whole	£7.4 million	100%

Supply: Beauhurst

Additional evaluate of Innovate UK KTN grants awarded to security tech suppliers means that, between 2015 – 2022, grants have been usually awarded throughout 9 kinds of analysis areas.

This consists of grants awarded for tasks that target:

• Digital Forensics (c. £1 million, 14% of funding awarded)

• Ethics and Explainable AI analysis (c. £855,000, 12%)

• Laptop Imaginative and prescient and Picture Evaluation (c. £840,000, 11%)

• Content material Moderation and Model Security (£693,000, 9%)

• Disinformation (£514,000, 7%)

• Cellular Units and Security (c. £484,000 7%)

• Regulatory Compliance in Promoting (c. £475,000, 6%)

• Defending kids from image-based abuse (c. £398,000, 5%)

• Detection and prevention of fraud (£260,000)

• Different (c. £1.85 milion, 25%)

It is very important think about grant funding within the context of firm overheads and venture prices, that are vital for the sector. This means that grant funding could also be extra applicable for corporations with the capability to match the funding offered.

Regardless of this, it’s price noting that the twenty-four corporations which have obtained c.£7 million in grants have subsequently raised £38 million in exterior funding in 2022 alone.

This displays the significance of continued grant and problem fund assist, as such grants may also help security tech organisations to facilitate community improvement, pitching abilities, and safe exterior funding. It might nonetheless be priceless to contemplate the function of bigger grants to assist non-micro corporations as they proceed to scale.

5.5 Consultee views on the funding panorama

Throughout the security tech one-to-one consultations, we requested companies for his or her views on funding. Consultees counsel that:

• Though funding has elevated year-on-year from the unique security tech examine, it’s perceived that it’s more durable for security tech corporations to boost funding when in comparison with conventional expertise corporations: Evaluation of security tech funding knowledge means that 60 corporations have raised funding. Consultees counsel that this funding is probably going as a result of potential of some security tech suppliers to to determine a powerful narrative and use case for his or her product, alongside an elevated consciousness amongst traders of the Belief and Security panorama. With that being mentioned there’s nonetheless much more to be completed to encourage funding in security tech. There are a variety of things recognized by consultees that affect the extent to which traders are prone to spend money on security tech (outlined in subsequent factors beneath).

• Not like conventional tech sectors, security tech lacks the infrastructure to assist funding elevating, and consultees counsel extra might be completed to encourage funding: Consultees which are presently elevating funding within the UK counsel that in contrast to different areas of tech there’s a restricted roadmap to assist security tech corporations. They observe how different sectors have higher infrastructure which incorporates, for instance; entry to sector-specific accelerators and engagement occasions. This in flip could make it harder for security tech suppliers to boost funding. Consultees additionally counsel that  traders have larger curiosity in core tech sectors (e.g., cyber safety) and companies with a nicely established industrial mannequin, e.g., a subscription-based strategy. Whereas consultees counsel that these limitations are partly as a result of nascent nature of the sector, they’ve additionally famous that the present degree of presidency assist for the sector must  be strengthened.

• Buyers might be extra prone to have interaction with the sector as soon as the On-line Security Invoice reaches Royal Assent: Consultees observe that the passage of the On-line Security Invoice will assist funding within the UK. In some sub-sectors, traders could also be much less prone to make investments till they’re higher knowledgeable of what measures might be in place to implement the On-line Security Invoice, and the way this can influence trade.

• Uncertainty round Large Tech corporations has an affect on investor confidence: Consultees have famous what number of Large Tech suppliers are presently in a transition interval and that this has resulted in adjustments to their finance fashions, governance buildings and focus as an organisation. Consultees have famous that this degree of uncertainty influences the extent to which traders view some security tech choices as appropriate for funding.

• Buyers are being extra cautious with their funds – however they nonetheless have the cash (‘dry powder’) to take a position: Consultees have famous that funding is down throughout sectors and it has been steered that this can be a results of traders turning into more and more selective over which corporations they spend money on versus what funding is offered.

6. Rising the protection tech sector

6.1 Introduction

This part explores how public consumers may also help to advertise and develop security tech options, and supplies a snapshot of the UK procurement panorama.

Key insights counsel that:

• Ofcom have taken quite a lot of steps because it prepares for its function as on-line hurt regulator within the UK whereas additionally exhibiting demonstrable enforcement within the space of age assurance.

• Ofcom can also be supporting World Financial Discussion board efforts to develop a principle-based strategy to on-line security, demonstrating the worldwide course of journey and standardisation throughout the belief and security panorama.

• There have been quite a lot of problem funds in recent times, and whereas consultees have highlighted the worth of this assist they’ve additionally famous that the present ambiguity round future laws and enforcement has resulted in an elevated effort on international markets and diversification of providing to areas outdoors of security tech.

• Since 2015, procurement knowledge means that the UK public sector has commissioned a complete of 326 contracts in relation to ‘belief and security’ and on-line security – with a contract worth of £76 million. Key consumers embody DSIT, Ofcom, Dwelling Workplace and the Division for Training, regarding each the procurement of companies, merchandise, and commissioning of analysis.

6.2 The UK strategy to on-line security

There are a number of ongoing initiatives that spotlight the dimensions of ambition for on-line harms regulation.

As famous, the UK’s On-line Security Invoice is presently on the committee stage within the Home of Lords. In preparation for the invoice reaching Royal Assent, Ofcom are getting ready for his or her function because the UK’s on-line security regulator and as of early 2023 have put out a name for proof^{[footnote 8]} on the dangers of harms to kids on-line and the way they are often mitigated (open January  to March 2023). Perception from this name for proof will inform Ofcom’s draft code of observe and steering.

Ofcom have additionally launched an enforcement programme (open January 2023) ^{[footnote 9]} into age assurance measures of UK grownup websites. This enforcement might be in place underneath present powers to control video-sharing platforms within the UK and follows Ofcom’s report revealed in October 2022, which highlights what number of small UK-based grownup websites could not have strong measures in place to stop kids accessing grownup content material. This enforcement is happening in place with wider work at Ofcom to determine different organisations within the video-sharing platform sector that fall underneath the remit of Ofcom enforcement.

Ofcom can also be participating in multi-stakeholder international efforts to construct shared on-line security instruments by way of its membership of the World Financial Discussion board’s World Coalition for Digital Security^{[footnote 10]} which is presently growing a principle-based strategy to advancing digital security in a rights-respecting approach. Most not too long ago, in January 2023, the coalition revealed its White Paper titled  World Rules on Digital Security: Translating Worldwide Human Rights for the Digital Context. ^{[footnote 11]}

The Info Commissioner’s Workplace (ICO) can also be concerned in quite a lot of initiatives related to the protection tech sector. It’s going to, for instance, guarantee digital accountability by way of its Age-appropriate Design Code which units fifteen requirements that on-line companies need to observe to make sure compliance to kids’s knowledge safety legal guidelines. ^{[footnote 12]} The ICO units out ambitions to observe this code by way of a sequence of proactive audits, utilizing varied powers to take motion for a breach of GDPR by issuing, e.g., warnings, reprimands, stop-now orders and fines.

The info safety legal guidelines, regulated by the ICO, complement the web security regime by requiring organisations to make use of, share and innovate with private knowledge responsibly and holding them accountable for his or her practices. Along with providing a set of innovation companies, the ICO additionally displays conformance with its Youngsters’s code, which explains how on-line companies prone to be accessed by kids within the UK can appropriately safeguard kids’s private knowledge.

Authorities can also be facilitating export exercise. For instance, the Division for Worldwide Commerce (DIT) delivered a UK-Singapore Digital Financial system Settlement (DEA) Commerce Mission in September 2022. ^{[footnote 13]} This adopted a dedication throughout the DEA, for the UK and Singapore to collaborate in Security and Safety On-line, recognising that protected and safe on-line environments assist the digital economic system.

6.3 Supporting the protection tech sector

For the reason that authentic sectoral examine was revealed in 2020, the infrastructure out there to assist the protection tech sector has grown. This consists of the institution of the On-line Security Tech Trade Affiliation^{[footnote 14]}, which is the UK physique for organisations working in security tech; and the worldwide Security Tech Innovation Community^{[footnote 15]}, which is funded by DSIT and delivered by Innovate UK KTN. ^{[footnote 16]}

There have additionally been a number of initiatives in recent times to assist corporations working within the security tech sector corresponding to DSIT’s On-line Security Information Initiative. This initiative was designed to check methodologies to facilitate higher entry to greater high quality knowledge to assist the event of expertise to determine and take away dangerous and unlawful content material from the web. As a part of the initiative over seventy interviews with sector stakeholders have been carried out and 5 macro issues going through the sector have been recognized alongside twenty-three potential options. ^{[footnote 17]}

The Security Tech Problem Fund^{[footnote 18]} additionally supported 5 tasks designed to enhance the response to little one sexual exploitation and abuse on-line combining modern approaches developed by security tech corporations, teachers and third sector organisations. Every funded firm obtained £85,000 to develop their options and improve authorities and security tech collaboration in addressing how accountable innovation can put kids’s security on the centre of expertise design and deployment.

Extra not too long ago, DSIT has partnered with Dwelling Workplace, GCHQ and Innovate UK KTN to take a position £700,000 in innovation tasks that improve UK capabilities in defending kids on-line^{[footnote 19]}, specializing in content material moderation concerning the sharing of hyperlinks to little one sexual abuse materials, detecting and disrupting the modification of hyperlinks and areas facilitating CSAM entry, together with gateway and torrent websites.

Help for early-stage corporations was additionally made out there through the Security Tech Academy, a assist that focused a cohort of early-stage companies to check methods to assist them in creating good merchandise, sustainable enterprise, and influence.

6.4 Belief and security procurement within the UK

A key-word search of belief and security language on the Tussell procurement platform has been used to supply an indicative view of public sector demand for security tech services and products throughout authorities, alongside commissioned analysis tasks. Evaluation means that there was a rise in contracts 12 months on 12 months that use terminology related to the belief and security ecosystem. Determine 6.1 suggests a complete of 326 contracts valued at £76 million between 2015 and 2022.

Determine 6:1 Security tech contracts by begin date – recognized with key phrase search

Supply: Tussell procurement platform (March 2023)

Key consumers inside this market embody the:

• DCMS, commissioning twenty-seven contracts regarding, e.g., analysis and mapping, coaching, and sector assist, with values starting from £10,000 to £1.3 million.

• Ofcom, commissioning seventeen contracts regarding, e.g., analysis and mapping, and coaching and sector assist, with values starting from £25,000 to £1.7 million.

• Dwelling Workplace, commissioning fourteen contracts regarding, e.g., analysis and mapping, and technical companies, with values starting from £50,000 to £6 million.

• Division for Training, commissioning fourteen contracts regarding, e.g., technical companies, with values starting from £1,000 to £2.8 million.

7. Export and worldwide exercise

7.1 Introduction

The next part explores the efficiency of the UK security tech sector when in comparison with different nations and sectors. This continues for use as an illustration of the potential for future progress of the sector.

7.2 An export-driven home market

Inside this analysis, we sought to determine corporations that demonstrated an export presence (e.g., by way of gross sales, or workplace location). We estimate that over half (54%, 60 corporations) of devoted UK-based security tech corporations have a world presence. On condition that an estimated 9.8% of all UK SMEs export^{[footnote 20]} this demonstrates the comparable significance of exporting for UK security tech corporations. The export sector is much more vital for bigger security tech corporations: of the biggest 20 UK headquartered corporations by income, ninety % (18 corporations) have demonstrated some type of worldwide or export exercise.

The analysis group carried out a evaluate of UK-headquartered security tech suppliers, figuring out the nations during which they’ve an workplace location. That is outlined within the Determine beneath and suggests a powerful presence in america (with 17 UK-headquartered corporations establishing an workplace within the nation). Different nations which have greater than a few corporations establishing a location embody Germany, Canada and Australia. A presence in these nations highlights what number of UK security tech corporations are establishing workplaces internationally in nations with on-line security laws.

Determine 7:1 UK-based corporations with a presence in different nations

Supply: Perspective Economics

7.3 Consultee views on security tech markets

Each UK-headquartered and worldwide consultees offered suggestions on each the home and key export markets serviced by security tech corporations. Key insights are outlined beneath:

United Kingdom

From a world perspective the UK is seen as a lovely vacation spot, and a number of other consultees have famous the robust status that UK security tech suppliers have within the international market. The assorted authorities initiatives carried out thus far (see pg. 2), and OSTIA have additionally been praised, alongside the talent degree out there in UK areas, which is considered as gifted and aggressive.

United States

A number of consultees have famous that they’ve or intend to arrange a subsidiary within the US market. That is due primarily to the excessive proportion of enterprise that they obtain from this market. Consultees have additionally famous the excessive ranges of funding out there for US-based security tech suppliers, whereas additionally praising the growing analysis and coverage base within the area; each of which have been highlighted as an indication of a rising market.

In 2022, VC agency Paladin Capital^{[footnote 21]} revealed In the direction of a Safer Nation: The USA Security Tech Market stating “now could be the time to accentuate investing in security tech options for human-level safety and safety in our on-line world. We see security tech as an modern ecosystem, an rising international trade to align carefully with Paladin’s mission, funding thesis, and experience.”

Australia

Consultees counsel that the Australian Authorities has demonstrated its dedication to combating hurt on-line by way of motion. This in flip has led a number of security tech suppliers to supply companies on this market. When in comparison with different geographical areas, stakeholders have famous the next degree of consciousness from consumers which has facilitated entry into the market.

European Union

Consultees have famous expansions into Germany and the Netherlands, suggesting that there’s robust dedication inside each nations to use security tech. Consultees have additionally steered that by way of discussions of on-line security extra usually within the EU, potential shoppers have larger consciousness of the necessity for intervention that underpins security tech interventions.

Consultees have additionally steered that the completely different authorized programs throughout EU member states and the UK have resulted in wider principle-based regulatory approaches to on-line security, which place emphasis on programs and processes.

8. Key findings

Updating the ‘security tech’ definition

Security tech suppliers develop expertise or options to facilitate safer on-line experiences, and shield customers from dangerous content material, contact or conduct. For instance, these applied sciences:

• Detect and take away identified unlawful imagery, regarding little one sexual abuse or terrorism;

• Assist moderators detect and tackle dangerous or unlawful consumer interactions, corresponding to cyberbullying or grooming;

• Assist platforms detect perceive use of platforms by kids;

• Work at gadget degree to restrict publicity to dangerous materials; and

• Establish potential sources of disinformation and promote verified details.

For the reason that authentic examine there have been two updates to the protection tech taxonomy. This consists of an replace in scope that features applied sciences that:

A view of the UK security tech market

A rising market – there are 133 devoted security tech companies throughout the UK, producing £456 million in annual revenues in 2022.

Maturing funding panorama – a document £64 million was raised in 2022, which highlights that traders stay attracted by the sector regardless of wider funding tendencies.

Employment – security tech companies rent over 3,300 full-time equal (FTE) workers within the UK.

A robust export sector – over half (54%) of UK-headquartered security tech corporations have an identifiable worldwide presence.

In the direction of a billion-pound sector

We have now detected robust ongoing progress tendencies throughout the sector.

The sector might attain a billion-pound sector, primarily based on present tendencies – if present progress tendencies of 26% every year proceed, the sector might generate £1 billion in annual revenues by c.2026. Whereas this means a strengthened sector, there are a number of elements underpinning progress tendencies:

Continued assist for exporting corporations – UK security tech suppliers are established in worldwide markets and the companies they supply are thought of high-quality. It’s important that the UK corporations that export obtain continued assist to keep up their place as world main.

A transfer in direction of regulation – The appliance of security tech in on-line areas might be pushed by rising coverage and the enforcement course of put in place each within the UK and throughout international areas. This consists of the On-line Security Invoice  which is presently passing by way of parliament. Consultees observe the significance of the invoice, and the next enforcement and the usage of the invoice as a mechanism to cut back on-line harms and as a lever to develop the sector domestically.

Appendix

Appendix A: methodology

This part units out our analysis methodology for figuring out security tech companies, and capturing their respective financial contribution. This technique is per the earlier 2020, 2021, and 2022 reviews.

Stage 1: knowledge evaluate

The analysis group recognise that security tech is a difficult sector to outline, and can include companies which overlap quite a lot of different sub-domains and classifications.

To assist the event of a sector definition, the analysis group used the preliminary definition and sector taxonomy used throughout the earlier research.

This was subsequently topic to minor revisions, and examined by way of stakeholder workshops to tell a 2023 definition and market taxonomy.

This helped to:

• think about any new language or enterprise fashions utilized by security tech suppliers (e.g. corresponding to public security, content material provenance, model security)

• Establish any corporations not beforehand recognized, or latest start-ups in security tech

• Establish the place any platforms are integrating belief and security options, which may have market implications

The venture group additionally reviewed all the latest 2022 record of devoted security tech corporations, excluding any which have ceased buying and selling, in addition to the record of c. 600 international security tech companies so as to discover any worldwide corporations registering within the UK. The aim of this step was to determine any new key phrases, corporations, or organisations related to the protection tech area, previous to the revised taxonomy and agency identification course of.

At this preliminary stage, the venture group recognized as many potential enter sources or pre-existing lists of corporations categorised as related to quite a lot of agreed high-level phrases e.g. content material moderation, digital forensics, VAWG and many others, in addition to ‘new’ areas set out inside DSIT’s ITT corresponding to fraud and public security. This supported the venture group to construct upon the earlier 12 months’s record, in addition to the inclusion of extra suppliers that match into the revised taxonomy.

Perspective Economics holds quite a lot of datasets and licence agreements to assist determine related companies. Evaluation was undertaken with Corporations Home knowledge, Beauhurst, Tussell, internet knowledge, and FDI Markets to assist determine corporations for potential inclusion within the sectoral modelling. The long-list was subsequently reviewed to supply:

• A working record of preliminary key phrases to assist higher classify security tech corporations, and allow subsequent classification and taxonomy updates.

• Markers for every of the businesses recognized thus far to spotlight broader validation for inclusion throughout the closing security tech sector record. For instance, if a agency has a transparent description the place they’re growing security tech merchandise, has a group of engineers and knowledge scientists, and has secured exterior funding or validation – this is able to be a powerful candidate for inclusion. If a agency is simply recognized in a small variety of sources, and / or has a extra restricted aligned definition – this is able to be topic to a handbook evaluate.

Stage 2: taxonomy improvement

In 2019, Perspective Economics designed the primary security tech sector taxonomy, in collaboration with DCMS and trade stakeholders. This recognised a must set out the core services and products supplied, in addition to the expertise, harms addressed, strategy, and profit to finish customers.

In 2023, Perspective Economics engaged with OSTIA and DSIT to supply an replace to the prevailing taxonomy. Please observe that when updating the taxonomy, the venture group sought to make sure that DSIT ought to have the ability to observe the continued progress of the sector over time, and subsequently any updates to the unique taxonomy have been iterative.

Minor updates to the taxonomy are set out within the report, and embody consideration of the On-line Security Invoice, in addition to market give attention to areas corresponding to model security, public security, content material, cyber-physical security, and fostering optimistic consumer interactions. A full overview of steps taken to replace the protection tech taxonomy is printed in Appendix B.

Stage 3: identification of corporations and preliminary modelling

Utilizing the up to date taxonomy and key phrases, the venture group searched for added corporations to incorporate inside this examine. All firm knowledge was enhanced utilizing a mix of proprietary sources (incl. Beauhurst, Lightcast, FDI Markets, internet knowledge (utilizing identification algorithms), and Corporations Home). Sector modelling included an evaluation of firm accounts, funding knowledge, and estimated group sizes to determine an preliminary evaluation of how the protection tech sector has grown, and helped to determine any gaps for subsequent major analysis (consultations).

Stage 4: major analysis

Perspective Economics and PUBLIC spoke with over 30 consultees. Consultations included trade, traders, and wider stakeholders within the UK and internationally. Discussions consisted of:

• A full introduction, and background to the examine, together with the significance of the findings for the protection tech sector and reassurance / hyperlink to the venture privateness coverage

• Dialogue of the organisation’s engagement with on-line security / security tech / belief and security

• Exploration of related themes (progress of the sector, challenges for the adoption of security tech, the place intervention or assist could be most applicable, drivers for progress, potential influence of regulation on the protection tech trade and many others)

• Key limitations to enterprise improvement and progress.

• Identification of enterprise partnerships or provide chain actions, or engagement with R&D.

Appendix B: taxonomy replace

Definition context and concerns

The Division for Digital, Tradition, Media and Sport (DCMS) revealed the Safer Expertise Safer Customers report in Might 2020. This analysis piece was carried out by Perspective Economics with advisory enter from Professor Mary Aiken and Professor Julia Davidson and supplies a top level view of the web security expertise or security tech sector profile within the UK.

A lot of steps have been taken inside this authentic examine to outline the scope of the protection tech sector. Elements thought of embody:

• the technical response utilised to cut back hurt, corresponding to detection and removing of unlawful and dangerous content material, age-appropriate design or age-based safeguarding, detection of disinformation, and or content material filtering and many others)

• the sort of hurt concerned that options search to deal with, (corresponding to unlawful video and image-based content material, hate speech, little one exploitation, sexual materials, private hurt, violence, bullying and harassment and many others.)

• the sort and extent of the danger concerned: for instance, figuring out options that may detect and notify platforms and legislation enforcement about excessive danger behaviours on-line.

• these at most danger of hurt, corresponding to kids and younger folks, these susceptible to grooming or radicalisation, or those that will not be conscious they’re uncovered to hurt e.g., disinformation or deep fakes and many others.); and

• the applied sciences and approaches deployed to counter the hurt (for instance, understanding the technical approaches deployed, for instance danger detection and response by way of synthetic intelligence (AI) or machine studying (ML) approaches.

For the needs of this analysis, we retain the next definition of the protection tech sector:

Any organisation concerned in growing expertise or options to facilitate safer on-line experiences, and to guard customers from dangerous content material, contact or conduct.

When contemplating ‘on-line security’ within the broadest sense, the dangers can embody:

• Content material: being uncovered to unlawful, inappropriate, or dangerous materials;

• Contact: being subjected to dangerous on-line interplay with different customers; and

• Conduct: private on-line behaviour that will increase the chance of, or causes, hurt.

As such, this analysis seeks to determine organisations that present or implement technical merchandise or options that both assist to:

• Defend customers from social harms when utilizing expertise and on-line platforms or companies (usually by way of filtering or controls, or by way of detection and removing of doubtless dangerous content material); or

• Present mechanisms to flag, reasonable, or intervene within the occasion of unlawful or dangerous incidents when utilizing on-line platforms or companies.

For avoidance of doubt, this analysis seeks to determine and perceive organisations that:

• Assist hint, find and facilitate the removing of unlawful content material on-line;

• Work with social media, gaming, and content material suppliers to determine dangerous behaviour inside their platforms;

• Monitor, detect and share on-line hurt threats with trade and legislation enforcement in real-time;

• Develop trusted on-line platforms which are age-appropriate and supply parental reassurance for when kids are on-line;

• Establish and counter fraudulent promoting and scams on-line;

• Help people in sustaining and limiting entry to private knowledge, or reply to incidents of doxxing or revenge porn

• Confirm and guarantee the age of customers;

• Actively determine and reply to situations of on-line hurt, bullying, harassment and abuse;

• Filter, block and flag dangerous content material at a community or gadget degree;

• Detect and disrupt false, deceptive, or dangerous narratives; and

• Advise and assist a group of moderators to determine and take away dangerous content material.

As mirrored on this record, given the dimensions of on-line harms that exist, there are a variety of technical and utilized options that may assist counter these, and our analysis seeks to determine the dimensions and breadth of approaches that exist out there.

Taxonomy context

The event of a sector taxonomy which establishes a standard definition of the completely different elements of the sector was central to this authentic analysis examine. The event of the taxonomy was knowledgeable by two in individual workshop occasions and over forty semi structured stakeholder interviews. The ultimate output supplies a foundational construction on which subsequent updates are primarily based, finally supporting DSIT’s potential to trace sector progress and to information coverage improvement within the security tech space.

The preliminary security tech sector taxonomy was developed within the authentic 2020 examine and used for 2 subsequent yearly replace reviews in 2021 and 2022.

Updating the UK security tech taxonomy

The prevailing UK security tech taxonomy utilized by DSIT is being reviewed to make sure it displays each adjustments throughout the sector, technological improvements, and the altering panorama of on-line harms. Preliminary updates have been made in early January and have been carried out by Perspective Economics with assist from PUBLIC and Professor Mary Aiken and reviewed internally by DSIT colleagues. A abstract of steps taken are outlined beneath:

Step 1: Perspective Economics carried out a refresh of their worldwide record of security tech suppliers, conducting evaluation of newly recognized suppliers and / or present suppliers which have additional developed companies to determine emergent areas of security tech.

Step 2: Evolving on-line security laws alongside the broader market context of security tech have been thought of and factored into design.

Step 3: Rising proof was refined with DSIT colleagues and subject material specialists at an inner workshop in mid-January

Up to date taxonomy

Degree one: system-wide degree elements

This refers to organisations concerned on the highest ranges, to hint, find and take away (or assist to facilitate the removing) of unlawful content material on-line.

These organisations assist to determine and sort out a number of the web’s most dangerous content material e.g., little one sexual abuse and exploitation, terrorist content material. This may be achieved by way of:

• Working carefully with legislation enforcement to help with investigative capabilities e.g., use of forensic science instruments to scan and detect identified unlawful content material utilizing MD5 hashes, or use of AI and instruments to determine patterns^{[footnote 22]} of dangerous behaviour on-line;

• Sustaining and offering entry to expertise aimed toward stopping the add, and facilitating the removing of unlawful content material e.g., the IWF’s Hash Record (with Microsoft PhotoDNA); and

• Combating abuse or threats with automated content material evaluation and synthetic intelligence e.g., automated detection of terrorist content material, together with beforehand unseen materials.

Please observe that the proposed updates on the system degree additionally think about the harms related to fraudulent on-line commercials^{[footnote 23]} and commerce.

Degree two: platform degree elements

This refers to organisations which are concerned in making on-line companies safer and usually work on the platform degree i.e., work alongside social media, gaming, and content material suppliers to enhance security and behavior inside their platforms. These have been segmented into the sub-categories, outlined within the subsections beneath.

Platform governance

These organisations are centered upon serving to suppliers of on-line content material to manipulate their providing with respect to unlawful content material. While there’s some overlap with ‘System Governance’, that is extra centered on organisations that assist to sort out points corresponding to:

• Embedding prevention mechanisms e.g., utilizing machine studying to ban the manufacturing of indecent underage imagery on social media platforms;

• Figuring out and blocking dangerous photographs and movies in real-time; and

• Figuring out little one abuse or grooming in conversations.

Platform moderation and monitoring

These organisations additionally assist suppliers of on-line content material to observe and reasonable behaviour and content material posted inside their platforms. That is usually centered upon lowering dangerous content material or behaviour e.g., offensive language, bullying, or poisonous content material, fraudulent on-line commercials and commerce^{[footnote 24]}. This will embody:

• Moderation and monitoring of content material e.g., pre-moderation or post-moderation of content material, undertaken by automated content material evaluation and / or people;

• Chat moderation e.g., figuring out and eradicating customers topic to language or phrases used; and

• Behavioural Monitoring e.g., figuring out good and dangerous behaviour, usually utilizing Pure Language Processing inside on-line communities.

Age oriented on-line security

These organisations search to assist on-line content material suppliers in guaranteeing that their platforms are both:

• Age-appropriate and enhance the privateness of kids on-line (e.g., compliant with GDPR-Ok, or that the content material and entry necessities are appropriate ought to the web site or app be focused at under-18s, thereby guaranteeing ‘security by design’), or present

• Age assurance companies (i.e., assist corporations to validate and ensure that solely explicit age teams can entry explicit content material).

Degree three: endpoint degree elements

This refers to organisations that present services or products that assist to make sure that the gadget being utilised by the end-user is suitably safe with respect to on-line security. This focuses upon on-line security options (i.e., guaranteeing that the consumer’s dangers with respect to content material, conduct, and make contact with are lowered). It doesn’t embody endpoint safety from viruses, malware, or adware – that are coated by ‘cyber safety’. Person safety on the endpoint degree might be segmented into two essential classes.

Person initiated safety (consumer, parental and device-based)

This consists of organisations that present services or products that may be put in on units to assist safe the end-user from on-line harms (usually a mother or father or guardian putting in on behalf of a kid). The underlying ambition is to create a safer on-line expertise for the consumer e.g., by way of safeguarding assistants, oversight of social media content material, or by way of monitoring of a kid’s digital or on-line behaviour and interplay with different customers. The place deployed, these options may also help to stop points regarding sexting, grooming, bullying, harassment, abuse, or aggression. Options may additionally assist customers in selling consciousness of private  knowledge rights and  / or stopping public entry to personal data (the place consent shouldn’t be offered) e.g. supporting  these affected by ‘revenge porn’^{[footnote 25]}

Community filtering

This consists of organisations concerned in offering services or products that actively filter content material (e.g., by way of white-listing or black-listing, or by way of actively blocking content material perceived to be dangerous or unlawful). This will usually embody options offered to varsities or house customers to filter content material for customers.

Degree 4: data atmosphere degree elements

This refers to organisations that actively detect and disrupt false, deceptive and / or dangerous narratives.

Info governance

This consists of tackling misinformation and disinformation by way of the availability of reality checking and disinformation analysis and disruption. Organisations inside this house search to make sure citizen data accuracy and facilitate belief within the data atmosphere and wider society.

Degree 5: different suppliers

On-line security skilled companies

This consists of organisations usually concerned in supporting the design, implementation and testing of on-line security by way of the availability of compliance companies, analysis, frameworks and methodologies for auditing, evaluating or mitigating potential harms, and assist to allow the event of safer on-line communities.

Help

Additional, this evaluation has additionally sought to determine organisations concerned in supporting the event and scaling of on-line security services and products however accomplish that in an advocacy capability e.g. civil society organisations.