Key Findings in Deloitte's Analysis of the Cyber and Information Security Market in Aarhus and East Jutland

Deloitte conducted an analysis of the cyber and information security market in Aarhus and East Jutland during the period of January to February 2023, including an assessment of:

  1. Market potentials and the significance of a Security Tech Space.

  2. A close, systematic collaboration between public and private stakeholders.

  3. Educational and research institutions.

Here, you can read the 8 main findings in the report, which you can also download from this page:

#1 Legislation and regulation will drive significant demand – and thus the development of a significant business potential with major international ambitions.

New legislation and regulation will lead Danish companies to demand services and competencies in cyber and information security. This includes the recently adopted NIS2 directive, which imposes stricter requirements on the security level of public and private entities providing critical services to society.

According to the Industry Foundation and the Danish Industry's recent assessment, it is expected that around 1,079 companies in Denmark will be directly affected by the NIS2 directive, of which approximately 230 are located in the Central Jutland region. According to the EU Commission, the directive will result in increased investments in cybersecurity by the target companies, ranging from 20 to 30 percent compared to the current level. The analysis firm IDC estimates that this corresponds to a total investment of approximately DKK 448 million nationwide.

Deloitte's Cyber Survey 2023 shows that cyber and information security has increasingly become a priority for boards of directors. At the same time, the conflict in Ukraine has underscored the need to strengthen the resilience of companies worldwide, especially in the Western world and Europe.

#2 The IT industry in Aarhus is experiencing significant growth and is competitive.

According to Deloitte's report, it appears that Aarhus has made significant strides in the field of IT and technological products and services in recent years, experiencing greater growth than Aalborg, Odense, and Copenhagen from 2016 to 2021.

The explanations for this growth can be attributed, according to several informants, to a more dynamic and innovative IT cluster in Aarhus, as well as the city's close collaboration between businesses, educational institutions, and public entities.

#3 Aarhus University is a significant asset for the East Jutland position in cyber and information security.

Companies expect to invest in services and talent to keep up with the development and increasing complexity of cyberattacks. In this context, universities, particularly Aarhus University, play a crucial role as suppliers of talent to businesses. Several interviewed companies offering products and services in cyber and information security explicitly emphasize the positive impact of Aarhus University on their business opportunities.

Furthermore, data from Computer Science Rankings indicates that Aarhus University also holds a relative position of strength compared to other universities. In terms of publications – and thus research – Aarhus University ranks first in Denmark and is among the highest-ranked globally. Additionally, the Department of Computer Science at Aarhus University is among the top three in the world in cryptography.

Aarhus University's reputation also contributes to attracting investments to the region and fosters an innovative environment.

#4 The ecosystem to further develop and innovate the East Jutland position is in place.

Aarhus Municipality has taken the initial steps toward more formalized cooperation between the research world and both private and public companies regarding the cyber and information security agenda by establishing a Consortium for Cyber and Information Security.

The Consortium includes representatives from the entire ecosystem of private companies, emergency response, interest organizations, incubators, etc. The partnership culture is characterized as collaborative and helpful, and several informants believe that the Consortium and more committed cooperation within the framework of a Security Tech Space have good potential for success.

#5 Collaborative efforts with clear goals and municipal involvement are essential for success.

Cyber and information security require interdisciplinary competencies that need to be combined across various fields, blending theory with practice. A formalized collaboration around a Security Tech Space can support this, making a Security Tech Space an important initiative for achieving the ambitions in the field of cyber and information security in Aarhus and East Jutland.

A crucial factor for the success of both the Consortium's collaboration and a Security Tech Space, according to several informants, is the commitment and facilitation by Aarhus Municipality and the mayor. Moreover, a consistent message is that success depends on setting clear goals and initiatives for collaboration, which must have a binding character.

#6 An independent Security Tech Space as a catalyst for action.

A central conclusion in Deloitte's analysis is that there is a willingness to collaborate on the agenda, but there is a need for an entity that takes control and drives development. This entity can be a Security Tech Space, backed by funding and a broad mandate from the entire ecosystem, serving as a catalyst for action. This requires that a Security Tech Space operates as an independent entity. Deloitte recommends that the Security Tech Space is affiliated with a research and/or innovation environment and has a director and a board with representatives from the broad stakeholder landscape at the helm.

#7 A Security Tech Space should focus on three specific needs related to realizing market potentials.

The analysis uncovers three overarching and partly interconnected focus areas for a Security Tech Space:

  • A Security Tech Space should include an innovation laboratory that spans across actors in the entire ecosystem with the purpose of developing sustainable solutions and business models that meet the needs and demands of the market.
  • A Security Tech Space should support market matching in multiple ways and for multiple purposes. One purpose is to make the innovation process from idea to market as fast and efficient as possible. This can be achieved by acting as a link between researchers, startups, micro-enterprises, investors, and partners who can help realize market potentials through capital, commercial strategy, and growth. Another purpose is to support market matching between students and companies.
  • A Security Tech Space should be a knowledge and advisory center, particularly in advising companies on matters related to cyber and information security, 24/7 – every day of the week.

#8 Aarhus and East Jutland should establish a narrative based on the region's comparative strengths in cyber and information security.

To complement ongoing initiatives and realize market potentials in this regard, Aarhus and East Jutland should focus on areas where they have relatively significant market advantages and/or where there is an unmet market need.

Three core elements should be highlighted in this context:

  • The availability of a skilled workforce in Aarhus is perceived by investors and companies as relatively larger and more accessible.
  • Research and market results in cryptography and other security technologies like blockchain give Aarhus a comparative advantage and a solid knowledge base.
  • The lack of knowledge, skills, and resources in small and medium-sized enterprises represents a need that Aarhus and East Jutland can help fulfill.