Online Cyber Security Experts: Consequences of Brexit For Their Industry
Now that it has become clear the United Kingdom will indeed leave the European Union, there are important implications to consider. There is no doubt that the recent Brexit will have far reaching consequences for all economic sectors. We asked several cyber security experts for their comments on the Brexit news and what it could mean for their industry.
The incredible technical talent in the UK just became a lot cheaper for foreign countries to hire. Sadly, those hires will suffer as their standard of living drops and their opportunity to live and work in other countries in Europe is restricted. Ultimately, I expect many of them to leave the UK permanently for countries that will pay what they are worth, such as the USA. There is another longer term worry. Over a third of research funding for universities in the UK comes from the EU. In the absence of new funding from the UK government, there will be a huge impact on the ability of universities to deliver highly skilled tech workers to the UK economy.
With the announcement last week that the UK has decided to leave the EU, it could spell bad news for privacy. The Investigatory Powers Bill, or Snooper’s Charter as it’s more aptly dubbed, is imminent pending a review in the House of Lords. This would enable ‘bulk hacking’ of communications on a large scale from GCHQ (UK Government Communications Headquarters) on, for instance, whole towns. Without the checks and balances that the EU Courts provide, an important role for overruling over zealous government laws, which could erode people’s privacy, is taken away and there is a real danger that privacy as we know it will hang in the balance.
A recent OnePoll survey carried out on behalf of Comparitech found that almost half of the population was unsure about the effect a Brexit would have on their privacy. The issue of the erosion of privacy rights may have slipped through the backdoor while everyone was focusing on immigration and spending. But if privacy is something that concerns you, now is the time to make that known to your local MP and push back to protect your civil liberties.
The UK has been the biggest single market for tech in the EU. Many tech companies have their EU HQs here, or at least have a very strong presence. Now that the UK has voted out, the economic ramifications are already being felt and will carry on being felt regardless of the sector. However, I think there is a very strong and compelling case to remain and further invest in the UK. It’s now down to the government to engage with businesses and communicate the strength of that case. As long as companies in the UK continue to do business with those in the EU, and they will, then GDPR (General Data Protection Regulation) will still need to be addressed. And regardless of the regulation, the impetus for it, the need to ensure that sensitive and personal information is secure, remains.
UK voters have decided to escape the EU, so that means they’ll be free of the GDPR, right? Not really. As many observers have pointed out, the GDPR applies even to companies or “data controllers” outside of the EU. This is the extra territoriality nature of this data law (see article 3). So if UK-based web sites collect personal data from, say, a Dutch or a French person, the GDPR still applies. And for UK companies with subsidiaries (and therefore data controllers) within the EU, that try to get out of the GDPR by outsourcing processing to the UK, the GDPR, again, would still apply.
Why? Under the GDPR, the UK would have to be an “approved country” (with adequate data protection) in order for EU personal data to be transferred out of that zone. In other words, the UK local data laws would have to be up to snuff and at the same level as the GDPR.
UK companies doing business in the UK, collecting only personal data of UK citizens, will be covered by the current Data Protection Act. This act is basically the EU Data Protection Directive (DPD), the law of land in the EU now. The UK’s local data laws are, and will likely be in the future, close to the current GDPR. In short, large UK-based multinationals will still have to deal directly with the GDPR and local UK companies will be under a GDPR-like local data law.
Brexit will have impact on the industry as a whole. However, it is too early to speculate on this being positive or negative. The coming weeks and months will be a telling time. Cyber security is a global challenge and not EU specific. With the vote being so close, the unrest will translate into some increased cyber attacks and organizations at the forefront should take extra caution. As many cyber security vendors report dollar revenues, currency market volatility could see some prices increased.
I do not foresee any big changes short term in cross border collaboration in cyber security. Longer term, the vendors with global research teams who contribute to intelligence communities will play a bigger role in cooperation, as cyber security has always been a global issue.
GDPR is just one of many compliance drivers that ensure sensitive and personal data is handled with care. Compliance is born from best practices and when or if the UK mandates a new data policy, the main tenants of GDPR will no doubt be considered as the Government has to ensure the public safety, both physically and virtually.
Most information security professionals appear unconcerned with the impact of this referendum on UK cyber security. This could mean that they believe that the UK’s approach to cyber security won’t change significantly either way. However, it’s also possible that the EU hasn’t provided enough transparency around the impact of new regulations in the near term to make a difference to professionals that grapple with these issues every day.