The United Kingdom leaving the European Union – aka Brexit (shorthand for British Exit) – is a decision which has generated much gossip and speculation within the cybersecurity community. In general, there is no doubt that the result of the Brexit referendum, held in June last year, will have an impact on many industries and sectors; and in today’s connected landscape, the effect will also be felt in the cyber-world. So what will Brexit mean in terms of cybersecurity?
Some of the main Brexit-related speculation in connection to cybersecurity revolves around the EU’s General Data Protection Regulation (GDPR). The regulation aims to safeguard EU citizens in matters regarding data privacy. Amongst other things, it ensures that data subjects are notified of data breaches and have the right “to be forgotten”.
Generally, the GDPR sets a legal foundation for how data is used and kept within the EU. Determining how Brexit will affect it and and vice-versa is complicated mainly as it is due to enter into force on the 28th of May, 2018. This is just under a year before the deadline set for the UK to leave the EU.
Therefore, it’s certain to say that the UK will experience life under the GDPR and UK organizations will have to comply with new EU data protection and cyber security laws. Failure to do this risks heavy fines and other potentially serious repercussions.
It’s an ample and an ambitious regulation which impacts any organization that deals with or has a connection to private data within the EU. For most of those organizations, the preparation and shift to the new GDPR rules will be an expensive and complex task. It will involve scrutinizing the fundamental ways they use data, before planning and making the necessary changes, all whilst attempting not to affect day-to-day operations.
UK organizations that do not have interests in the EU may feel resentful about the “burden” of GDPR. It will be interesting to see how heavily it is enforced during the 11 month crossover period and if all or part of the regulation is transferred to UK law after Brexit.
The UK currently uses the Information Commissioner’s Office (ICO) as an independent authority on data privacy. In fact, together with the UK Government, the ICO aided the development of GDPR. So it is possible, given its interest in the matter, that the UK will implement its own similar version of the regulation after Brexit.
According to a survey by security firm AlienVault, more than a third of security professionals fear that leaving the EU would make the UK more vulnerable to cyber attacks. The survey also found that 38% of respondents believe that information sharing could be impacted by the decision to leave the EU. This finding adds to fears that critical intelligence on cybersecurity may not be shared post-Brexit.
As with Brexit comes the assumption that there will be less collaboration between the NCA (National Crime Agency – UK), Government Communications Headquarters (GCHQ) and Europol’s cybercrime units. Furthermore, and as a result from Brexit, Five Eyes (the intelligence alliance between Australia, Canada, New Zealand, the UK, and the US) is losing its eye inside the EU.
Information is valued as critical in the fight against the cyber criminals. Any missed data or drop in quality could be harmful to nation states and businesses alike. Those very fears have recently been addressed by Europol’s acting head of strategy for cyber crime, who previously stated that the UK will “certainly be cut off from the full intelligence picture” after Brexit.
In order to negate the impact of this, Europol and the UK’s law enforcement will be involved in some deep discussions pr
ior to the end of the negotiation period allowed by Article 50. The hope is to develop strategies with the aim of ensuring that the UK is not kept fully “out of the loop”.
According to recently released statistics, cyber attacks hit half of UK organizations in 2016 – double that of the previous year. It’s a no–brainer that UK organizations need to take cybersecurity seriously, but it’s a task becoming more and more complex and expensive.
Brexit has caused an abrupt drop in value of the pound, in turn increasing the cost of security tools and solutions to UK businesses. Furthermore, compliance with UK and EU cybersecurity measures and regulations (like GDPR) will come with higher financial costs that will need to be factored into budgets for tackling cybercrime. Unless the pound recovers in a critical way, this is a negative and unavoidable consequence.
A survey by AlienVault found that 78% of the IT security professionals do not believe that their jobs would be made any easier by the UK leaving the EU. In addition, in the post-Brexit UK, organizations from every corner of most industries are facing the loss of many skilled people and vast technical expertise due to the end of freedom of movement throughout the region.
Worldwide, 45 percent of organizations say they have a “problematic shortage” of cybersecurity skills. The subsequent brain-drain from the UK could have major consequences to how the UK handles cybercrime.
Javvad Malik, security advocate at AlienVault, says that of the 300 security professionals surveyed, a “significant proportion” believe that being part of the EU does benefit them and their work. “This is especially true of the industry’s attitudes towards intelligence sharing between EU states. Cyber attackers pay no attention to geographical boundaries, transcending borders and jurisdictions to maximize malicious effect,” he said.
As the D-Day for Brexit looms, there will be sweeping consequences for cybersecurity and data protection. Every organization should be monitoring the situation and should be aware of the changes occurring.
Need help? Talk to us about how automated security testing can take you from zero to AppSec hero in no time!
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.