Cyber Security business in the UK – is it impacted if the UK exits from the EU?

22 February 2016

Amethyst’s Andy Heathcote investigates

One of the current ‘hot’ political topics is Will the UK leave the EU? and what will be decided at the Referendum?  There has been considerable discussion and articles for both sides of the debate, in all media, about impact on trade, business and immigration, with scare mongering from both sides.  This will only increase as the Referendum gets closer.

Within all this debate, the question that also needs to be asked is whether there will be any change in the way cyber security is undertaken in the UK and, if there is an exit, or even an amendment in the UK’s membership of the EU, will this impact cyber security practices and business?  For instance, will there be a change in UK data protection laws and will the ability to offshore and use European data storage sites (data centres or Cloud) be impacted?  The EU is due to review its next draft of the Network and Information Security directive this year and this is mirrored in the UK with debates over the new draft of the Investigatory Powers Bill.  If there is a separation from the EU will the UK:

  • Be able to take its own path on cyber security policies and information management directives?

  • Need to change its current laws on data protection etc. to meet a wider market?

  • Continue to mirror EU laws in order to be able to do business within Europe?

  • Will there be problems in undertaking cyber security investigations internationally if the UK is out of the EU?

  • Will there be an impact on hardware and software products designed and marketed from the UK?

Or will there actually be very little change as the principles of cyber security and good data management remain fundamentally the same, whichever part of the world business is completed?  Do businesses essentially want to know that their data is secure and managed appropriately or are businesses driven by Government and EU legislation in their decision making processes? 

Whatever the impact from any change to EU membership requirements or an exit from the EU, the UK cyber security business sector and businesses’ reliance on IT, and therefore good cyber security, will remain.  First principles will remain the core of cyber security; it is more likely that it will be how this is managed through management, contracts and partnerships that may change.  As ever it will be the cost of implementation against the cost (and reputational damage) of data breaches that will drive business practices.  Good cyber security support and advice will remain as valid as ever, however, it may in the future need to come with a more open and flexible understanding of the laws of pertinent countries or business partners.  The attitudes of countries and partnerships to data management and identification will subtly drive the cyber security posture; however, the below fundamental 10 steps to cyber security will remain:

  • User Awareness

  • Information Risk Management

  • Home and Mobile Working

  • Secure Configuration

  • Removable Media Controls

  • Managing User Privileges

  • Incident Management

  • Monitoring

  • Malware Protection

  • Network Security.

Amethyst can assist business in implementing these measures in a manner that is commensurate with the legislative attitude but also proportionate, appropriate and cost effective for the business; whether this is with the UK in or out of the EU.  To find out more about how Amethyst can help your business contact sales@amethystrisk.com 

Contact us for more information


<< Back to Latest News items