While it is still too early to specifically understand the impact of Brexit, it is important to watch the developments in EU and UK negotiations over the next two years in order to grasp what will happen regarding technology and security. Even though the vote has occurred, most legal changes could take two years or more to implement.
As the dust and uncertainty settle on both sides, some basic questions will be answered:
- Will the UK remain in the free-trading bloc?
- What actions will tech companies in the UK need to take to meet the needs of EU customers?
- Will other EU member states leave?
Here are considerations all business and technology executives should be aware of, whether as businesses based in the UK or businesses doing business in the UK and EU:
1. Exacerbating a cybersecurity skills shortage in the UK and on the continent
The International Business Times (IBT) reported on the possible cyber-impacts to the workforce talent crunch, the rising cost of business operations, data sharing and privacy laws, and the threat of a cyberattack growing. The UK has the most cybersecurity companies in Europe, and their ability to support other EU countries may be impacted. ABI Research’s Michela Menting wrote this summary on the subject of Brexit and cybersecurity centering primarily on the skills shortages in cybersecurity being impacted:
“The tech industry, and cybersecurity notably, is experiencing a painful shortage of professionals. By opting out of the single market, and free movement of people, the UK’s labor pool will shrink considerably. Again, the outcome of negotiations with the EU as to the single market will largely determine the availability of an EU-wide labor pool. However, current uncertainty may drive cybersecurity firms to relocate in other EU countries in the meantime.”
2. Determining which EU regulations will still apply in the UK
This has been a watershed year for data protection and cybersecurity legislation in the EU, with the General Data Protection Regulation (GDPR) and Network and Information Security (NIS) Directive expected to force some hard questions on businesses looking at compliance.
GDPR regulations, for example, are expected to become enforceable in 2018, but UK-based businesses are already examining whether they will be legally compelled to comply, and if so, to what degree.The GDPR lays out requirements specific to “EU residents’ data and applies to businesses that process that data, or that market to EU residents, regardless of whether or not the businesses are based in the EU. Thus, regardless of how Brexit plays out over the next two years, UK businesses selling into the EU will still be subject to GDPR requirements once it is effective.
3. An increase in threat activity looking to capitalize on Brexit new cycles
For more immediate computer impacts, companies should be on the lookout for scams, phishing attempts and websites that take advantage of the Brexit confusion to trick people into taking foolish actions related to Brexit and surrounding issues.
The bad guys always show up in force with an assortment of phishing schemes in times of confusion like we are seeing today as a result of the Brexit referendum, especially when people break out of normal patterns and click on new content. Therefore, it is important to know whom to trust online and remember that these scams can come from anywhere, at any time, including via mobile phone, email, text or social media message.
In May, I wrote a post for Government Technology which highlighted the seven reasons you should care about Brexit, describing why this topic is important to Americans, including potential technology and security repercussions.