Cyber Security

Cyber skills, threat and compliance issues for UK post-Brexit

However hard you try to hide from it, someone with their own set of agendas is already trying to influence your vote ahead of the June 23 polling day.

The Prime Minister and the Leader of the Opposition are both in the Remain camp, but are adamant that they profoundly disagree with each other, as their motivations are supposedly different.

However you look at it, whatever your politics, the effects of both Leave and Remain are unclear – with the only point of agreement that whichever way the votes are cast, the impact to the UK and to Europe will be remarkable.

What does this mean for cyber security?
With a complex issue such as Brexit, there are many interconnected issue, but for the sake of brevity we can condense these down into three key themes for cyber security: skills, threats and compliance.

In November 2015, cyber security was added to the UK skills shortage register, which allowed those from outside the EU or without an existing right to work to apply for a working visa.It may be fair to assume that these regulations will extend to the EU should the UK leave – so will this have an impact on the ability for firms to recruit the talent that they need to stay safe? The long-term answer is probably not. However, as firms struggle to get to grips with new recruitment processes and visa processes, there may be an initial barrier thrown up that shocks the labour market as demand outstrips supply.

This may lead to inflated salaries in the short-term, but also more students heading into cyber security courses, which over the long-term can only benefit the UK’s capability. But back to immediacy; do you have all the talent currently in place, or were you planning to recruit later on in the year?

It might be worth starting your search sooner rather than later.

Another facet to the debate is what we can loosely term ‘threats’ – and whether organisations would face a different threat landscape post-Brexit.

‘Threat intel merchants’ will seize on the Brexit opportunity to turn Europe against us. Suddenly Denmark will be the next advanced persistent threat, targeting our favourite high street purveyor of warm sausage rolls for its sales volume data, and we’ll all be left wondering what’s real and what’s not.

Of course, the answer is ‘no one knows’. What is completely clear is that trade deal information is a high-value target and this market uncertainty attracts interest.

Ultimately a backdrop of change, not stability, provides a fertile backdrop for making (and losing) money.

Finally, let’s look to compliance and regulation.

Firms trading in the EU are today held accountable by the UK Information Commissioner Office (ICO), and also the EU General Data Protection Regulation (GDPR), which was adopted on the 14 April 2016 and so the two-year countdown to compliance is now on.

The headline difference between the ICO and the GDPR is the extent to which firms can be fined for data breaches. The ICO states 2 per cent of global turnover, whereas the GDPR is regulated to 5 per cent.

Whichever number you take, these are significant chunks of change regardless of the size of your organisation, with the GDPR probably taking the edge in terms of keeping you awake at night.

Will Brexit free you from this worry? Probably not; if your firm trades in Europe or holds data related to any EU citizen, then both the ICO and GDPR will continue to apply.

From a cyber perspective on Brexit, has this cleared anything up? Food for thought perhaps, but nothing yet is clear.


This article appeared in the New Statesman 

Leave a Reply

Your email address will not be published. Required fields are marked *