Post-Brexit Cyber Security: How Will the UK Maintain Resilience?

In the last three years there has been one word that has dominated the business landscape, and that word is Brexit. The outcome of Brexit still uncertain with the UK heading into a General Election campaign with a December vote. With more and more reliance on cloud technologies and sophisticated artificial intelligence, the EU modernised their outdated data protection laws in 2018. Despite this, there is still a lot of debate about how the cyber security partnership between the UK and the EU will fare in a post-Brexit world.

A Brexit Deal or a Brexit No Deal?

When it comes to business resilience there will be changes whether there is a deal or no deal. It is important that any changes do not affect the UK’s ability to defend itself against the growing cyber threat and that they help to maintain strong business and operational resilience.

In the event of a no-deal Brexit the UK is likely to lose the seat it holds on Europol’s Management Board, as well as no longer being able to have a say on the EU’s cyber security policy. Cyber security standards are also in doubt in a post-Brexit world. Although the Network and Information Systems Regulations (NIS), which is based on an EU directive was made into UK law, some aspects of it still require co-operation from the EU states. This includes the UK’s participation in the Computer Security Incident Response (CSIR) team network. How this will pan out post-Brexit will depend on the final outcome of negotiations between the UK and the EU.

In addition, a new Cyber Security Act has been proposed by the EU, although a question mark remains as to whether it will be implemented before any Brexit transition period comes to an end.

How Can Business and Operational Resilience be Maintained?

To help maintain business and operational resilience when it comes to cyber security post-Brexit, it will be more important than ever to maintain relationships with industry regulators and government bodies. These include entities such as the National Cyber Security Centre (NCSC) and GCHQ.

These entities regularly lobby government to ensure that the UK’s cyber security strategy is as robust as it can be to protect against the growing cyber threat. It will be vital for all those involved in this strategy to come together and understand how UK-based regulations can ensure business and operational resilience post-Brexit.

Organisations should also look at what data safeguarding and transfer mechanisms can still be used for personal data transfers. Privacy policies and internal files should also be reviewed to see if they need to be updated.

Final Thoughts

None of this is any guarantee that other countries will be happy to continue to share information with UK organisations post-Brexit, so it is vital that organisations do all they can to maintain business and operational resilience. By being as prepared as possible this will mitigate any problems that might arise once the UK exits the European Union.

At Fortress, we believe that having a strong business and operational resilience plan is essential to the continuity of any business.

Please click here to contact us today to book a tour of our facilities.