The World Economic Forum (WEF) published a study called “Regional Risks for Doing Business 2018” declaring that the threat of a cyber attack is the most dangerous risk to UK businesses. In fact from a list of 30 risks to businesses over a 10 year period, cyber attacks were position 1.
And that feeling of a cyber attack bringing down your business is still something that keeps business owners awake at night and that is set to continue with the looming end to securing a Brexit deal.
Continued uncertainty about the economic impact of Brexit and the prospect of Britain leaving the EU with a no deal means that company owners are even more distracted and preoccupied with financial worries and political fear. What happens then is that cyber security prevention methods become lapse and that is when a cyber attack occurs.
The thought of going through another NHS-like cyber attack sends chills down the spines of business owners and that was at a time where the UK had cooperation from the EU in terms of intelligence. And it was still a catastrophe even then. But with Brexit, the intelligence and law enforcement agreements with the EU will end and the UK will have to put a new security treaty in place from the end of the transition period on January 1st 2021.
So what might the UK going to lose in terms of cyber security protection as a result of Brexit?
1. The UK could lose a significant percentage of its access to EU institutions, operational cooperation and capacities, as well as cyber threat intelligence.
2. Law enforcement cooperation with Europol could be severely threatened which would cause a serious exposure if Europol is not part of the new security treaty post Brexit. Europol is an inter-European agency that provides operational support for complicated and in-depth cyber crimes across the EU. Without the assistance from Europol, the UK could be isolated and at risk to another NHS-like ransomware attack without sufficient warning signs or help from external cyber support parties.
3. Even though the UK has adopted the EU’s General Data Privacy Regulation (GDPR), it will not be part of or be privy to any further insight or amendments from proven experience, results and cyber threat situations from the collective EU member states. The UK will therefore have to work solely with our own internal agencies within GCHQ to improve and strengthen the regulations and we will be alone to enhance the rules around data protection without external ratification or cooperation. And that also includes the Network and Information Systems Directive (NIS), another EU policy to increase cyber threat security to improve business continuity on infrastructure that the UK adopted in May 2018 at the same time as GDPR.
Now we can’t just worry about every cyber security scenario that hasn’t happened yet and there is of course an element of “keep calm and carry on”. However, with the increasing steps towards 5G networks, smart cities and millions more IoT devices and used by comsumers and businesses logging onto private and public wide area networks, companies cannot afford to lose their focus on cyber security, not even with Brexit fears.
Ensuring that your business is still tight on cyber security, cyber policies, cyber procedures, employee permissions and data held as a whole, together with complying with GDPR and Cyber Essentials security principles alike, will keep businesses foundationally strong throughout the turbulent final Brexit negotiations and into the start of 2019.