Threat Management

UK Cyber-security after Brexit: May not be as bad as it first appears

Shock and panic on global markets caused by the Brexit vote is starting to calm down. The turbulence will remain for a while however, fueled by doubt and uncertainty around UK's ability to renegotiate trade, law and immigration agreements with the EU instead of the single market. Most likely, the UK will remain an integral part of the EU for at least two more years, according to Article 50 of the Lisbon treaty, which sets out a two-year timetable to agree the terms of departure.

However, taking into consideration that UK is the second largest EU economy (after Germany) and fifth largest global economy, continental Europe will have no other choice but to maintain close cooperation with it. It's just impossible to quarrel with a country of US$ 2.9 trillion GDP. Moreover, being a non-EU member doesn't mean being isolated – Switzerland, Norway and Lichtenstein are great examples of flourishing European economies which manage both to formally stay outside of the EU and at the same time conduct multi-billion business with it. The statement issued by the Bank of England just after the vote results announcement, confirms that is was well prepared to support British economy in case of Brexit.

One of the biggest speculations about Brexit is immigration and related economic growth. Cyber-security talent is always hard to find and retain regardless of applicable legislation. One of the inalienable advantages of UK, is a well-established educational system and competitive universities producing highly-qualified local experts. Will Brexit make it more difficult to hire new experts from the EU? Quite probably not, as there is always a way to bring in people with extraordinary technical skills that cannot be found locally. Moreover, many European and US companies have already moved their R&D teams to Poland or the Czech Republic to cut costs and stay competitive in the global cyber-security market.

Many cyber-security experts were concerned about further relations between the UK and European authorities, such as Europol, EC3 and Eurojust. However, I am quite confident that UK will manage to negotiate comprehensive cooperation with all European law-enforcement agencies for the mutual benefit of all parties.  The real problem of information-sharing and cyber-crime prosecution was, is and will be with developing countries, who don't really care neither about either the EU, nor Brexit.

Data protection legislation and privacy are also issues raised following Brexit. However, UK companies have to be compliant with the upcoming EU's General Data Protection Regulation (GDPR) regardless Brexit. If UK decides to develop and adopt its own data privacy law, quite probably it will be fully compatible with GDPR. Therefore, nothing really changes here.

Black Hat Europe, taking place in London for the first time this year, will still take place. Moreover, a weak pound will allow overseas companies to spend more on the event, helping local businesses and making the event more attractive and exciting.

Last, but not least, the UK has powerful organisations such as CREST, accreditation from which has become a de-facto standard for penetration testing in Singapore or Australia. Will anything change after Brexit? Hardly, as nobody else can currently take the role of CREST on the global penetration testing and vulnerability assessment market.

Tudor Aw, head of technology at KPMG UK, also remains optimistic: “The things that make the UK tech-sector so strong and attractive remain in place. I see it not only withstanding this result, but continuing to grow and thrive.”

Economic turbulence can also have a quite positive effect for the cyber-security industry: now companies have to be more efficient and effective by continuously optimising their business and technology processes, delivering more value to their customers. Therefore, I'd not panic and rather concentrate all our efforts on innovation, continuous perfection of technology and global competitiveness.

Contributed by Ilia Kolochenko, CEO, High Tech Bridge

Ilia Kolochenko

Ilia is the founder and Chief Architect at ImmuniWeb, a global application security company serving large customers from regulated industries in over 50 countries. He started his career as a penetration tester and has 15 years of security auditing and digital forensics practice. Today, Ilia drives continuous product improvement and leads data scientists, security analysts and software engineers at ImmuniWeb. Ilia holds a Bachelor degree in Computer Science and Mathematics, a Master of Legal Studies from Washington University in St. Louis and a Master of Science in Criminal Justice (Cybercrime Investigation) from Boston University. He is currently a Doctoral student (Ph.D. in Cybersecurity Leadership) at Capitol Technology University. Ilia Kolochenko is a Member of Europol Data Protection Experts Network (EDEN), GIAC Advisory Board Member and a Committee Member at Boston University MET CIC (Cybercrime Investigation & Cybersecurity) Center. Ilia is a CIPP/US, CIPP/E and GLEG certified professional.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.