Cyber & Information Security Experts share their thoughts on what Brexit means for the industry

Following the news this morning that Britain has decided to leave the European Union, @DFMag obtained the following comments from industry experts;

Richard Patterson, director of is greatly concerned about the risks to online privacy this exposes:

“With the announcement this morning that the UK has decided to leave the EU, it could spell bad news for privacy.  The Investigatory Powers Bill, or Snooper’s Charter as it’s more aptly dubbed, is imminent pending a review in the House of Lords.  This would enable ‘bulk hacking’ of communications on a large scale from GCHQ on whole towns, for instance.  Without the checks and balances that the EU Courts provide, an important role in overruling over zealous government laws which could erode privacy is taken away and there is a real danger that privacy as we know it will hang in the balance. 

“A recent OnePoll survey carried out on behalf of found that almost half of the population was unsure about the effect Brexit would have on their privacy.  The erosion of privacy rights issue may have slipped through the backdoor while everyone was focusing on immigration and spending.  But if privacy is something that concerns you, now is the time to make it known to your Local MP and push back to protect your civil liberties.”

Dietrich Benjes, VP of strategic accounts and alliances EMEA at Varonis comments;

“The UK has been the biggest single market for tech in the EU, so many tech companies have their EU HQ’s here or at least a very strong presence. Now that the UK has voted out, the economic ramifications are already being felt and will carry on being felt regardless of the sector.  However, I think there is a very strong and compelling case to remain and further invest in the UK. It’s now down to the government to engage with business and communicate the strength of that case. As long as companies in the UK continue to do business with those in the EU, and they will, then GDPR will still need to be addressed. And regardless of the regulation, the impetus for it – the need to ensure that sensitive information, personal information is secure – remains.”

Green, technical specialist at Varonis, adds: 

“UK voters have decided to escape the EU,  so that means they’ll be free of the GDPR, right? Not really. As many observers have pointed out, the GDPR applies even to companies or “data controllers” outside the EU. This is the extra-territoriality nature of this data law (see article 3). So if UK-based web sites collect personal data from, say, a Dutch or French person, the GDPR still applies!  And for UK companies with subsidiaries (and therefore data controllers) within the EU, and which try to get out of the GDPR by outsourcing processing to the UK, the GDPR, ag.ain, would still apply.  

Why? Under the GDPR, the UK would have to be an “approved country” (with adequate data protection) in order for EU personal data to be transferred out of the  zone. In other words, the UK local data laws would have to be up to snuff and at the same level as the GDPR.

UK companies doing business in the UK, collecting only personal data of UK citizens, will be covered by the current Data Protection Act, which is basically the EU Data Protection Directive (DPD), the law of land in the EU now.  The UK’s local data laws are and will likely be in the future close to the current GDPR. In short, large UK-based multinationals will still have to deal directly with the GDPR, and local UK companies will be under a GDPR-like local data law.”

Aftab Afzal, SVP & GM EMEA at NSFOCUS IB commented: 

“Brexit will have impact on the industry as a whole. However it is too early to speculate on this being positive or negative. The coming weeks and months will be a telling time.  Cyber security is a global challenge and not EU specific.  With the vote being so close, the unrest will translate into some increased cyber attacks and organisations at the forefront should take extra caution.  As many cyber security vendors report dollar revenues, currency market volatility could see some prices increased. 

I do not foresee any big changes short term in cross border collaboration in cyber security.  Longer term, the vendors with global research teams who contribute to intelligence communities will play a bigger role in cooperation, as cyber security has always been a global issue.

GDPR is just one of many compliance drivers that ensure sensitive and personal data is handled with care. Compliance is born from best practices and when or if the UK mandates a new data policy, the main tenants of GDPR will no doubt be considered as the Government has to ensure the public safety, both physically and virtually.”

Simon Crosby, CTO and co-founder commented: 

“The incredible technical talent in the UK just became a lot cheaper for foreign countries to hire. Sadly, they will suffer as their standard of living drops, and their opportunity to live and work in other countries in Europe is restricted. Ultimately, I expect many of them to leave the UK permanently for countries that will pay what they are worth, such as the USA. 

There is another longer term worry: Over a third of research funding for universities in the UK comes from the EU. In the absence of new funding from the UK government, there will be a huge impact on university’s ability to deliver highly skilled tech workers to the UK economy.”