The United Kingdom’s historic decision to vote for ‘Brexit’ has heralded an era of huge uncertainty. Over 70% of UK voters turned out to decide on the question of Brexit – Britain’s future membership of the European Union (EU), in a referendum that resulted in a 51.9% majority in favour of leaving the EU. Whilst the true extent of this decision remains unforeseen, Brexit has caused many to speculate on what this means not just for the UK, but also for the rest of the international community. Inevitably, the political debates and questions will continue to rage for the foreseeable future, but it is more imperative now than ever that companies look to equip themselves for our brave new world. This includes the fight against Cybercrime. Regardless of Brexit, Cyber Security must still remain a top priority for Governments, businesses and individuals alike.
During the referendum campaign, some argued that Britain leaving the EU may mean the UK is able to ‘opt out’ of the upcoming General Data Protection Regulation (GDPR), which will see harmonisation between EU Member States of current local data protection laws. However, data protection will need to remain a key priority post-Brexit as, under law, UK companies will still have to be compliant with global protection laws such as the GDPR, if they process data, or collect personal data, from data subject’s with EU citizenship. Additionally, for UK companies with subsidiaries (and data controllers) within the EU, the data protection rules will still apply. This means companies need to be investing and preparing themselves now if they still want to be in business with the EU when the new regulations take effect in May 2018.
Britain’s future in Europe will also have minimal impact on compliance-driven industry-related standards and regulations, which govern the way which organisation’s collect, process and look after information. Standards such as the Payment Card Industry Data Security Standard (PCI DSS) – which ensures a minimum level of security protection for all entities that store, process, or transmit cardholder data, will continue to regulate the relevant industries, regardless of the outcome of the referendum. This compliance-based standard will therefore ensure that UK plc has a baseline level of good practices which companies must abide by, in order to enter and operate within the industry sector. Therefore, it is clear that industry recognised good practices around protecting the confidentiality, integrity and availability of information will not be eroded due to the politics of Brexit – these are here to stay.
Furthermore, Cyber Security should not fall down the Board’s agenda post-Brexit; risk management and good governance are inherent in any Cyber Security Strategy and providing business enablement. International standards which cut across all sectors and industries, such as ISO/IEC 27001, regarding Information Security Management, introduce key risk management concepts to businesses, including the need for risk treatment plans. For example, ISO 27001 also sets out mandatory controls in a variety of areas including physical and environmental security and asset management. Implementing relevant industry standards will ensure that organisation’s continue to apply and are able to demonstrate information security best practices against a baseline of internationally accepted standards.
In terms of negotiating trade agreements and the implications of ongoing ‘churn’ in financial markets, as the current 5th largest global economy, UK plc must maintain its ambition as “one of the most secure places in the world to do business