TechUK publishes guidelines for UK cyber security exports

TechUK has published a guide to help UK cyber security firms assess the legal and reputational risks of exporting cyber security products

Technology trade association TechUK has published a guide to help UK cyber security firms assess the legal and reputational risks associated with the export of cyber security products.

The Assessing cyber security export risks report was developed in association with the Institute of Human Rights and Business (IHRB) on behalf of the government-backed Cyber Growth Partnership (CGP).

The export of cyber security technologies presents the UK with a significant economic opportunity, and government is working with industry through the CGP to help companies realise this growth.

The government aims to foster £2bn of cyber security exports by 2016, but is concerned that the export of particular technologies could lead to human rights abuses or undermine UK national security.

The guidance aims to help UK firms increase their profitability while ensuring the protection of human rights abroad, UK national security and the country’s international reputation.


  • Look at the capabilities of the product or service they want to export and how it could be used by purchasers;
  • Examine the places where they are exporting to, including their political and legal frameworks, the state’s respect for human rights and potentially vulnerable people;
  • Assess who the end purchaser of the product is and how they intend to use it;
  • Evaluate potential business partners and resellers;
  • Mitigate risk and build risk management clauses into the contract.

Practical steps in managing risk

The first government-backed guide of its kind, it provides practical advice to cyber security companies of all sizes on how to identify and manage the risks of exporting their products and services.

It gives detailed background information and a framework to help companies develop due diligence processes, manage human rights risks and identify national security risks.

The guide is aimed at reducing the likelihood of a buyer being able to use UK technologies to perpetrate human rights abuses through surveillance, espionage or service disruptions.

“Cyber security technologies are crucial for us to enjoy the benefits of the internet but some also have the potential to be misused,” said Ruth Davis, head of cyber, justice and emergency services at TechUK.

Innovation and human rights

We need to prevent them falling into the wrong hands, leading to human rights abuses or the undermining of UK national security.

“Businesses have a responsibility to protect human rights and uphold national security, and this guidance will help UK companies fulfil this responsibility as they work for growth overseas.”

Davis said TechUK wants UK firms to take the lead on protecting human rights and driving innovation in cyber security.

“We believe that ethical business practice is key; human rights and a vibrant British cyber sector are two sides of the same coin,” she said.

Ed Vaizey, minister for the digital economy, welcomed the publication of the guide.

“TechUK’s guide is a valuable and accessible tool, which will help British companies respond with confidence to opportunities in the global cyber security market,” he said.

Government cyber threat competitions

As part of government efforts to boost cyber security exports by UK firms, business secretary Vince Cable announced £4m funding in September 2014 for a competition to help small and medium enterprises (SMEs) develop ideas for countering cyber threats.

The Technology Strategy Board will run the SME competition from March 2015. The government’s innovation agency will fund companies with the best ideas.

Cable said the growth of the cyber security sector in the UK is a success story, worth over £6bn and employing around 40,000 people.

“Maintaining innovation and growth requires continued investment, and committing a further £4m will help businesses of all sizes turn their ideas to counter cyber threats into reality," he said.

In August 2014, the Ministry of Defence (MOD) announced £2m in sponsorship for a competition to find innovative ways of automating cyber defences.

The funding will be split equally between two phases of the competition to identify winning proof-of-concept research proposals for automated responses to threats to MOD computer systems.

The Defence Science and Technology Laboratory’s Centre for Defence Enterprise (CDE) launched phase one of the competition in London on 9 September 2014.

In phase two, funding will be awarded on a per-project basis to the most successful outputs of projects funded in phase one.

Read more on Hackers and cybercrime prevention