Cyber security is not your typical tech industry. Its companies are more demure and measured in how they market themselves. Compared to their flamboyant tech cousins, they go about their business in a more stealthy style befitting the products and services they provide. Perhaps then it’s no surprise that a place like Northern Ireland, often under-the-radar itself, has become the “Cyber Security Capital of Europe”.
What is springing from the bricks and slipways of the old Harland and Wolff shipyard made famous by Titanic is not just home to a world-renowned movie studio. In the shadow of the iconic yellow gantry cranes known as Samson and Goliath is the epicenter of a living, breathing technology cluster.
It is a little known fact that Northern Ireland is the number one location in the world for cyber security inward investment (FT fDI Markets 2013-16) and the number one global destination for US cyber security companies with an eye for international expansion.
As the industry descends upon Belfast in the coming days for the annual OWASP AppSec European conference, it’s an ideal time to look at the reasons why Northern Ireland’s place in this ever important global industry has emerged so prominently.
Genesis of an Industrial Reinvention
Belfast’s burgeoning role in cyber security was born a decade ago when Queen's University created the UK's Centre for Secure Information Technologies (CSIT) in the docklands area in 2008 with a mission to help companies commercialize emerging cyber security technologies. Now home to an impressive hub of security verification and authentication technology businesses, CSIT is a place where top-level academic researchers and starts ups regularly collaborate with some the largest U.S. firms in Northern Ireland.
CSIT is also leading a European project to create new security coding that will provide greater defenses against cyber attacks for today’s systems, while ensuring compatibility with the next generation of quantum computers. The project consortium includes Ruhr-Universitat Bochum in Germany, Università della Svizzera Italiana, in Switzerland, INRIA in France and from industry Thales Research & Technology Limited, EMC Information Systems International Ltd and HWCommunications Ltd.
Northern Ireland’s investment in CSIT and in developing a robust cyber security talent pool has already reaped significant dividends. An ultra-competitive recruitment market has driven U.S. tech companies to look overseas for talent, and Northern Ireland has taken advantage. Companies have been pouring into the area over the last few years enticed by the hard-to-find skillsets being nurtured at Queen’s and Ulster University.
For instance, before making its decision on where to expand its Center for Open Source Research and Innovation, Massachusetts-based Black Duck advertised positions it was seeking to fill in both Boston and in Belfast. The result? Belfast produced five times as many qualified applicants as the U.S.
Black Duck CEO, Lou Shipley, said in November: “We recognized very quickly that Northern Ireland has both the high-quality tech professionals to meet our open source research needs and a growing cluster of cyber security focused businesses which will continue to attract more attractive candidates as we scale our business there."
Other U.S. cyber companies such as Rapid 7, Proofpoint, Alert Logic and Whitehat are recent investors here – and for them too, talent was the key reason for their location decision.
Gerald Hanweck, company founder and Chief Executive of New-York-based risk analytics provider Hanweck Associates said: "We chose Northern Ireland because of its skilled workforce, strong universities and research centers, high-tech infrastructure and competitive cost structure."
Similarly, Gary Steele, CEO, Proofpoint Inc said: “We have been very impressed with the technology ecosystem in Northern Ireland, which shares many of the characteristics of Silicon Valley including access to world-class cyber security research at Queen’s University.”
Ever increasing need for skills
The role of cyber security has never been more significant. Its importance to our lives and livelihoods is increasing exponentially and those with the skillsets to contribute to this vital societal need will always have a place in the new economy.
The stats are staggering. Yahoo’s data breaches alone could potentially affect one in seven of the world’s population. Ransomware attacks quadrupled to 4,000 per day from 2015 to 2016, according to the U.S. Department of Justice and all projections tell us that the impact of cybercrime is only likely to get worse.
Research last year from BT and KPMG showed that for large businesses, 97 per cent of IT decision makers have experienced a cyber- attack, with half of them reporting an increase in the last two years.
Accenture too found in its High Performance Security Report (an international study of 2,000 security executives representing companies with revenues of $1bn or more) that the average organization faces 106 targeted cyber-attacks per year, with one in three of those attacks resulting in a security breach.
A Brexit-proof Industry?
While there is no doubt that separation from the European Union will pose challenges for Northern Ireland and the UK –– the reality of a global economy is such that certain needs transcend political paradigm shifts.
As I detailed in my last article Brexit & Northern Ireland: Fact vs. Fiction, investment in the region has continued post referendum vote – and will continue to do so. The need for people with the right skills to support the rapidly growing cyber security industry is a big reason why the region has proven resilient.
Market access is not the only catalyst behind why U.S. companies look overseas and why so many have been undeterred by Brexit politics.
For many, including U.S. cyber security companies, it’s not a significant factor in the decision making process. Northern Ireland has built its value proposition on providing specialized talent, cost competitiveness and quality of life. Northern Ireland office rents, quality housing and salaries are considerably lower than London or Dublin.
These jobs offer a great opportunity for the people of Northern Ireland with salaries typically one-and-a-half times the average local salary and partly why Northern Ireland has the highest percentage of qualified IT professionals in the UK and Ireland with 77 per cent holding a degree level qualification.
And the need for quality cyber security tech skills will only continue to increase in the years to come. Symantec, the security software vendor, has predicted that the number of cyber security jobs will rise to six million globally by 2019, with a projected shortfall of 1.5 million. Northern Ireland is well placed to play a critical role in providing the industry much of the talent it needs to perform these critical duties.
The economic benefits to Northern Ireland are real. Cyber security will be to Northern Ireland what the linen, rope making and shipbuilding industries were to our thriving region a century ago. We believe we can preserve our history and heritage, while carving out this global leadership role in one of the world’s most important industries – and the evidence is as tangible as the view from the windows of CSIT that overlook the dry dock where Titanic herself was built.
Alastair Hamilton is Chief Executive of Invest Northern Ireland, the region’s economic development agency.