Brexit impact on cybersecurity

Historically we have seen cybercrime rise after large natural disasters and events impacting world economy; Brexit qualifies for the latter. – Cyphort chief strategy officer Dr Fengmin Gong.

Is UK Cybersecurity in Danger Post-Brexit?


It’s taken a few weeks post-Brexit for many to remember that one of the major security risks in the UK is cybercrime. It’s been on the rise for years, but experts are predicting a particularly savage surge in the UK because of Brexit.

Brexit has increased the supply of targets because it has created uncertainty, which markets hate but some criminals embrace. Uncertainty creates opportunities, like the opportunity to target people who are fearful or confused, perhaps through online scams and social engineering attacks related to immigration status, state benefits, and so on. – Eset security researcher Stephen Cobb.

More than 80% of European companies have reported experiencing a cybersecurity incident in the past year, and the incidence of cybercrime is rising every year. In the UK, it’s growing at top speed: in the past two years, cybercrime has gone from 20% of economic crime to 44%.

The EU and US Strategy


The EU is steps ahead of the UK when it comes to data protection. In its constant vigilance, it has invested €450 million in cybersecurity under a project called Horizon 2020. This is part of a public-private partnership, which privately-owned companies and individuals are expected to add to. The prediction is for a total European cybersecurity investment of €1.8 billion by 2020.

[The aim is to] reinforce cooperation across borders, and between all actors and sectors active in cybersecurity, and to help develop innovative and secure technologies, products and services throughout the EU. – The EU Commission

The U.S., too, has increased its spending on cybersecurity. It recently increased the federal budget for data protection with the aim of reaching a total investment of US$19 billion next year, and has had an ever-complicating series of international cybersecurity treaties for decades.

We have vulnerabilities caused by Brexit; the UK’s lack of international collaboration on the same scale and the EU/US; and the widespread cyber-skills shortage. Britain is weak, and missing out on Horizon 2020 is particularly unfortunate.

[It’s] sad that, due to Brexit, UK universities and businesses will miss out on this investment. – Kevin Bocek, chief security strategist at Venafi.

The UK’s Strategy


The UK’s strategy is aimed more heavily at protecting national infrastructure like healthcare, banking, and energy. Cybercriminals could damage the lives of millions if these critical structures were compromised. The UK’s strategy, however, is very publically-funded and nationally-limited.

The previous UK Chancellor, George Osborne, stated last year that the country would be doubling its investment in the fight against cybercrime and developing “our sovereign capabilities in cyberspace”. This amounts to a total of £1.9 billion over the course of five years.

Some of this money will be spent on hiring nearly 2,000 more staff at the Government Communications Headquarters (GCHQ), to help in the public sector’s development of cybersecurity. The GCHQ’s director Robert Hannigan last year said that the private sector and free market as a whole hasn’t done what it could to protect the UK following a simple but very damaging breach of TalkTalk’s security:

It is time to take a hard look at whether the international market for cyber security is working sufficiently well . . . something is not quite right here…What is also clear is that we cannot as a country allow this situation to continue.

Can Post-Brexit Britain Benefit From The EU’s Cybersecurity?


Most current British regulations were created in 1995; a time when cybercriminals were the heroes of B-grade cinema. So, yes – they could be improved. The EU’s General Data Protection Regulation (GDPR) can be that improvement.

When the GDPR comes into effect in 2018, the UK will likely still be a member of the EU; even after the UK hands in its notice (ie triggering Article 50 of the Lisbon Treaty), it’s most probable that it’ll take at least two years for Brexit to come into effect.

In a statement on the 29th of June, heads of state confirmed that the GDPR will affect the UK:

Until the UK leaves the EU, EU law continues to apply to and within the UK, both when it comes to rights and obligations.

Furthermore, whichever economic agreements the UK makes post-Brexit are likely to be EU-friendly; this means having EU-standard data protection for its citizens and those of Europe. It would be a poor – and unlikely – decision for a post-Brexit UK to withdraw from international cybersecurity collaborations.

The UK’s data protection is not enough on its own. Brexit has weakened us for now, but with a collaborative strategy – private and public, international and national – Britain could keep its place as one of the world’s best locations for tech development (and keep all its personal data safe). If you want to get a head-start on your post-Brexit security tightening, ask us how we could help.