MARKET - Market Overview - Innovation Value Chain


The Cyber-security Innovation Value Chain

The speed of innovation, short product cycles and complexity of industrial relations ranging from competition to coopetition (situations where competitors cooperate) are signature aspects of digital markets. In ICT industries innovation is of special importance, because of the speed of today’s technological advancements. These advancements alter continuously the threat landscape and vulnerabilities of players created by ICT deployment.


Return to Market Overview


Key Definitions of Innovation 

The majority of observable innovation in cyber-security and privacy markets is best described as incremental. This means that much of the innovation is a product or service improvement, but not a radically new invention that forces businesses to re-organize or leads to the emergence of wholly new markets.

Definition of innovation: Innovation is in general defined as “the implementation of a new and significantly improved product (good or service) or process, a new marketing method, or a new organizational method in business practices, workplace organization or external relations.” (OECD 2005: 46)

Definition of disruptive innovation: “A technology whose application significantly affects the way a market functions. An example of a modern disruptive innovation is the Internet, which significantly altered the way companies did business and which negatively impacted companies that were unwilling to adopt it. A disruptive innovation is differentiated from a disruptive technology in that it focuses on the use of the technology rather than the technology itself.” (Investopia 2015)

As stated by one of the IPACSO stakeholders, disruptive innovations in cyber-security and privacy is very likely to be linked to the deployment of disruptive ICT-technologies.


Innovation as Input-Output Process

The process of product or service innovation can be also presented similar to different stages of a product or value chain. An innovation value chain is a product-centric view that relates inputs with products/services innovation outputs. Innovation inputs are for example, R&D expenditures and innovation outputs are for example patents.
The innovation value chain view presents innovation as a sequential … “phase process that involves idea generation, idea development, and the diffusion of developed concepts.” (Hansen and Birkinshaw 2007) This type of model is presented in Figure 1. The steps involve idea generation, the idea selection process, development and diffusion processes.

Figure 1 Innovation Value Chain


Source: Ljepava (2011) with modifications by the author.

In order to obtain a model that reflects innovation in the privacy and cyber-security (PACS) markets, the innovation value chain above can be linked with particulars of development processes in cyber-security and privacy markets and the digital supply chain model presented.

Due to the complexities of the industrial relations and the products produced, only a generic model of a PACS innovation chain can be represented here.
The key inputs for the production of privacy and cyber-security innovations are R&D (including risk analysis) as well as non-R&D inputs such as ICTs and conversations with customers. Ideas may be then generated by individuals, groups or in networks within firms.
For most firms, the ‘innovation procedure’ is simply called product development. The idea selection phase involves discussions within the company, but also with customers. Finally, once an idea has passed the selection stage and enters the production stage, Intellectual Property rights have to be secured and specific technical standards have to be observed.

Figure 2 Cyber-security Innovation Value Chain



Source: Jentzsch (2015).

A peculiarity of the innovation cycle in the privacy or cyber-security domain is the fact that in order to establish a cyber-secure product or service, end-to-end security must be implemented already in the innovation phase.
It is clear that there is no possibility to achieve 100% security. However, the goal of many IPACSO stakeholders is to achieve the best result given available knowledge and resources. Moreover, one stakeholder noted that the goal was to raise the bar until the costs of decrypting a message, for example, by far surpasses the benefits.
For entrepreneurs, there are different information sources. For example, the Software Assurance Forum for Excellence in Code (SAFECode), an industry-led, non-profit organization based in the U.S., promotes best practices for developing more secure and reliable software, hardware and services. Moreover, there are now draft standards such as ISO/IEC 27034 (Information technology — Security techniques — Application security) that provide “guidance on information security to those specifying, designing and programming or procuring, implementing and using application systems, in other words business and IT managers, developers and auditors, and ultimately the end-users of ICT.”
For firms active in these markets, innovation cycles will look different for individual product or service segments. This became rather clear when the interviewees were asked about their innovation procedures.
Finally, the deployment of the innovation ought to lead to increased levels of cyber-security, which in turn change the vulnerability and threat landscape in ICT deployment, not only at company level, but also through integration in other firm’s supply chains.

Read more on innovation processes.

or Return to Market Overview


IPACSO Publications and further links:
Jentzsch, N. (2015) Horizontal and Vertical Analysis of Privacy and Cyber-security Markets, IPACSO - Innovation Framework for ICT Security Deliverable 4.2A.

Other Publications quoted:
Hansen, M.T. and J. Birkinshaw (2007). Innovation value chain, Harvard Business Review (June),
Investopia (2015). Disruptive Innovation,
Ljepava, D. (2011). Innovation 101: The Innovation Value Chain, in Innovation Science, retrieved from
OECD (2005). The Measurement of Scientific and Technological Activities – Guidelines for Collecting and Interpreting Innovation Data, Oslo Manual (3rd edition).

Getting Started

Which type of company are you? Choose one of the options below and get a head-start.

Framework Overview

Navigate through the different parts of the Framework


Joomla! Debug Console


Profile Information

Memory Usage

Database Queries