Your incident response playbook

Get your free guide on creating an effective cybersecurity response protocol.

Download Now
Mobile Security

Data Protection and Cybersecurity Post-Brexit

Uncertainty over Brexit is high and its full implications are still unknown, especially since no date has been set for the U.K. to exit the EU. But many are concerned about the impact Brexit could have on data privacy and U.K. cybersecurity.

Data Privacy Regulations

In terms of data protection, the U.K. will still be a part of the EU when the general data protection regulation becomes law in May 2018. All EU member states must comply, and the U.K. is no exception. Even before the referendum, the U.K.’s information commissioner’s office issued a statement reiterating the importance of data protection. It’s likely that, post-Brexit, the U.K. will update its own legislation to incorporate the main changes being made in the new regulation. If it fails to do so, its data protection provisions risk being deemed inadequate, which could lead to extra costs and hassle for businesses in the U.K. that work internationally as well as those that do business with the U.K. For instance, these organizations could be required to use arrangements such as the Privacy Shield agreement.

Information Sharing Issues

There are also fears that the U.K. could face cybersecurity information sharing obstacles post-Brexit. A recent survey by AlienVault found that 38 percent of respondents believe that information sharing could be impacted by the decision to leave the EU. Recently, Europol echoed those fears, stating that the U.K. is unlikely to retain full access to security intelligence gathered by the EU. However, Europol is engaging in discussions with U.K. law enforcement agencies regarding what mitigation strategies could be put in place to ensure that they’re not entirely cut off, as information sharing is seen as key in the fight against cybercrime.

Gov't Agencies Grapple with Mobility and Security

icon of a document
White Paper

The biggest challenge facing government organizations are effective and timely investments in IT. Download Now

Research Funding

U.K. cybersecurity could also be damaged due to the likelihood that the U.K. will be cut off from funding for university research programs post-Brexit, and could also be ineligible to take part in European research programs such as CERN. If the U.K. government isn’t able to address this issue, it could take a toll on its research programs. BCS, the chartered institute for IT, has warned that international cooperation is essential for continued development, as lack of access and cooperation could impact continued innovation in cybersecurity capabilities.

The U.K. Could Be Sidelined

Additionally, some fear that organizations will shift their operations to other countries in Europe, which could see the U.K. sidelined further as the balance of power shifts. This could also impact cybersecurity, as organizations in the U.K. will likely have less to invest in information security. According to Reed Smith LLP, the impact of Brexit on the outsourcing of cybersecurity is already apparent due to the drop in the value of the pound, which has made it more expensive to outsource security to overseas providers.

Potential Cybersecurity Staff Shortages

Another area in which the impact of Brexit is likely to be seen is in potential staff shortages. The lack of qualified and experienced cybersecurity personnel is already a worldwide problem, but if freedom of movement throughout the region is curtailed by Brexit, it will be even harder to find staff. This uncertainty could cause candidates from the EU to see the U.K. as a less attractive option for finding work, and prompt those already working in the U.K. to decide to leave.

At present, no one yet knows how Brexit will come about or even whether it will happen at all. But if it does happen, it could have far-reaching consequences for data protection and cybersecurity. Every organization should be aware of these issues and should at the very least be monitoring the situation closely.

Cybersecurity is a key focus when it comes to current events in the U.S. as well, as officials are increasingly concerned about data security in the upcoming presidential election.

Posts By

Fran Howarth

Fran Howarth is an industry analyst specializing in security. She has worked within the security technology sector for over 25 years as an analyst, consultant and writer. Fran focuses on the business needs for security technologies, with a focus on emerging technology sectors. Current areas of focus include mobile security, cloud security, information governance and data security, identity and access management, network and endpoint security, security intelligence and analytics, and security governance and regulations. Follow Fran on Twitter: @FranNL

View more posts by Fran Howarth