Brexit and Cybersecurity – it’s a Minefield

Whilst businesses and individuals debate the cost and implications of the British public’s vote to Brexit, the cybersecurity community is similarly mulling over its consequences on the sharing of cyber-breach information internationally and what it will mean for cross-border data access.

The major issues we have to face is the General Data Protection Regulation (GDPR); the forfeiture of threat intelligence collaboration with Europe; the potential increasing cost of security (because of the falling value of the pound); and the loss of access to European technical expertise.

When the GDPR takes effect it will replace the data protection directive from 1995. Whilst the regulation was adopted on April 27, 2016 it will become mandatory May 25, 2018. However, despite a two-year transition period, alarmingly, in the UK we are dragging our feet being significantly less prepared than our European counterparts and four times more likely to allocate no budget to GDPR compliance than colleagues in the US, France and Spain. Not only this, the UK is least likely to have performed a data protection gap analysis in the last year and least likely to arrange one before 2018.

With potential fines of up to 4% of a company’s global turnover, or €20 million (whichever is higher) – we need to start to take this seriously and get our act together!

This regulation, by which the European Commission intends to strengthen and unify data protection for individuals within the EU, also addresses export of personal data outside the EU. The Commission’s primary objectives of the GDPR are to give citizens back the control of their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

Despite fear, uncertainty and doubt there is a view that Brexit could in fact offer an opportunity for a complete overhaul and rationalization of Britain’s cybersecurity infrastructure.

With so much yet to play out regarding Britain’s exit from Europe, it is clear that the country’s position in the global cybersecurity community is set to evolve and change.

But the $60,000,000 question is whether as a nation outside the authority of Brussels, Britain will be able to give assurances that it continues to maintain cybersecurity policies and standards at levels on par or exceeding those found in mainland Europe and beyond.