As the world awoke on the morning of June 24 to the reality of the U.K. leaving the European Union — also known as Brexit — many had questions. After all, the vote results in a lot of chaos in the boardroom, as well as ambiguity about current investments and security initiatives. There are several gray areas that will undoubtedly lead to anxiety among senior IT and security leaders.

How Will Brexit Affect Security?

Here are three key areas of business that the Brexit will impact.

1. Data Protection and Compliance

As a part of the European Union, British companies were mandated to follow the same set of security and data protection controls as their European neighbors. Companies were spending a lot of money on compliance programs to align with EU demand and reap the benefits of a single market.

But with the Brexit, there is clear ambiguity about the next course of action. Organizations are unsure if they have to align with EU laws or if Britain will come up with its own policy for the companies operating within its borders.

For example, British organizations were readying themselves to address new General Data Protection Regulation (GDPR) requirements mandated by European law. Now they are unsure if they should continue with their programs or if the British government will enact new data security and privacy laws. What will happen to the current initiatives and investments? There is no clear answer to that.

2. Cloud Hosting

Cloud hosting services will also feel the consequences of the Brexit. With Britain part of the EU, European companies were enjoying the benefits of leveraging cloud service providers based in the U.K. and vice versa. But with Brexit, it’s going to be difficult because EU law mandates hosting data in EU geographies. Cloud providers will have to go back to the drawing board and plan for future demands accordingly.

For example, Amazon Web Services (AWS) doesn’t have a data center in U.K. at present, but it has planned one. Now AWS will be challenged to speed up the commissioning of that center to serve customers within the country.

Smaller players in the industry will also be impacted. Take cloud hosting provider Datapipe, which has two data centers in Europe — in Amsterdam and Frankfurt — and was leveraging London data centers for other European clients. Now Datapipe will have to plan for additional capacity in Europe itself.

3. Skilled Labor

Britain and the EU had free access to the European markets, but that’s going to change with Brexit. I can see both U.K. and European organizations already struggling to get the required skill sets from staffers, and that will be amplified when labor laws across borders change. Organizations will be forced to spend money and time on visas and other legal requirements in addition to recruiting and training employees. It could also mean more limited opportunities for cybersecurity workers across Europe.

The road ahead looks tough. Of course, much will stem from the road map we get from British and EU authorities, but we won’t have that information for months.

More from CISO

Emotional Blowback: Dealing With Post-Incident Stress

Cyberattacks are on the rise as adversaries find new ways of creating chaos and increasing profits. Attacks evolve constantly and often involve real-world consequences. The growing criminal Software-as-a-Service enterprise puts ready-made tools in the hands of threat actors who can use them against the software supply chain and other critical systems. And then there's the threat of nation-state attacks, with major incidents reported every month and no sign of them slowing. Amidst these growing concerns, cybersecurity professionals continue to report…

Moving at the Speed of Business — Challenging Our Assumptions About Cybersecurity

The traditional narrative for cybersecurity has been about limited visibility and operational constraints — not business opportunities. These conversations are grounded in various assumptions, such as limited budgets, scarce resources, skills being at a premium, the attack surface growing, and increased complexity. For years, conventional thinking has been that cybersecurity costs a lot, takes a long time, and is more of a cost center than an enabler of growth. In our upcoming paper, Prosper in the Cyber Economy, published by…

Reporting Healthcare Cyber Incidents Under New CIRCIA Rules

Numerous high-profile cybersecurity events in recent years, such as the Colonial Pipeline and SolarWinds attacks, spurred the US government to implement new legislation. In response to the growing threat, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) in March 2022.While the law has passed, many healthcare organizations remain uncertain about how it will directly affect them. If your organization has questions about what steps to take and what the law means for your processes,…

Charles Henderson’s Cybersecurity Awareness Month Content Roundup

In some parts of the world during October, we have Halloween, which conjures the specter of imagined monsters lurking in the dark. Simultaneously, October is Cybersecurity Awareness Month, which evokes the specter of threats lurking behind our screens. Bombarded with horror stories about data breaches, ransomware, and malware, everyone’s suddenly in the latest cybersecurity trends and data, and the intricacies of their organization’s incident response plan. What does all this fear and uncertainty stem from? It’s the unknowns. Who might…