Figures recently released by the Department for International Trade suggest the country is on track to account for less than 2% of global cyber security sales by 2021.
This is in stark contrast to the wider UK’s defence and security exports, where it holds about 18% of the global defence market and 7% of the global security market.
In an interview with Sky News, the international trade secretary described the situation as “almost paradoxical” because the UK is at the “cutting edge of the technology” development itself.
Dr Fox said he had reorganised the UK’s Defence & Security Organisation (DSO) because there are significant differences in selling arms and selling security products.
Separating the pair into different strands is intended to allow the department to concentrate on growing cyber security exports as effectively as the UK sells arms.
“Defence, particularly big defence projects, are increasingly government-to-government [sales],” Dr Fox said, referencing the sale of Eurofighter Typhoon aircraft.
Cyber security sales on the other hand are much more likely to come from SMEs rather than big primes, and so do not complete in large multibillion transactions at a time.
This could account for the disparity between the UK’s cyber security exports and defence exports in real numbers, but not in terms of proportion.
“We’re at a relatively low share of global security sales,” Dr Fox acknowledged.
According to government figures, global spend on cyber security is expected to exceed £759bn cumulatively from 2017 to 2021.
The same estimates suggest that the UK’s share of that market would be less than 2% over the same period.
Asked if had an aim for where that share should be, the secretary of state said: “Yeah, up.”
Although a figure wasn’t offered, he said: “As much as we can get.
“Even if you looked across all our security, whether that’s drones, whether it’s electronic surveillance, whether it’s cyber, we should be able to push our security sales up to the level of our defence sales.
“So if we’re getting 18% of the total global security market that would be great for us, and as you say we’re well behind.”
There are a number of technologies which lie outside of the typical cyber export market and are covered by the Wassenaar Arrangement, which controls the export of “dual-use technologies” such as surveillance equipment to prevent them being used by governments known to abuse human rights.
Official statistics show that 11% of the total export licences issued in 2017 were for cyber exports covered by this regime.
Laws in the UK have also been criticised by domestic businesses, although these do not always cover exporting materials which are licensed.
Information assurance firms gave complained that the Computer Misuse Act 1990 is outdated and prevents them from conducting commercial threat intelligence analysis, which competitors in the US and Israel do not have to worry about..
Asked if there was any intention to consider legislative change considering the arguments of such firms, Dr Fox said:
“Obviously we’ve got to strike a balance between promoting UK companies and their ability to still make profits abroad, but we also have very strict rules around exports and security.
“The consolidated criteria that we work against are actually some of the most rigorous rules anywhere,” he added.
“It’s difficult in some areas where the same capabilities can be used for a defensive and an offensive capability, so like a lot of areas the rules around cyber are having to evolve as the technology improves, but [that has to take place] against the established law and criteria we have to operate in.
“We’ve got this almost paradoxical position where the UK is at the cutting edge of the technology” but is doing poorly in sales.
Alongside the reorganisation of the DSO, the international trade department has released a cyber export strategy to assist SMEs in getting into foreign markets.
According to the government’s statistics, Europe has typically been the UK’s largest export market for cyber security, and accounted for roughly 55% of all security exports in 2016.
It is not clear how Brexit will affect these export figures, but all of the key markets targeted in the cyber export strategy are outside the EU.
The strategy has included a partnership with banks to help SMEs acquire export finance on an expedited basis, as accessing loans usually has taken longer than the windows of opportunities that businesses need to take advantage of contracts.
“Now you can go into one of the five big banks and say, ‘I’m an SME, I want access to export finance’, and they can tell you within an hour whether you’d be eligible, and they can close the deal in six days,” said Dr Fox.
“Last year, 78% of all the acceptances for export finance were SMEs – that was virtually a flip from before.”
The international trade department is also developing advisers in markets and will have cyber experts embedded in Washington DC, Dubai, Delhi, and Singapore.
“They’re our key areas where we’re promoting big demand for British products and where the UK already enjoys a high reputation,” Dr Fox added.