Brexit Uncertainity and Resulting Cybersecurity Concerns

By: Andy Harcup | 7/9/2019

Will it be deal or no-deal? With Theresa May no longer officially the Prime Minister and the race to name her next successer in full swing, British exit (Brexit) deal negotiations have been called further into question while the successor is sought. The previous European Parliament election results further complicated the matter, with both the far-right and liberal parties gaining ground, shaking up the traditional system.

The biggest question surrounding the next phase of changes we are seeing is whether the UK will leave the European Union with an agreement designed to minimise economic disruption and create a beneficial agreement or will they step out with a no-departure pact?

Securing the necessary votes in the House of Commons will require concesssions from the EU around some areas of the deal, and a potential compromise on elements of the backstop agreement with MPs.  The clock is ticking and the next Prime Minister, whatever their political stance on the issue, will have a huge task on their hands.

Since UK citizens voted to withdraw from the EU in 2016, Brexit details have been a delicate and complicated dialogue. The resulting fragmented international architecture could have far-reaching impact on business relations, information flow, regulatory standards and of course, cyber-security concerns with many businesses concerned about what this means for their future.

Information sharing

One early concern surrounding Brexit and cybersecurity practices is information sharing, or lack thereof, among intelligence organisations in the UK and the EU. Particularly in the case of a no-deal Brexit, could and would European countries continue to work together efficiently to fight cyberattacks? In the absence of timely information sharing and a cooperative response, cyber-criminals — who regularly sell exploit kits and vulnerability details with other hackers — are at a distinct advantage. That leaves everyone vulnerable to a breach and opens up a problem that doesn’t necessarily need to exist.


While sharing threat intelligence is a real concern, so is GDPR compliance. The new legislation around data protection is only just finding its feet within Europe and Brexit is set to affect this. Both the UK government and the GDPR’s enforcement arm, the Information Commissioner’s Office (ICO) maintain the one-year-old data protection regulation will remain law in the UK post-Brexit.

The challenge, however, is that GDPR contains provisions prohibiting the transfer of personal data to ‘third countries’ outside the EU that do not ensure adequate protection. Post-Brexit, the UK could become a ‘third country’. In this scenario, EU Member states would not be able to transfer personal information to the UK unless an appropriate data transfer solution is in place.

With so many unknown factors around Brexit, most organisations are moving forward with the better-safe-than-sorry principle when it comes to complying with GDPR which is ultimately what we need to see. Smarter security, including heightened visibility over your growing number of endpoints and formalised data breach notification procedures are but two ways they are staying audit-ready.

Whilst many have feared the heafty fines the ICO have set (Up to €10 million, or two percent annual global turnover – whichever is greater or up to €20 million, or four percent of annual global turnover – whichever is greater depending on the seriousness of the breach) we have only now seen an organisation in the UK hit by GDPR, with yesterdays BA fine of £183 million.

Earlier French data protection authority CNIL issued Google a €50m fine for violating GDPR transparency rules and failing to have a legal basis for processing user data in advertising.

Adapting to change

The international business climate can be tenuous at the best of times. It often seems as if there is little we can do about sweeping global change but adapt to it. Continuous endpoint device compliance can be achieved with active compliance checks, sensitive data discovery, and automated workflows to restore protections.

Whilst the road ahead may be complex, ensuring the highest standards of data security across borders and within businesses is paramount. Whatever the final outcome of Brexit, companies need to have the highest standards of data security in place, at all times.

This article was originally published in SC Magazine UK.

Learn more about how Absolute helps organizations comply with GDPR on our website.


Financial Services