Brexit and Cybersecurity
Regardless of whether Brexit does happen, is delayed or cancelled it has and will affect the UK's relationship with other countries and one of the areas affected will be cybersecurity. This post will aim to briefly highlight what affects Brexit will have on cybersecurity in the UK and what things will change or stay the same regarding cybersecurity. Due to the nature surrounding Brexit at the moment, a few things are an unknown at the moment until Brexit has come to pass.
Possible Effects of Brexit disruption
Brexit may disrupt cybersecurity in the UK and between businesses and the EU , to what extent is unknown until Brexit happens. With a key unknown being what will happen to information sharing regarding threats, vulnerabilities, cyberattacks and how the transfer of digital information across borders will be handled.
But on the other hand, Brexit might not change much in the short term regarding cybersecurity. Rather than being a stumbling block, Brexit could help raise awareness of the importance of cybersecurity – especially around the insider threat – and motivates UK organisations (government departments, local authority bodies and businesses alike) to be at the forefront of security best practices.
Most likely regulatory compliance will be unaffected with GDPR, ePrivacy Act and the EU Cybersecurity Act will the UK Government at the moment either has implemented or plans to implement them into law in the UK. Also, if there is any future divergence between the UK and the EU businesses regardless will have to comply with the terms of these acts if they want to conduct business in the EU. So, either company follow two sets of regulations or avoid doing business with countries.
These assessments suggest two guiding principles for UK cybersecurity and Brexit.
The first is that we should not become obsessed with the short-term effects of Brexit for UK cybersecurity. It is not in the interests of the UK or the EU to terminate their long-term cybersecurity partnerships. Where specific lines of engagement and information-sharing require renegotiation, mutual interest should prevail.
The second principle is closely related to the first. Cybersecurity is, after all, a means of protecting and promoting the national interest. The UK has, since 2009, gradually developed a more strategic approach to cybersecurity that recognises these imperatives and attempts to harness resources in pursuit of national goals.
Taking a long-term strategic view of cybersecurity is therefore essential, regardless of Brexit. Even were Brexit not to happen, the present uncertainty is an opportunity for the UK to test its planning assumptions and revise its cybersecurity ambitions for the next decade or so, not least as the UK enters the planning phase of a new national cybersecurity strategy. Brexit may thereby prompt a welcome re-evaluation of the international dimensions of UK cybersecurity.
While there will be disruption to businesses due to Brexit when it comes to cybersecurity they are likely to be minimal (hopefully). In any event, companies shouldn't bury their heads in the sand and pray that any mess and disruption will go away but need to stay aware and be alert to how things will be affected.