The report you mention dates back to 2009, which in terms of software and services, is ages ago.
The starting point remains interesting though. If we talk about software and services (i dont know that much about hardware), the two elements are merging into one with the growing implementation of cloud computing and SaaS.
I am not sure what the study refers to when it says that EU vendors know how to minimize costs. I dont see a difference between EU and non-EU vendors in that.
Overall, 2011 has been extremely rich in terms of malware activity; and this matters for all vendors. A year that started under the auspices of data-breaches and corporate leaks has continued with the emergence of highly sophisticated bots such as ZeroAccess or TDL4 and ended with a bang as the existence of Duqu, “the son of Stuxnet” was revealed.
The distinction should be more about markets where customers are more exposed (because higher use of software and services) rather that geographical proximity to the vendors.
Malware will continue its rampant evolution throughout 2012 to reach a whopping 90,000,000 samples, almost 17 million more than at the end of 2011
We will have a growth in malware targeting social networks and an exponential growth in malware targeting Android OS.
The EU Security industry has the technology to respond to these threats, and the Digital Agenda can be a good opportunity to turn EU companies in market leaders.

"the Digital Agenda can be a good opportunity to turn EU companies in market leaders"
how? wht's the single thing you'd suggest including in the DAE to promote that goal?

Collaboration across stakeholders to implement security and Privacy in ICT
Security and privacy in the information society needs better understanding across the stakeholders (user, service providers, network providers, legisltors and data protection authorities). Unless close cooperation is established for better understanding the future information society needs, research continues in vertical sectors without having broader deployment with usability and performance consideration. The need of the hour is collaborative working and better international standards.

Europe did invent security technology, but fail in putting them to use.

The characteristic about Europe is our emphasis on the individual citizens and their role in both democracy and markets - and rightfully so.

Making security that support this is perhaps the biggest challange of our time. Technoloigy in general and security specific are typiucally used to the opposite - to control, analyse og direct citizens for the sake of some interest.

The interesting thing is that Euopera has produced many inventions to address the fundaments, e.g. David Chaum (onion, frist digital cash), Stefan Brands (huge improvements), Ross Andersen & his group (a lot of good stuff), Jan Camenish & the group around IBM Zürich (IDMIX) just a much of the peer-to-peer technologies have been invented in Europe.

Where are these? Either dead or relocated to US. Chaum moved to California. Brands to Canada and Credentica was sold to Microsoft.

HOWEVER - what is obvious is how GOVERNMENT have prevented security from developing with citizen-centric focus.

Instead we have seen how infrastructure kartels (e.g. payments, mobile) have been allowed - and even through regulation forced - to block security to establish gatekeeper controls, how the government sector has once against retruned to Central Command & Control structures without any consideration to the role of citizens (e.g. singla national Id, biometric passports, bottleneck gateways , centralised eHealth etc.), how data retention and payment regualktion prevent security in commercial and online transactions truning citizens into products and prey etc.

If we are to understand Europes problems, we need to see in the light of EU failling its purpose - to enable and defend the Single Market and the fundamentals rights ensuring Citizens can through persuing their own happiness and interests drive economic prosperity and value-generating growth.

The DAE is more of what created these problems. The security section has almost nothing related to security as it is overloaded with surveillance & dis-empowering initiatives, the illusion that "confidence" can be increased to remedy this and the generel ignoring citizens security and safety for the benefit of the control interests, payements are about promoting more intermediationes but nothing on security, competition & empowering payments like Digital Cash, social network discussion assume value creation but ignore the serious distortions through commercialisation of social relationships & processes, etc.

Security is both the problem and a critical part of solutions - but a refocussed appraoch to security that alligne polcieis with the fundamental purposes of growth, rights, security and "stability" in wider sense.

The problem is NOT lack of technologies, but the regulatory and other distortions in the take-up and maturing processes.

Why is National Id and eId ONLY ABOUT DISEMPOWERMENT? Why are security in payments always assuming some invasive 3rd party in control? Why are the debate on social network not sonsidering the systemic abuse of data and means to eliminate th collection in the first place? Why are "interoperability" translated into one-size-fits-all/nothing?

The root problem about security is that we are not discussing security, economics or fundamentals, but focus on some selected means which do not provide solutions to real problems but act counter-productive to the very assumed purposes of EU.

Ask youself - why do we have a Directive on Data Retention that PREVENT security? What kind of mechanisms has been driving these anti-grwth, anti-security and - yes - paranoid strutures overriding EVERY interest and purpose?

We have been working on IT security - especially on trustmarks for quite some tome now.
One of the results is IT security product, which helps all SMEs to promote themselves and also protects their visitors, brand, website content. It's a win win win situation here and benefits go in all directions.
Security is an opportunity, you just have to look at smaller parts of it and put them together in an innovative way.