Maryland Department of Commerce’s new initiative in the United Kingdom to expand the state’s growing cyber sector is a reminder to CEOs that businesses often can enter a larger market and expand globally.

For starters, Maryland is home to many of federal government’s top cybersecurity agencies, more than 1,200 private-sector cyber companies, and has 17 universities and colleges designated as National Centers of Academic Excellence in Cyber Defense. The federal government also awards over $10 billion in contracts each year to information technology companies located in Maryland.

Andy Williams, the iCyberCenter international director and head of the new London office of the Maryland Department of Commerce, said it makes sense for Maryland to expand into the United Kingdom, and, in particular, in the cyber sector.

“Cybersecurity is a key strength of the Maryland economy, and one which the state plans to promote more extensively to strategic overseas markets,” Williams told SmartCEO. “The UK and U.S. already enjoy the strongest relationship between any two nations on cybersecurity, especially having the National Security Agency in Maryland and the GCHQ [the Government Communications Headquarters] in the UK.”

“The UK and the U.S. cybersecurity markets are among the most sizeable in the world and are largely open to foreign competition,” he added. “There are many examples of UK and U.S. cyber companies already succeeding in each other’s markets.”

But proper preparation and planning are key in any foreign expansion. Looking at the big picture, Williams explained that companies which succeed when expanding into new overseas markets often:

  • Have a capability that is significantly different, better or less expensive than is locally available.
  • Invested the time, effort and money required to understand the overseas market.
  • Developed an overseas market entry plan appropriate for the company and the market segment.
  • Have relevant skills, products and determination to succeed in overcoming the cultural and legal challenges of doing business abroad, which can be significant.

Kyle Bayliss, regional director for the Maryland Small Business Development Center at the University of Maryland College Park, said that before entering foreign markets, businesses need to ensure they have the capacity — such as funding and knowledgeable staffing — commitment and resilience. They also need to undertake the necessary level of due diligence to select the right country for expansion, he said.

Bayliss added that small businesses need to have an “evolving strategic plan. For example, perhaps they enter the market via a joint-venture or a sales partnership arrangement. As some point they may want to consider the supply chain structure and decide what to own (control) as opposed to outsource,” Bayliss said.

Small businesses operating in a foreign market also need to identify key metrics that must be tracked and monitored, Bayliss said. Some metrics will be different from what is used in the U.S., he said.

He also recommends that small business owners should be willing to travel to — and deal directly with problems and potential business opportunities in — the new country. This can be a challenge for small businesses with limited resources, according to Bayliss.

One benefit found with software companies is that they can reach out to foreign customers – even if they do not have an actual brick and mortar presence in another nation, according to Williams.

“Software companies, in particular, can enter overseas markets quickly, even before establishing a physical office presence abroad, by identifying and connecting with potential customers directly and through local partners,” Williams said.

But overall companies, eventually, likely do need to have a formal presence in the foreign country. “Becoming assimilated into the local stakeholder community as quickly as possible is key to breaking into overseas markets effectively,” Williams explained. “This usually entails opening an office, hiring local people, joining the relevant industry groups, exhibiting at local trade events, and customizing marketing materials for the local audience, among other key tasks.”

Based on the experience of some businesses, there are times businesses should not expand overseas. For instance, Williams noted that companies that fail to enter overseas markets successfully tend to make the same common mistakes. These include:

  • Trying to enter overseas markets before they have built up strong enough credentials for themselves as a business in their home market.
  • Promoting capabilities that are not sufficiently differentiated from those already available at the same or less cost in the local market.
  • Underestimating the amount of time, effort and money required to successfully break into overseas markets.
  • Neglecting to pay sufficient attention to the legal and cultural challenges of doing business abroad.

Yet, many U.S. businesses are involved with foreign trade. Exports made up 12 percent of the US GDP last year, and U.S. exports of goods and services totaled $2.21 trillion in 2016, according to the federal Commerce Department.

There are many reasons that expanding into the UK makes sense for US businesses, too. “The UK and the U.S. are respectively the largest international investors in each other’s countries,” Williams said. “For historical reasons, the cultural and legal challenges for U.S. and UK companies, including the language challenges, of doing business in each other’s markets is typically far lower than is the case when doing business with many other countries.”

Bayliss said it is important a small business is in complete compliance with regard to exporting services and products that are sensitive to the U.S.’s national security. The UK has the protections and mutual security interest of the US; therefore, the risk should be much lower, Bayliss said.

Specifically, on the cyber sector in the UK, Kim Phan, an attorney with the Washington, D.C., office of Ballard Spahr, said the UK Information Commissioner’s Office is “highly active with regard to cybersecurity guidance and enforcement. Cybersecurity in the UK, like the rest of the EU [European Union], will need to take into account any changes necessary as the GDPR [the General Data Protection Regulation] becomes effective in 2018. Should Brexit actually occur in 2019, companies will need to adapt to any variation of [the] GDPR that the UK decides to enact once the UK leaves the EU.”

The new UK office is a result of a partnership between the Maryland Department of Commerce and iCyberCenter@bwtech.