BREXIT & Cyber Security – 3 Impacts Your Business Needs To Consider

In case you missed it, a vote was held way back in June 2016 to decide whether the UK should leave or remain in the European Union (EU). The referendum turnout was 71.8%, with more than 30 million people voting. Leave won by 51.9% to 48.1%.

Leaving the EU will undoubtedly result in changes within cyber security for the UK. These are top three impacts your business needs to be aware of -

Legislation & Regulation – The main piece of legislation that would be impacted here would be GDPR. The UK would be seen as a third country meaning before any data sharing can take place between the UK and EU the issue of adequacy needs to be considered. Adequacy is all about demonstrating to the EU that the UK is a safe place for data processing so that restrictions on data transfers are not imposed. The UK may not be automatically awarded adequacy status should it leave without a deal. More details here.

In reality, the UK falling into the same legal standing as Cuba or Namibia in equal adequacy is unlikely. The UK was one of the first countries to transpose the original discretionary directive into the then Data Protection Act 1984. The UK is highly unlikely to diverge from EU alignment after exit in any significant way. The impact on UK plc is negligible. Data sharing takes place between the EU and US now without substantial clarity or agreement over adequacy. That with the EU and US having philosophical different views over personal data - the US seeing personal data as something that should be commoditised - the EU seeing personal data as something to be controlled.

Intelligence Sharing – The UK and EU cooperate on intelligence sharing on organised crime and other threat sources. The UK receives mainland EU intelligence from EU domestic agencies, while the UK shares intelligence from the its own intelligence infrastructure (which is one of the bigger of the EU states) and that of the Five Eyes community (UK, United States, Australian, New Zealand and Canada).

In reality, this is unlikely to change. Not only is a mutual exchange of value but there is a clear mutual interest to share information for the protection of life, economic and social well-being. The impact on UK plc is negligible at best.

Recruitment – The biggest impact will probably be recruitment of cyber security staff. Roughly half of the UK tech workforce comes from elsewhere. With the diminishing supply of foreign nationals coming into the UK this will certainly result in wage inflation. Good news for those in cyber security and those looking to enter the market. There is now a large array of entry paths in to cyber security from internships to master’s degrees for home grown graduates. Some might argue the preexisting shortage was already being over egged by parties that have an interest – professional bodies selling training courses and certification for example.

In summary – Relax, keep calm and carry on. When nothing is sure, everything is possible.

Questions your C-Suite should ask your CISO – What’s the feeling amongst UK based staff on the impact of Brexit on their day to day work? Are any of them concerned or planning to take any form of action?