The cybersecurity industry is an aggregation of products and services to protect computer networks from data confidentiality, integrity and availability. It’s vital to the health and continued functioning of the Internet and all connected organizations. However, the industry doesn’t have a dedicated North American Industry Classification System (NAICS) code and may be inhibiting business development and industry growth.

The main reason that cybersecurity doesn’t have a dedicated NAICS code is that the NAICS system is production oriented in which “producing  units  that  use the  same or similar  production  processes are grouped  together(U.S. Census Bureau, na, p. 2),”  and cybersecurity is often seen as a market oriented classification in which “products are grouped according to how they are principally used(Economic Classification Policy Committee of the United States, 2003, p. 2).” Cybersecurity is a process rather than a finished product and the market driven economic model of North American Product Classification System (NAPCS) might be a better fit(U.S. Census Bureau, 2018).


NAICS Code Usage

The importance of accurate NAICS code assignment to an industry or a business is due to their use by purchasing or project managers in finding suppliers or vendors, and therefor of importance to the business marketing efforts. To locate a supplier for a particular product, its most efficient to search for all businesses with that specific industrial designation. A vendor lacking the correct code, may find it difficult to sell their product or service. It may be especially difficult for small businesses or startups(Beale, 2014, p. 8).

Selling products or services to government agencies is usually a very lucrative and stable contract, and can provide a guaranteed long-term profit potential. It can ensure the survival of a new struggling startup and boost the industry reputation and marketing prospects. However, government procurement contracts usually specify a vendor with a specific NAICS code. Failing to match the agency’s contract requirement codes prohibits the business from landing that contract(Linh Nguyen & Sower, 2009, pp. 4-5).



When choosing a NAICS code for use in cybersecurity solution procurement, there are many options. The following vendors offer quality security solutions and using the sample NAICS codes for searches by procurement managers would list similar products. Data listed is sourced from siccode.com:


  • Splunk: Primary NAICS Code: 518210 – Data Processing, Hosting, and Related Services
  • Tenable: Primary NAICS Code: 811212 – Computer and Office Machine Repair and Maintenance
  • Rapid7:             Primary NAICS Code: 541511 – Custom Computer Programming Services
  • SolarWinds: Primary NAICS Code: 541511 – Custom Computer Programming Services
  • LogRhythm: Primary NAICS Code: 511210 – Software Publishers
  • Tripwire:             Primary NAICS Code: 511210 – Software Publishers(siccode.com, 2018)


The US Census Bureau market driven classification scheme NAPCS lists the “design and development of network security systems” to equate to NAICS codes 517110, 518111, 518210, 54151, and 54121 (US Census Bureau, na, p. 3). This correlates favorably with the above listed industry vendors’ chosen codes.




Beale, H. B. (2014). Evaluation of the Small Business Procurement Goals Established in Section 15 (g) of the Small Business Act Microeconomic Applications (pp. 103).

Economic Classification Policy Committee of the United States. (2003). NAPCS Discussion Paper.

Gartner. (2017). Security Operations Centers and Their Role in Cybersecurity October 12, 2017  from https://www.gartner.com/newsroom/id/3815169

Kavanagh, K. M., & Bussa, T. (2017). Gartner Magic Quadrant for Security Information and Event Management: Gartner.

Linh Nguyen, & Sower, V. E. (2009). Getting Industry Specific Cost Models to Work for You Paper presented at the 94th Annual International Supply Management Conference, May 2009, Sam Houston State University. https://www.instituteforsupplymanagement.org/files/Pubs/Proceedings/09ProcEH-Sower-Nguyen.pdf

Obrst, L., Chase, P., & Markeloff, R. (2012). Developing an Ontology of the Cyber Security Domain. Paper presented at the STIDS.

OFFICE OF MANAGEMENT AND BUDGET. (2017). North American Industry Classification System (NAICS) (pp. 963). United States: EXECUTIVE OFFICE OF THE PRESIDENT.

siccode.com. (2018). NAICS code search.   Retrieved 4/14/2018, from https://siccode.com/en/business/tripwire-inc-portland-97204

U.S. Census Bureau. (2018). North American Product Classification System (NAPCS).    from https://www.census.gov/eos/www/napcs/index.html

U.S. Census Bureau. (na). NAICS Update Process Fact Sheet: U.S. Census Bureau.

US Census Bureau. (na). NAPCS Product List for NAICS 5112, 518 and 54151: . https://www.census.gov/eos/www/napcs/napcstable.html.