What Might ‘Brexit’ Mean For Cybersecurity In The UK?

Uploaded on 2016-06-30 in NEWS-Cybersecurity News, FREE TO VIEW

After 43 years of inclusion, the UK has voted to leave the European Union in the historically unprecedented “Brexit” referendum vote. Aside from causing uncertainty in the world’s financial markets and across the political landscape, the result has implications for cybersecurity too.

While some cybersecurity pros say that Brexit will have little ill effect on the space, others aren't so sure. For one, Michaela Menting, research director for ABI Research, noted that the UK will need to review its role Europol and the European Cybercrime Centre (EC3), which is the focal point in the EU’s fight against cybercrime.

“Organized online criminal activities are undeniably best tackled from a cooperative, supra-national perspective, and the UK’s isolation that may result from Brexit would be an unwelcome development in the fight against cybercrime,” she said. “Further to this, new cybersecurity information and asset sharing structures will need to be put in place between the EU and the UK.”

There may also be a dampening impact on the country with regards to the UK workforce skills pool.

Brian Spector, CEO of Miracl, a cybersecurity firm based and operating in UK, told the International Business Times, "The UK has a well-documented shortage of tech talent that means it simply cannot compete globally without tapping into highly-skilled overseas workers. Splitting away from Europe would make it even more difficult for UK tech firms to compete with the US tech giants, because their talent pool would be so much larger than ours. To cut ourselves off from the rest of Europe therefore does nothing to protect the UK's reputation as being open for business."

Companies are also evaluating whether to keep outposts in the post-Brexit capital.

"Our R&D department in Shoreditch, London, comprises of developers from several different EU nations—including Italy, Finland and Germany," Jamie Moles, security consultant for Lastline, American cybersecurity firm, told the International Business Times. “These guys live and work in London and travel around Europe for research purposes—as well as to return home to visit family. 

There is an obvious concern post-Brexit that the rules might change regarding their ability to stay in the UK and or travel freely around Europe. We will have to wait and see if these concerns are founded or not and will of course support our team to remain employed and productive.”

From a data privacy and protection perspective, there’s also the question of whether the UK will align with the upcoming GDPR and NIS Directive. Further, according to Menting, the decision whether to retroactively repeal or keep all past EU legislation adopted to date for data protection and privacy.

“Currently, all EU laws still apply in the UK; at least over the course of the next two years as the UK untangles itself from the Union,” she said. “However, the UK will need to determine not only whether they will (unilaterally) implement similar legislation in the future.”

There are directives on e-commerce and data protection that date back to the early 2000s, the EU Directive on Data Retention from 2006, and the Directive on Attacks against Information Systems, adopted in August 2013. The UK has adapted all of these in some shape or form into national legislation.

“The UK will have to rule on the continued applicability of these instruments, as well as how they will address the incoming GDPR and NIS Directive,” Menting said.

Many US companies find the EU regulations onerous and an impediment to trans-Atlantic commerce; which on the one hand would point to Brexit being helpful from a US trade perspective. However, both the GDPR and the NIS Directive state that operators and data controllers will be covered by the legislative requirements if they operate within EU markets and involve EU citizens—which leaves Britain in a position of little power to forge its own path.

“Seeing the high level of trade that the open market has brought in the UK in the past four decades, many UK organizations will need to comply if they want to continue trading and operating in EU markets,” she said. 

She said that the EU stands to lose in a lack of free-flowing resources too—especially when it comes to the UK’s allocation of funding to cybersecurity startups.

“While the UK government has placed significant investments in the cybersecurity startup scene in the past few years, it is also uncertain whether this funding will continue to be allocated to EU and UK firms indiscriminately as it has in the past,” the analyst noted. “it would be unfortunate, and detrimental to the cybersecurity industry in the long run, for the UK to take a
similar direction with these currently highly successful investment projects.”

Despite the uncertainty around these issues, it's important to keep a level head, according to AN Ananth, CEO of EventTracker. “Brexit is affecting everything," he told Infosecurity via email. "Security always suffers in times of uncertainty. What’s happened is unprecedented and there is a lot of confusion as to the next steps. This is the kind of chaotic environment in which insecurity thrives."

He added, "This is reminiscent of 2008 when the US financial system suffered. That type of environment hurts security, which is already hard enough to maintain. At times like this, process and discipline can help. You should train like you fight, because you’ll fight like you train, as the saying goes. I would recommend that everyone keep calm and carry on.”

Infosecurity

« Lessons Learned From Major Healthcare Breaches
Edward Snowden’s Lawyer Wants Obama To Give Him A Pardon »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ACME Communications

ACME Communications

ACME Communications specialises in the field of data centre, implementation, maintenance & operation and all aspects of other IT service.

IEEE Computer Society

IEEE Computer Society

The IEEE Computer Society is the world's leading membership organization dedicated to computer science and technology.

Boxcryptor

Boxcryptor

Boxcryptor encrypts your sensitive files before uploading them to cloud storage services.

CyberVista

CyberVista

CyberVista is a cybersecurity training education and workforce development company. Our mission is to eliminate the skills gap by creating job ready professionals.

Cloudmark

Cloudmark

Cloudmark is a trusted leader in intelligent threat protection against known and future attacks, safeguarding 12 percent of the world’s inboxes from wide-scale and targeted email threats.

Serverless Computing

Serverless Computing

Serverless Computing London will help architects, developers and CIOs decide on the best path to a more efficient, scalable and secure computing future.

Fujitsu

Fujitsu

Fujitsu is the leading Japanese global information and communication technology company, offering a full range of products, solutions and services including Managed IT Services and Cyber Security.

Cyberarch Consulting

Cyberarch Consulting

Cyberarch is a security-focused consulting firm. We provide services specializing in information security, digital forensics, penetration testing and cyber security training.

Aristi Technologies

Aristi Technologies

Aristi provides cybersecurity risk and compliance services to help manage your unique cyber risks, safeguarding your systems and data and complying with government and industry standards.

Deft

Deft

Deft (formerly ServerCentral Turing Group) is a trusted provider of colocation, cloud, and disaster recovery services.

Infiot

Infiot

Infiot is a pioneer in enabling secure, reliable access with zero trust security, network optimization, edge-intelligence and AI driven operations for all remote users, devices, sites and cloud.

WiebeTech

WiebeTech

WiebeTech’s line of digital forensics tools provide innovative and rugged devices for efficient disk imaging and evidence capture.

SphereX Technologies

SphereX Technologies

SphereX is the first on-chain security solution for Web3 applications.

Exodata

Exodata

Exodata is a French digital services company specializing in the outsourcing of IT Systems and solutions.

Cyber Explorers

Cyber Explorers

Cyber Explorers is a fun, free and interactive learning platform for future digital superstars. An exciting addition to UK curriculum delivery or after school activities.

CorePLUS Technologies

CorePLUS Technologies

CorePlus solutions are designed to empower organizations with the tools they need to ensure the utmost protection for their assets, people, and information.