Study on the development of statistical data on the European security technological and industrial base

(1)

Study on the development of

statistical data on the European

security technological and industrial

base

Security Sector Survey Analysis: Poland

Client: European Commission DG Migration and Home Affairs

(2)

(3)

Study on the development of

statistical data on the European

security technological and

industrial base

Security Sector Survey Analysis: Poland

Client: European Commission DG Migration and Home Affairs

(4)

About Ecorys

At Ecorys we aim to deliver real benefit to society through the work we do. We offer research, consultancy and project management, specialising in economic, social and spatial development. Focusing on complex market, policy and management issues we provide our clients in the public, private and not-for-profit sectors worldwide with a unique perspective and high-value solutions. Ecorys’ remarkable history spans more than 85 years. Our expertise covers economy and competitiveness; regions, cities and real estate; energy and water; transport and mobility; social policy, education, health and governance. We value our independence, integrity and partnerships. Our staff comprises dedicated experts from academia and consultancy, who share best practices both within our company and with our partners internationally.

Ecorys Netherlands has an active CSR policy and is ISO14001 certified (the international standard for environmental management systems). Our sustainability goals translate into our company policy and practical measures for people, planet and profit, such as using a 100% green electricity tariff, purchasing carbon offsets for all our flights, incentivising staff to use public transport and printing on FSC or PEFC certified paper. Our actions have reduced our carbon footprint by an estimated 80% since 2007. ECORYS Nederland B.V. Watermanweg 44 3067 GG Rotterdam P.O. Box 4175 3006 AD Rotterdam The Netherlands T +31 (0)10 453 88 00 F +31 (0)10 453 07 68 E [email protected] Registration no. 24316726 W www.ecorys.com

(5)

Preface

This Background Report has been produced as part of the study on “Development of statistical data on the European security technological and industrial base” commissioned by the European Commission within the Framework Contract on Security (ENTR/09/050) between the European Commission and a consortium led by Ecorys Nederland B.V. in collaboration with TNO and DECISION.

The Background Report provides an overview of initial findings from a survey of companies active in the (civil) security sector in Poland. It is one of a series of reports covering findings from surveys conducted for: Estonia, France, Italy, Poland, Spain and the United Kingdom. The survey design and subsequent data analysis has been undertaken by Ecorys, while the actual surveying of companies has been conducted by GfK, a specialist market research company. The individual country surveys of companies have been conducted over the period October 2014 to February 2015.

To obtain comparable data for Germany, Ecorys has collaborated with the Brandenburg Institute for Society and Security (BIGS) who have conducted a similar survey based on a common survey questionnaire design. This survey has been implemented as a follow-up round to previous surveys of companies active in the (civil) security sector in Germany undertaken by BIGS.

The survey findings described in this Background Report – and in the other accompanying country reports – aim to contribute to a better understanding the structure, size and development of the security sector in the EU. In this regard, comments and feedback on this report are welcomed. Similarly, if you are interested in obtaining more information on this report, on the overall study or, more broadly, on our work on the security sector, please contact the study team.

Study Team

 Roelof-Jan Molemaker (Director): [email protected]  Paul Baker (Associate): [email protected]

 Andreas Pauer (Consultant): [email protected]  Olga Abramczky (Consultant): [email protected]  Rachel Beerman (Consultant): [email protected]

(8)

(9)

1 Introduction

1.1 General context

In 2012, the European Commission set out for the first time its vision for an industrial policy for the security sector1,2. However, in presenting its proposals for action, the Commission acknowledged that developing a clear picture of the security sector in the EU is hampered by the absence of reliable data. To which, the Commission proposed to “develop an empirical basis on which more reliable figures on the security markets can be obtained”. Responding to the Communication, the European Economic and Social Committee (EESC)3 also placed emphasis on the need for relevant, detailed statistics looking at security sectors companies, not least, of their production, workforce and size.4

In light of the above, as part of its Security Research Programme for 20135, the European Commission set out its intention to launch a study for ‘Development of statistical data on the European Security and Technological Industrial Base’ aimed at developing statistical data that would allow to obtain a clearer picture of the technological and industrial base of the security industry in Europe. This would allow to obtain a better understanding of the strengths and weaknesses of the European security industry, as well as to better monitor the impact of R&D activities on the European security industry.

In September 2013, under the Framework Contract ENTR/09/050 the European Commission requested that Ecorys prepare a proposal for a study on the “Development of statistical Data on the European Security and Technological Base”. The subsequent proposal was approved in December 2013, with implementation of the study commencing in January 2014. The study has been divided into 2 main phases:

 Phase I covers preparatory activities leading to an ‘Implementation Plan’ for the development of statistical data on the security industry;

 Phase II will cover the implementation of the tasks and activities elaborated in the ‘Implementation Plan’ and as agreed with the Commission services.

Phase I of the study was completed and approved in November 2014. Phase II of the study is planned to be completed by the end of May 2015.

(10)

1.2 Aim of this report

The aim of this report is to provide an overview of the main patterns revealed by a survey of companies active in the (civil) security sector in Poland. The ‘Security Sector Survey for Poland’ – hereafter Ecorys SSS (Poland) – was commissioned by Ecorys and undertaken by GfK in January 2014.

The analysis in this report focuses, firstly, on providing a description of the structure of the security industry in terms of:

 supply of products and services;

 segmentation of the security market by economic sector (end users);

 segmentation of the security market by geographical region, including the share of exports;  industry structure by firm size (employment and turnover);

 growth performance and prospects;

 geographical composition of main competitors and prospects for future competition.

In addition, a second aim of the analysis is to support efforts to extrapolate survey findings to arrive at estimates of the overall size of the Polish security sector in terms of employment and turnover.

1.3 Structure of the report

The structure of the report is as follows:

 Chapter 2 provides an overview of the survey approach and outcomes;  Chapter 3 provides a descriptive analysis of the survey results;

 Chapter 4 provides an assessment of the overall size of the Polish security sector based on an extrapolation of survey results.

(11)

2 Survey overview

Note: the following information is primarily taken from the GfK ‘Methods Report’ provided to Ecorys in January 2015.

2.1 Survey implementation

Ecorys, working on behalf of the European Commission, commissioned GfK to undertake a survey - carried out via ‘Computer Aided Telephone Interviews’ (CATI) - of companies in the security industry.

2.2 Survey population

Ecorys established a list of companies that a priori are active in the security sector. The list of companies (including business addresses and contact details) was primarily collected from published lists of members of relevant business associations available from the internet, together with supplementary searches of the internet based on relevant search criteria. The address list consisted of 4,596 records, which can be considered as the target group for the study.

2.3 Coverage and response rate

A total of n = 300 completed interviews could be conducted by GfK. To achieve this net sample, GfK’s field organisation tried to contact all 4,596 companies. Details of the response rate are provided below.

Table 2.1

Total % of total

Total sample provided 4,596 100%

Survey achieved 300 7%

Sample not yet dialed 156 3%

Dialed sample still active 2,029 44%

Screening failures 204 4%

Refusals 1,298 28%

Other non-response 604 13%

Incorrect phone numbers 5 0%

Sample conversion 9

Refusal rate 81%

Response rate 7%

(12)

2.4 Survey instrument and method

All interviews were conducted via CATI (Computer Assisted Telephone Interviews). By default GfK uses an Auto-Dialing-System in order to ensure an optimal exploitation of the sample and a maximum of realised interviews. Especially in B2B surveys, this is of great importance, as it allows to identify non-existent numbers technically and to manage appointments efficiently. Furthermore the CATI survey allows to make automated plausibility checks already during the interview, e.g. by identifying typos from respondents entering unrealistic numerical values. In addition, the correct sequence of the interview was ensured via programmed filter guides. This proceeding significantly reduced the cleanup effort after the survey and maximized the number of realized interviews.

The questionnaire was developed and finally signed off by ECORYS and was programmed by GfK as CATI script. Before signing off the questionnaire it was submitted to the European Commission services for their approval.

The used questionnaire was sub-divided into the following main areas:  Screening (Company)

 Product portfolio  Market breakdown

 Company size (employment and turnover)  Growth performance prospects

 Competitors

To increase the acceptance of the survey and the willingness to answer, a letter from Ecorys and a letter of recommendation from the European Commission was provided and sent to the companies on demand. In these letters, the study and its objectives were explained and companies were requested to participate in the survey.

2.5 Field report

2.5.1 Field time

The fieldwork was conducted in the period from January 09, 2015 - January 23, 2015. In general, the interviews of this B2B-survey were done on working days only.

2.5.2 Length of interviews

The average duration of the 300 interviews in Poland was 23.1 minutes.

2.6 Data preparation and testing

The collected data was provided by GfK’s field organization to the project managers at GfK as a labelled SPSS data set. In the context of GfK´s standard quality assurance procedure a comprehensive plausibility check was made. Special attention was paid to the check whether all

(13)

3 Descriptive analysis

3.1 Security ‘threat’ categories

Respondents to the survey were requested to identify whether they offered products and/or service(s) for use in the following areas (‘threat categories’):

 Protection against criminality, terrorism or public disorder;

 Protection of critical infrastructure;

 Border protection and control;

 Preparation for or response to natural and/or man-made disasters. Note: multiple responses allowed.

Figure 3.1 shows the number of respondents that indicated being active in each area of security (‘threat categories’). More than a third (39%) of surveyed organisations supply products and services for ‘protection against criminality, terrorism and public disorder’. Slightly smaller number of organizations (36%) supply products and services for ‘protection of critical infrastructure’. By contrast, 5% of organisations are active in the supply of products and services to ‘border protection

and control’’. See Table 3.3.1 for underlying data.

Figure 3.1 Supply of products and services by 'threat category' (number of responses)

Source: Ecorys SSS (Poland)

Table 3.3.1 Supply of products and services by 'threat category'

Affirmative Share of Share of

Protection against criminality, terrorism

and public disorder 202

Protection of critical infrastructure

189 Border protection and

control 26

Natural and man-made disasters

(14)

3.2 Areas of economic activity

Respondents to the survey were requested to provide information on:

 the proportion of their activities relating to the offer of security-related products and services;

 the proportion of their security-related activities relating to the civilian (as opposed to military) sector. Note: Firms with security-related activities concerning purely the military sector are excluded from the survey.

Figure 3.2 shows a cross tabulation of the proportion of respondents business activities that relate to the supply of security-related products and services and the relative orientation of this supply between civilian and military markets. One fifth of respondents (21% of the sample) are specialised exclusively in the supply of security products and services to the civil (non-military) security area. Almost a third of respondents (35%) supply only security-related products and services, while a substantially larger proportion (60%) supply their security products and services only to the civil sector. See Table 3.3.2 for underlying data.

Figure 3.2 Composition of survey sample by area of economic activity (number of respondents)

Table 3.3.2 Composition of survey sample by area of economic activity

Share of activities related to the civilian sector

Share of security-related products and services

Total Security only (100%) Greater than 80% 60% to 79% 40% to 59% 20% to 39% Less than 20% Civilian only (100%) 20.7% 10.3% 7.0% 7.3% 4.7% 10.0% 60.0% Greater than 80% 8.7% 6.3% 3.3% 2.0% 0.7% 2.7% 23.7% 60% to 79% 3.7% 2.0% 0.7% 1.0% 1.0% 0.0% 8.3% Civilian only (100%) Greater than 80% Between 60% and 79% Between 40% and 59% Between 20% and 39%

Civilian less than 20% 0 10 20 30 40 50 60 70 Security only (100%) Greater than 80% Between 60% and 79% Between_{40% and} 59% Between_{20% and}

39% _{less than}Security 20%

(15)

Feedback from national stakeholders

The largest part of income in the Polish security industry (certainly more than 50%, maybe even 70% of income) is generated through computer security, which applies to computing devices such as computers and smartphones, as well as computer networks such as private and public networks, including the whole Internet. The linkages between the civilian security sector and the defence sector in Poland depend on the product/service offered, so these sectors are not mutually exclusive. Some of the services and products used in industries relevant to civil security have been adapted from the solutions used by the military. For example, geographic location measurement, or solutions for health monitoring, initially were used for military purposes. On the other hand, there are some services and products, which are reserved only for the military, by restricting their by concessions of the Ministry of Internal Affairs. In the case of security services, companies operating in the security and defence sector areto a large extent the same company. In the case of companies supplying products, the relation is weaker. It is unusual that the military uses the same products as for example the fire brigade. It depends on the specialization of individual companies.

3.3 Broad segmentation of security products and services

Respondents were requested to indicate the types of security products and services they offered based on the following broad categories:

 Cyber-security products and services

 Other security products

 Other security services

Note: multiple responses allowed. Where multiple categories were given, respondents were requested to indicate the most important category.

Figure 3.3 shows the number of respondents that indicate being active in each broad industry category. The most common category is ‘other security products’, with 46% of surveyed organisations indicating that they are active in this area, followed by ‘other security services’ (30%). One quarter (25%) of respondents offers ‘cyber security products and services’.

Allowing for the fact that respondents may be active in more than one broad industry category, Figure 3.4 shows the composition of the sample according to the scope of broad industry categories where they are active and, where relevant, their most important category. Almost three-quarters (74%) of respondents are active only in one segment. Thereby, more than a third (36%) of organisations are active exclusively in area of ‘other’ security products, nearly one quarter (20%) of organisations are active only in the area of ‘other’ security services, and a further 18% of respondents being active solely in cyber security. The remaining one quarter of respondents are active in more than one industry category. See Table 3.3.3 for underlying data.

(16)

Figure 3.3 Supply of products and services by 'broad industry category' (number of responses)

Figure 3.4 Composition of the sample by scope of 'broad industry categories' offered.

Cyber-security products and services

97

Other security products 181 Other security services

117

0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% 35.0% 40.0% Cyber security and other security services

All categories Cyber security and other security products Other security products and other security services Cyber security only Other security services only Other security products only

Cyber-security products and services (main) Other security products (main) Other security services (main) n=299

(17)

Table 3.3.3 Composition of survey sample by broad industry categories (% of respondents)

Main broad industry category

Total Cyber-security products and services Other security products Other security services

Cyber security only 18.1% 18.1%

Other security products only 36.1% 36.1%

Other security services only 20.1% 20.1%

Cyber security and other security products

2.3% 4.3% 6.7%

Cyber security and other security services

0.3% 1.3% 1.7%

Other security products and other security services

2.3% 9.4% 11.7%

All categories 1.3% 2.3% 2.0% 5.7%

Total 22.1% 45.2% 32.8% 100.0%

3.4 Cyber security

3.4.1 Cyber security products and services

Respondents that indicated that they offer IT/cyber security products and services were requested to indicate the types of products and services offered (see Annex A.1 for the segmentation of security products and services).

Note: multiple responses allowed. Where multiple categories were given, respondents were requested to indicate the three most important categories (using a ranking of most important category to 3rd most important category).

Figure 3.5 shows the number of respondents offering different categories of IT/cyber security products and services, while Figure 3.6 further breakdowns this information according to whether respondents identify the category among the most important products or services offered. The most common products and services offered by IT/cyber security companies include ‘hardware security

solutions’ (82% of respondents), ‘system integration and implementation services’ (74% of respondents), ‘management and operations services’ (71% of respondents) and ‘identity and

(18)

Figure 3.5 Cyber-security products and services (number of respondents)

The respondents’ ranking of their main (most important) products and services, confirms the importance of ‘hardware security solutions’, ‘system integration and implementation services’ and ‘identity and access management solutions’, which are most often offered IT/cyber security products and services in Poland. By way of contrast, the ‘management and operations services’ are the third biggest type of activities offered by the cyber security companies, however only 5% of respondents ranked them as most important.

Hardware security solutions

80

System integration and implementation services

72

Management and operations services

69

Identity and access management solutions

67 Security training services,

54 Infrastructure (network)

security solutions, 54 Data security solutions,

50

Governance, vulnerability and cyber-security management systems, 49

Audit, planning and advisory services, 44

Applications security solutions, 30

Other/not-specified services, 1

(19)

Figure 3.6 Cyber security products and services (% of repondents)

3.4.2 Cyber/IT business activities

Respondents that indicated that they offer IT/cyber security products and services were requested to indicate the types of business activities that they engage in.

Note: multiple responses allowed. Where multiple activities were given, respondents were requested to indicate the three most important activities (using a ranking of most important activity to 3rd most important activity).

Figure 3.7 and Figure 3.8 show respectively the number of respondents indicating that they engage in different categories of cyber security business activities and the breakdown according to their ranking of the importance of different activities. The most frequently cited activities are ‘maintenance and service’ (91% of respondents), ‘installation and post-production integration’ (89% of respondents) and ‘test and inspection’ (85% of respondents). Taking account of respondents’ ranking of their main (most important) cyber security activities, a slightly different picture emerges. For example, altrough only 62% indicate that they offer ‘manufacturing and assembly’, this category is the most frequently cited by respondents’ as their most important cyber security business activities. By way of contrast, ‘test and inspection’ are offered by 83% of respondents but represent the most important cyber security activities only for 4% of companies offering IT business activities.

0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% 90.0% Hardware security solutions

System integration and implementation services Infrastructure (network) security solutions Identity and access management solutions Governance, vulnerability and cyber-security management

systems

Data security solutions Management and operations services Security training services Audit, planning and advisory services Applications security solutions Other/not-specified products Other/not-specified services

Most important category 2nd most important category 3rd most important category Not in top 3 n=97

(20)

Figure 3.7 Cyber security business activities (number of respondents)

Figure 3.8 Cyber security business activities (% of respondents)

Maintenance and service 88

Installation and post-production integration

86

Test and inspection 83

Distribution activities 77 System integration

(sub-systems), 67 Manufacturing and assembly, 61 Monitoring, management and outsourcing, 50 Design and engineering,

46

Software development and programming, 23

Research and

development, 12 Other / not-specified, 1

0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% 90.0% 100.0% Manufacturing and assembly

Distribution activities Installation and post-production integration Maintenance and service System integration (sub-systems) Monitoring, management and outsourcing Design and engineering Test and inspection Research and development Software development and programming Other / not-specified

(21)

The presented structure of the cyber security sector results from the lack of legal regulations on the national level, which would support SMEs in this sector. However, there exist regulations (especially on the EU level) that impel certain activities related to cyber security, e.g.:

• The Act on the Protection of Personal Data; • The Act on the Protection of Classified Information; • Legal regulations on interoperability.

The big share of products and services in the field of cyber security can be explained by the dynamic development of this field in Poland in the last years, which was influenced by the increased risk of cyber-attacks. Cyber security in form of e.g. security of customers' personal data plays nowadays an important role for many companies.

3.5 ‘Other’ security product providers

3.5.1 ‘Other’ security products

Respondents that indicated that they offer ‘other’ security products were requested to indicate the types of products offered (see Annex A.1 for the segmentation of security products and services).

Figure 3.9 shows the number of respondents offering different categories of other security products, while Figure 3.10 further breakdowns this information according to whether respondents identify the category among the most important products offered. The most important product categories are ‘fire detection, alarm and suppression’ (66% of respondents), ‘intruder detection and alarm’ (64% of respondents), ‘identification and authentication (including electronic access control)’ (54% of respondents), and ‘mechanical access control, barriers, enclosures etc.’ (48% of respondents). The most frequently cited as the main (most important) product category is ‘intruder detection and

alarm’ (25% of respondents). The next most frequently cited main (most important) product

categories are ‘fire detection, alarm and suppression’’ (19% of respondents) and ‘protected

specialised clothing’ (accounting for 17% of respondents). By way of contrast, ‘identification and

authentication (including electronic access control’ was only indicated as the main (most important)

(22)

Figure 3.9 ‘Other’ security products (number of respondents)

Figure 3.10 ‘Other’ security products (% of respondents)

Fire detection, alarm and suppression

120

Intruder detection and alarm

116

Identification and authentication (incl. electronic access control)

98

Mechanical access control, barriers, enclosures etc.

87 Local area observation (incl.

video / CCTV surveillance), 80 Other equipment and

supplies, 65 Communication equipment

and systems, 60 Detection and screening, 53 Protective and specialised

clothing, 48 Tracking and tracing; positioning and localisation,

38

Command and control and decision support systems, 28

Wide area observation and surveillance, 21

Intelligence and information gathering systems, 20

Vehicles and platforms, 17 Other, 2

0% 10% 20% 30% 40% 50% 60% 70%

Intruder detection and alarm Fire detection, alarm and suppression Protective and specialised clothing Mechanical access control, barriers, enclosures

etc.

Local area observation (incl. video / CCTV surveillance) Other equipment and supplies Identification and authentication (incl. electronic

access control)

Tracking and tracing; positioning and localisation Communication equipment and systems Detection and screening Intelligence and information gathering systems Vehicles and platforms Command and control and decision support

systems

Wide area observation and surveillance Other

(23)

3.5.2 ‘Other’ security products business activities

Respondents that indicated that they offer ‘other’ security products were requested to indicate the types of business activities that they engage in.

Note: multiple responses allowed. Where multiple activities were given, respondents were requested to indicate the three most important activities (using a ranking of most important activity to 3rd most important activity).

Figure 3.11 shows that for respondents offering ‘other’ security products the most common business activities are ‘maintenance and servicing’ (77% of respondents), ‘wholesale or retail

distribution’ (77% of respondents), ‘test and inspection’ (71% of respondents), and ‘installation’

(64% of respondents). The most important business activities include ‘wholesale or retail

distribution’ (35% of respondents), followed by ‘installation’ (21% of respondents) and by

‘manufacturing and assembly’ (16% of respondents). This is followed by ‘monitoring services’ and ‘maintenance and servicing’ with both 8% of respondents. Thereby, ‘research and development’ are the most important business activities only for 1% of companies.

Figure 3.11 ‘Other’ security products business activities (number of respondents)

Maintenance and servicing 138 Wholesale or retail distribution 138

Test and inspection 128 Installation 116 Integration, 77 Manufacturing and assembly, 77 Design and engineering,

55

Monitoring services, 52

Research and

(24)

Figure 3.12 ‘Other’ security products business activities (% of respondents)

The categories of ‘other’ security products named in the survey are in line with the most important products offered on the Polish market. The demand for ‘other’ security products is due to the fact that legal regulations enforce the provision of fire protection. Demand for alarms is also associated with insurance issues (most insurance companies offer big discounts or favourable insurance rates for apartments or houses with installed alarm systems).

3.6 ‘Other’ security service providers

3.6.1 ‘Other’ security services

Respondents that indicated that they offer ‘other’ security services were requested to indicate the types of services offered (see Annex A.1 for the segmentation of security products and services.

Figure 3.13 shows the number of respondents offering different categories of ‘other’ security services while Figure 3.14 further breaks down this information according to whether respondents identify the category among the most important services offered. The most common service category is ‘security consulting and advisory services’ and ‘guarding and manning’, both indicated by half of respondents as their most important ‘other’ service. These are followed by ‘remote

0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% 90.0% Wholesale or retail distribution

Installation Manufacturing and assembly Monitoring services Maintenance and servicing Design and engineering Integration Test and inspection Research and development Other

(25)

Figure 3.13 ‘Other’ security services (number of respondents)

Figure 3.14 ‘Other’ security services (% of respondents)

Security consulting and advisory services

59

Guarding and manning 59

Remote monitoring 54 Security training services

52 Security of persons, 48

Research (socio-economic and other), 17

Research (technological/technical), 15 Detective and investigation, 15 Other manpower-based services, 5 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0%

Guarding and manning Remote monitoring Security consulting and advisory services Security training services Security of persons Research (socio-economic and other) Detective and investigation Research (technological/technical) Other manpower-based services Other services

(26)

The categories of ‘other’ security services named in the survey reflect the most important services offered on the Polish market. However, it has been suggested that the size of categories ‘security of persons’ as well as ‘guarding and manning’ might be underestimated, as there are many one person companies active in these fields.

The presented structure is driven by the changes in the market and the development of modern technologies. Today, society is based on the exchange of information, which determines the demand for security services. Moreover, the EU requires outsourcing, which includes services related to the security.

3.7 Security market by economic sector (end-user)

3.7.1 Overall – all products and services

Respondents to the survey were requested to indicate from which market segments (sectors) their customers come from (see Annex A.2) for the segmentation of the security market).

Note: multiple responses allowed. Where multiple segments were given, respondents were requested to indicate the three most important segments (using a ranking of most important category to 3rd most important category).

Figure 3.15 shows the number of respondents indicating having customers from each of the market segments. The most frequently cited market segment are ‘private individuals and households’ and

‘construction’, which both were identified by 205 respondents, amounting to one-fifth of respondents that answered this question. The next most frequently mentioned market segments are ‘hotels,

restaurants and leisure’, ‘public administration’, ‘health and education’, ‘wholesale and retail’, and ‘manufacturing’, each mentioned by about 68% of respondents.

Figure 3.16 provides a further breakdown, taking into account respondents’ ranking of the importance of different market segments. The sector most frequently cited by as being the most important market segment are ‘private individuals and households’ (21% of respondents indicate it

as the most important customer segment), followed by ‘manufacturing’ (14% of respondents’ most important customer segment).

(27)

Figure 3.15 Market segmentation (number of respondents)

Figure 3.16 Market segmentation (% of respondents)

Private individuals and households

205

Construction 205

Hotels, restaurants and leisure

196

Public administrations 195

Health and education, 193 Wholesale and retail

distribution, 191 Manufacturing, 190

Transport, 122 Public security service

providers, 115 Financial services, 97 Defence, 94 Primary sectors, 92 Real estate and property

management, 90 Energy and water, 90 Other security services,

71

Communications and information services, 70

Other security industry, 67

Cyber security industry, 65

Other market services, 48 Other, 5

Private individuals and households Manufacturing Public security service providers Construction Public administrations Defence Other security industry Cyber security industry Health and education Real estate and property management Other security services Financial services Transport Other market services Wholesale and retail distribution Hotels, restaurants and leisure Communications and information services Primary sectors Energy and water

(28)

3.7.2 Breakdown by main broad category of security products and services

To examine differences in customer base for different broad categories of security products and services, respondents can be categorised according to their main broad industry category (see Section 3.3). For respondents whose main (most important) security business relates to the offer of cyber-security products and services, Figure 3.17 shows the share of respondents with customers in each market segment (with the breakdown according to their ranking of the importance of the segment); Figure 3.18 and Figure 3.19 show, respectively, the corresponding data for ‘other’ security products and ‘other’ security services.

Cyber-security products and services

As shown in Figure 3.17, more than three-quarters of respondents whose main security-related activities are in the area of cyber-security indicate having customers in the ‘private individuals and

households’ sector and approximately 26% indicate ‘private individuals and households’ as their most important market segment. The second most frequently identified market segment is ‘hotels,

restaurants and leisure’, which was indicated by 70% of respondents, however, only 6% of companies have rated it as the most important category for their business. Therefore, taking into account responses on the most important customer segment, ‘cyber security industry’ and ‘manufacturing’ are the second most frequently cited ‘most important’ customer segments (each accounting for 13% of respondents).

‘Other’ security products

As shown in Figure 3.18, the most frequently mentioned market segments for suppliers of ‘other’ security products are ‘construction’ (71% of respondents) and ‘private individuals and households’ (69% of respondents), followed by ‘wholesale and retail distruibution’ (68% of respondents). In terms of the most important market segment, ‘private individuals and households’ is ranked first with 24% of respondents having indicated it as the most important customer segment, followed by ‘manufacturing’, identified as the most important market segment by 15% of respondents. By contrast, while ‘construction’ is the most frequently mentioned market sector by providers of ‘other’ security services, it is only considered the main (most important) customer segment by 4% of respondents.

‘Other’ security services

As shown in Figure 3.19, the most frequently mentioned market sectors for respondents whose main security activities relate to the supply of ‘other’ security services are ‘manufacturing’ (74% of respondents), ‘construction’ (73% of respondents), followed by ‘public administrators’ (69% of respondents) and ‘health and education’ (68% of respondents). As with cyber-security products and services, the most frequently identified main (most important) customer segment is ‘private

individuals and households’, identified by 14% of respondents, followed by ‘manufacturing’ (13% of

respondents). Buy contrast, while ‘hotels, restaurants and leisure’ as well as ‘wholesale and retail

distribution’ are one of the most frequently mentioned market sectors by providers of ‘other’ security

services, they are only considered the main (most important) customer segments by respectively 3% and 2% of respondents.

(29)

Figure 3.17 Market segmentation - cyber security (% of respondents)

Figure 3.18 Market segmentation - other security products (% of respondents)

0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% 90.0% Private individuals and households

Cyber security industry Manufacturing Public security service providers Construction Primary sectors Defence Transport Wholesale and retail distribution Hotels, restaurants and leisure Public administrations Health and education Energy and water Other market services Communications and information services Real estate and property management Other security services Financial services Other security industry Other

0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% Private individuals and households

Manufacturing Public security service providers Defence Public administrations Other security services Other security industry Construction Real estate and property management Health and education Financial services Wholesale and retail distribution Communications and information services Hotels, restaurants and leisure Other market services Transport Energy and water Cyber security industry Primary sectors Other

(30)

Figure 3.19 Market segmentation - other security services (% of respondents)

3.8 Security market by geographical region

Respondents to the survey were requested to indicate the geographical markets in which they sell their security products and services using the following classification:

Local/regional markets (i.e. sub-national level); EU Member States

Outside the EU.

In addition, respondents were requested to indicate (approximately) the share of each geographical market in the total sales of security products and services.

3.8.1 Geographical markets – all products and services

Overall, as show in Figure 3.20, 87% of respondents indicate that they supply products and services only on the domestic market, of which 39% are active only at a regional level. Of the remaining 13% of respondents that also market their products and services internationally, the majority (11% of respondents) indicate that they export only to the EU. With regard to the importance of international markets, Figure 3.21 indicates that 10% of respondents market their products and services internationally, but with exports representing less than 25 percent of sales.

0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% Private individuals and households

Manufacturing Public security service providers Public administrations Construction Other security industry Health and education Financial services Transport Defence Other market services Hotels, restaurants and leisure Real estate and property management Cyber security industry Communications and information services Wholesale and retail distribution Energy and water Other security services Primary sectors Other

(31)

Figure 3.20 Geographical market for security products and services (number and % of respondents)

Figure 3.21 Share of international markets in total sales of security products and services (number and % of respondents)

Domestic: regional only, 119, 39%

Domestic: regional and national, 53, 18% Domestic: national, 89, 30% International: EU export only, 32, 11% International: EU and

extra-EU export, 6, 2% International: extra-EU _{export only, 1, 0%}

Domestic only (no exports), 262, 87% Export share: >0%,

<25%, 28, 10%

Export share: >=25%, <75%, 9, 3%

Export share: unknown or not declared, 1, 0%

(32)

To examine differences in geographical customer base for different broad categories of security products and services, respondents can be categorised according to their main broad industry category (see Section 3.3).

Figure 3.22 combines information on the geographical coverage (within country) and export share for respondents whose main security-related activities are in the area of cyber-security products and services, and similarly, Figure 3.23 and Figure 3.24 provide this breakdown for respondents whose main security-related activities are in the area of ‘other’ security products and ‘other’ security services, respectively. Comparing across the three figures, the greatest outward orientation is observed among suppliers of cyber security products and services compared to suppliers of ‘other’ security products and ‘other’ security services. Less than one-fifth of respondents whose main activity relates to the supply of cyber security products and services are active in international markets (18%) compared to 16% of respondents whose main activity is in the supply of ‘other’ security products, and only 4% of respondents whose main activity is in the supply of ‘other’ security services. On the other hand, only 2% of cyber security products and services suppliers indicate having export shares of more than 50%, compared to 4% of ‘other’ security products suppliers and 1% ‘other’ services suppliers.

Figure 3.22 Cyber security products and services: geographical market and share of international markets in total sales of security products (number and % of respondents)

Domestic: regional and national, 10, 15% Domestic: national, 21, 32% Export share: >0%, <25%, 10, 15% Export share: >=25%, <50%, 1, 1% Export share: >=50%, <75%, 1, 2%

(33)

Figure 3.23 'Other' security products: geographical market and share of international markets in total sales of security products (number and % of respondents)

Figure 3.24 'Other' security services: geographical market and share of international markets in total sales of security products (number and % of respondents)

Domestic: regional and national, 24, 18% Domestic: national, 40, 30% Export share: >0%, <25%, 15, 11% Export share: >=50%, <75%, 4, 3%

Export share: >=75%, 1, 1% Export share: unknown or not declared, 1, 1%

Domestic: regional and national, 19, 19% Domestic: national, 28, 29% Export share: >0%, <25%, 2, 2% Export share: >=25%, <50%, 1, 1% Export share: >=75%, 1, 1%

(34)

The main reasons for the rather low exports of cyber security products and services, ‘other’ security products and services to foreign markets are the lack of support from the state and the small size of companies.

Many security products and services in Poland are imported from abroad (China, USA,Germany, France and Israel). These countries are at the same time Poland’s biggest competitors. A particular threat to polish security market is the increasing amount of products coming from China. Still, Poland can compete with foreign products in terms of quality of offered security products and services.

Exporting products and services abroad is problematic for security companies in Poland, because they do not have sufficient experience in exporting and face difficulties in building business networks with enterprises in the importing country.

3.9 Firm structure: employment and turnover

Respondents to the survey were requested to indicate the number of employees in their company, with a distinction made between:

- Total number of employees (in Poland and abroad); - Employees in Poland;

- Employees in Poland working in the field of security.

In addition, respondents were requested to indicate their company’s turnover from the sale of security products and services.

3.9.1 Employment

Figure 3.25 shows the distribution of respondents according to their number of employees. With respect to the number of employees in Poland working in the field of security, the most frequent employee size category is 0 zero employees, what suggest that 39% of respondents are self-employed and do not employ any other people. The most frequent employee size category for ‘total number of employees’ and ‘employees in Poland’ is ’1 to 4 employees’, which is also the second most frequently cited employee size category for Poland-security employees (26% of respondents). Analysis of differences in responses on total number of employees and number of employees in Poland indicates that the Polish security activities are taking place to a high extend in Poland and not abroad.

Categorising respondents according to their main broad industry category (see Section 3.3), Figure 3.26 shows the distribution of respondents by employee size class. The data indicate that the proportion of respondents in the top employment size classes (cf. ’50 to 249’, ‘250 to 999

employees’ and ‘1000 or more employees’) is highest for those respondents whose main (most

important) security business concerns the offer of ‘other’ security services. By contrast, respondents whose main security business concerns the offer of cyber security products and services as well as ‘other’ security products providers have the highest proportion of companies in the lower employment size classes (cf. ’zero’, ‘1 to 4 employees’).

(35)

The size of the employment in security industry in Poland varies between 30’000 and 800’000 workplaces. Based on an interview, in terms of employment, including all government agencies, businesses and uniformed services, security sector in Poland provides about 750’000 to 800’000 workplaces. However, according to another interviewee the security sector in Poland can be estimated at around 30’000 workplaces, while the defence sector accounts for 15’000 workplaces.

Security sector in Poland consist mainly of SMEs. This is due to the specific nature of services they provide. Such services are short-term activities with no continuity of projects. In Poland, companies with more than 10 employees are classified as big companies, compared with Germany, where the smallest companies have about 10 permanent staff.

It has been suggested that big companies (like WB Electronics) might have not been taken into account in the survey, with the reasoning that companies providing security products on the Polish market must have sufficient number of employees and resources to win contracts for the supply of products/services. However, while analysing the areas of expertise of WB Electronics, it turned out that this big company specialises rather on military solutions than ‘civil’ security products.

3.9.2 Turnover

Figure 3.27 shows the distribution of respondents according to turnover from the sale of security products and services. The most frequently cited turnover was ‘below € 250 thousand’, which was indicated by more than half of respondents (61%) that provided information on the their turnover. The highest stated turnover was ‘€ 10 million to € 25 million’, which however was stated only by 1% of respondents.

Categorising respondents based on their main broad industry category (see Section 3.3), similarly to employment, Figure 3.28 indicates that cyber-security companies from all industry categories are prevalent at the bottom of the turnover scale (cf.’below € 250 thousands’), with 79% of the respondents whose main security business relates to cyber security products and services, 73% of the companies offering ‘other’ security products, and 61% of companies providing ‘other’ security services.

Figure 3.25 Firm size based on number of employees (number of respondents)

118 78 35 40 20 40 60 80 100 120 140

(36)

Figure 3.26 Distribution of number of employees in Poland working in security by main broad industry category (% of respondents in broad industry category)

Figure 3.27 Firm size based on turnover from sales of security products and services (number of respondents)

Source: Ecorys SSS (Poland) 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%

All respondents Cyber security Other security products Other security services

183 36 20 15 1 4 0 0 0 0 41 0 20 40 60 80 100 120 140 160 180 200

(37)

Figure 3.28 Distribution of turnover from sales of security products and services by main broad industry category (% of respondents in broad industry category, excluding no answer / don't know)

Manufacturers of fire systems (e.g. AAT company), manufacturers of machine vision systems (e.g. CCTV cameras etc.), as well as companies involved in the integration of various systems (both software and hardware systems) are in the forefront of the Polish security market.

It was pointed out that Polish security market is spoilt by many companies active in the field of security monitoring and private detectives, who are cheap, but do not fulfil the required standards. After some deregulation of economic activity taking place in 1988, there was an increase of private detective and property protection services. This development was influenced by high crime rates in the 80s and rapid income increase of a part of the society.

3.10 Growth performance and prospects

Respondents to the survey were requested to indicate the growth in their turnover from the supply of security products and services over the last 5 years and their expectations for growth in turnover for the next 5 years. In addition, respondents were requested to indicate their expectations for the development of demand for security products and services in the foreseeable future for different broad customer groups (cf. public sector, critical infrastructure sectors, business sector, and private individuals and households) and by geographical area (cf. national market, Europe, outside Europe).

0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0%

(38)

Moreover, growth in the cyber security area has been stronger than for ‘other’ security products and ‘other’ security services; for example, 29% of respondents whose main security activities are in the area of cyber security report growth between 3% and 10% (i.e. ‘increased by between 3% and

10%’), compared to only 21% and 14% of respondents whose main business is in the area of ‘other’ security products and ‘other’ security services, respectively.6

At the other end of the growth distribution, 7% of respondents whose main area of business is in the supply of ‘other’ security products and 8% of respondents who provide ‘other’ security services reported negative growth by more than 25% in the last 5 years.

3.10.2 Future turnover growth prospects

Respondents offer a moderately positive outlook for turnover growth for the next 5 years, as shown in Figure 3.31 and Figure 3.32. Overall, a total of 39% of respondents7 indicate that they expect turnover to remain the same (i.e. is ‘remained more or less the same [+/- 2%]’) over the next 5 years and a further 54% expecting turnover to increase (i.e. ‘increase by between 3% and 10%’, ‘increase by between 11% and 25%’, ‘increase by more than 25%’). Only 7% of respondents expect their turnover from the supply of security products and services to decline over the coming 5 years.

At the same time, there appears to be a positive outlook for cyber security. In fact, a comparison of responses on past turnover performance and future turnover expectations shows that among respondents whose main security business relates to cyber security, 63% of respondents expect future turnover growth to exceed that of the past 5 years and only 9% expect it to decrease.8 The corresponding percentages for ‘other’ security products are 52% and 6% respectively. Among companies providing ‘other’ security services 50% of respondents expect future turnover growth to exceed that of the past 5 years and 7% expect it to decrease.

Figure 3.29 Turnover growth over past 5 years (number of respondents)

41 38 53 70 18 23 15 42 0 10 20 30 40 50 60 70 80

(39)

Figure 3.30 Distribution of turnover growth by main broad industry category (% of respondents in broad industry category, excluding no answer / don't know)

Figure 3.31 Turnover growth expectation for next 5 years (number of respondents)

Source: Ecorys SSS (Poland) 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% 35.0%

All respondents Cyber security Other security products Other security services

32 45 63 101 7 7 4 41 0 20 40 60 80 100 120

(40)

Figure 3.32 Distribution of turnover growth expectations for next 5 years by main broad industry category (% of respondents in broad industry category, excluding no answer / don't know)

3.10.3 Future demand prospects by broad customer group and geographical area

Respondents offer a positive outlook for future demand prospects for security products and services in terms of expected geographical distribution, with more than 70% of respondents indicating that they expect positive growth in demand across all geographical regions; see Figure 3.33.9 Overall, demand expectations appear to be strongest for markets in Europe (i.e. ‘Europe’) and weakest for the domestic market (i.e. ‘national market as a whole’). At the same time, looking at the balance of expectations for different customer groups, the strongest positive expectations are for the ‘business sector’ (i.e. private industry and services) (64% of respondents overall) and weakest for ‘private individuals and households’ (50% of respondents overall) expecting positive growth in demand among this customer group.

Figure 3.34 and Figure 3.35 provide a breakdown based on respondents main broad industry category (see Section 3.3). As with turnover growth expectations (overall, not taking account of future growth expectations relative to past growth performance), respondents whose main security activities are in the area of cyber-security have (on balance) the strongest positive expectations for future demand growth across all geographical areas and all broad customer groups. Although it is necessary to be cautious in interpreting findings for respondents in the area of cyber-security due to the small sample for this question, it nevertheless appears that cyber-security respondents have (on balance) a relatively positive outlook on future demand prospects. The patterns of demand growth expectations for ‘other’ security products and ‘other’ security services are very similar across broad customer groups, but there appear to be stronger expectations for future growth on the European and international markets for respondents whose main activities are in ‘other’ security

0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% 35.0% 40.0% 45.0%

(41)

Figure 3.33 Distribution of demand growth expectations by customer groups and geographical area (% of respondents, excluding no answer / don't know)

Figure 3.34 Distribution of demand growth expectations by customer groups and by main broad industry category (% of respondents, excluding no answer / don't know)

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Public sector

Critical infrastructure sectors

Business sector

Private individuals and households

National market as a whole

Europe

Outside Europe

Increase strongly Increase slightly Stay roughly the same Decrease slightly Decrease strongly

Cyber security Public sector Critical infrastructure sectors Business sector Private individuals and… Other security products

Public sector Critical infrastructure sectors Business sector Private individuals and… Other security services

Public sector Critical infrastructure sectors Business sector Private individuals and…

Cyber security

Other security products

(42)

Figure 3.35 Distribution of demand growth expectations by geographical area and by main broad industry category (% of respondents, excluding no answer / don't know)

Feedback from national stakeholders Key drivers to industry development

Companies in security industry in Poland are characterized by a highly skilled and experienced staff and are an important factor for the development of the security sector in Poland.

Currently there are not many security associations and confederations in Poland, who would act on behalf of small businesses and organize them, thus increasing the "visibility" of security firms on the market. Increasing the number of security associations and confederations is important for the future development of the security sector in Poland. In addition, association should be authorized to certify small businesses. Certification of small businesses would raise their competitiveness - the company would have necessary certificate to compete with other companies and enter new markets. This could be a second, in addition to low prices, factor representing the competitiveness of SMEs in the Polish security sector.

Key barriers to industry development

One of the key barriers for the development of security industry in Poland is the current legislation, which does not provide sufficient support for SMEs in the security sector. Due to current regulations, it is difficult for SMEs to export abroad. In addition, Poland has a rather restrictive fiscal policy, which imposes high economic obligations on businesses and makes it burdensome to set up new companies.

Maintenance costs and customer retention costs for a company in the security sector are very high. In addition, SMEs do not have the resources for marketing activities.

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Cyber security National market as a whole Europe Outside Europe Other security products National market as a whole Europe Outside Europe Other security services National market as a whole Europe Outside Europe

Increase strongly Increase slightly Stay roughly the same Decrease slightly Decrease strongly

Cyber security

Other security services Other security products

(43)

3.11 Competitors

Respondents to the survey were requested to indicate the geographical region from which their main competitors come from, using the following classification: Local/regional area (i.e. sub-national level); National area (i.e. from within the country as a whole); European countries (EU and non-EU); Outside of Europe. In addition, where respondents indicated that they faced competition from companies from a particular geographical region they were requested to indicate their expectations for development of competition from that geographical region in the future (i.e., over the next 5 years).

3.11.1 Geographical origin of main competitors – all products and services

Overall, as show in Figure 3.36, approximately 80% of respondents indicate that their main competitors come from within the domestic sector only, of which 38% indicate that their main competitors are only at a local (sub-national) level (i.e. ‘Domestic: regional only’) and 31% state that their main competitors are at national level (i.e. ‘Domestic: national’). Only 16% of respondents indicate that their main competitors come from both the domestic sector and from abroad (i.e. ‘Domestic and international’ sub-categories), while only 4% of companies indicate that their main competitors come exclusively from abroad.

Figure 3.36 Geographical origin of main competitors (number and % of respondents, excluding no answer / don't

knows)

Figure 3.37, Figure 3.38 and Figure 3.39 provide a breakdown of main competitors for, respectively, Domestic: regional only, 114,

38%

Domestic: regional and national, 33, 11% Domestic: national, 93, 31%

Domestic & International, 49, 16%

Study on the development of statistical data on the European security technological and industrial base

Study on the development of

statistical data on the European

security technological and industrial

base

Security Sector Survey Analysis: Poland

Client: European Commission DG Migration and Home Affairs

Study on the development of

statistical data on the European

security technological and

industrial base

Security Sector Survey Analysis: Poland

Client: European Commission DG Migration and Home Affairs

About Ecorys

Table of contents

Preface

1 Introduction

1.1

General context

1.2

Aim of this report

1.3

Structure of the report

2 Survey overview

2.1

Survey implementation

2.2

Survey population

2.3

Coverage and response rate

2.4

Survey instrument and method

2.5

Field report

2.6

Data preparation and testing

3 Descriptive analysis

3.1

Security ‘threat’ categories

3.2

Areas of economic activity

3.3

Broad segmentation of security products and services

3.4

Cyber security

3.5

‘Other’ security product providers

3.6

‘Other’ security service providers

3.7

Security market by economic sector (end-user)

3.8

Security market by geographical region

3.9

Firm structure: employment and turnover

3.10 Growth performance and prospects

3.11 Competitors