The cyber security sector makes an important contribution to safeguarding confidence in the digital economy. Although other sectors than the ICT sector contribute to cyber security as well, the focus in this study is on cyber security services and products within the ICT sector.

SEO Amsterdam Economics has determined the size of the cyber security sector through a survey that was conducted amongst ICT companies. The survey shows that in 2014 about 10 percent of the turnover within the ICT sector was linked to cyber security activities.

Based on the survey and on microdata from Statistics Netherlands (CBS), the report concludes that the cyber security sector’s added value in 2014 was 3.8 to 4.1 billion euros. Companies carrying out cyber activities contributed approximately 0.6 percent to the Dutch GDP in 2014, compared to 0.4 percent in 2010. On an annual basis, the cyber security sector grew 14.5 percent faster than the ICT sector itself. The ICT companies that participated in the survey expect an annual growth of revenues from cyber security activities of approximately 7 percent.

The cyber security sector creates added value by offering products and services that try to reduce cyber risks and repair damage effectively. It is difficult to accurately measure this value for the economy as a whole. This study outlines a number of methods for measuring this value and looks at cyber incidents and the extent of the damage as a possible indicator. Due to methodological limitations it turned out to be impossible to draw firm conclusions about the added value of cyber security.

Based on the input of around 30 experts from the sector (through interviews and round table discussions), an analysis was made of the strengths, weaknesses, opportunities and threats of the Dutch cyber security sector. This SWOT analysis indicates that market failure may occur: despite the sector’s growth, something is going wrong in the market, in particular due to asymmetric information, knowledge spillovers and network effects, market power and the hold-up problem and other bottlenecks (e.g. behavioural problems). The study makes suggestions for addressing these bottlenecks.