Cyber security and Brexit: what you need to know

shutterstock 638186110

It’s been mere months since the headaches of GDPR, and now business owners have another significant cyber concern to contend with: Brexit.

Amid all the political uncertainty, it’s hard to know what impact the UK’s departure from the EU will have. When it comes to cyber security, we could potentially see changes in regulation and legislation, as well as a slightly more complex recruitment landscape.

More uncertainty

Looking outwards first, the UK has always been a vital part of the EU’s strategy on cyber security. When the major WannaCry attack happened in 2017, affecting more than 230,000 systems across the world, the UK was instrumental in supporting investigations and enabling action as part of the Joint Cybercrime Action Taskforce.

With things as they are, UK businesses also benefit from collaboration via ENISA (the European Union Agency for Cybersecurity) and, more recently, the EU Cybersecurity Act – the goal of both is to establish cyber security standards and robust defence frameworks that protect all member states against growing cyber-threats.

At some point after 31 October, the date that our departure is expected to happen, the country might instead need to start relying more heavily on the UK government’s own standards. That could mean different rules around the ways businesses keep and protect data.

What’s not going to happen

To the relief of most businesses, GDPR (the General Data Protection Regulation) will still apply post-Brexit. Although it was introduced by the EU, regulation will be retained in UK law as part of the EU (Withdrawal) Act 2018. This means the fundamental principles, obligations and rights that organisations and UK individuals have recently become familiar with will stay the same.

If – and that’s a huge ‘if’ – the UK leaves with a deal on 31 October, it might be that nothing needs to change immediately in terms of regulation and legislation compliance. In that scenario, the country and its businesses will have a 14-month transition period to prepare and start adjusting. During that time, the UK will engage in talks with EU bosses that would define any changes around trade and free movement from 2021 onwards.

What Brexit could mean for cyber skills and recruitment

A report published earlier this year by the Information Systems Security Association (ISSA), which surveyed 267 cyber security professionals globally, shows that 74% of organisations feel they’ve been affected by a shortage of cyber-talent. Forty-one percent of these respondents said they’ve resorted to training and hiring junior employees due to a lack of established cybersecurity talent.

If Brexit brings about the end of free movement across UK borders, the cyber security talent pool – which currently includes skilled EU nationals – could become even shallower, forcing businesses to spend more time and money on hiring.

Skills development could also take a hit, with UK cyber professionals potentially finding it difficult to access resources and training overseas, and UK universities losing the EU finding they receive at present.

While these skills gaps do exist, it could be argued that some businesses are struggling to find the right talent for other reasons: a lack of time or hiring resources, for example. However, it’s not that the talent isn’t out there; it’s knowing where to find it – but that’s another story.

Read our Cyber Talent Insights Report

If you’d like some guidance on hiring cyber talent or simply want to know how we can help your business, get in touch.