As the world awoke on the morning of June 24 to the reality of the U.K. leaving the European Union — also known as Brexit — many had questions. After all, the vote results in a lot of chaos in the boardroom, as well as ambiguity about current investments and security initiatives. There are several gray areas that will undoubtedly lead to anxiety among senior IT and security leaders.

How Will Brexit Affect Security?

Here are three key areas of business that the Brexit will impact.

1. Data Protection and Compliance

As a part of the European Union, British companies were mandated to follow the same set of security and data protection controls as their European neighbors. Companies were spending a lot of money on compliance programs to align with EU demand and reap the benefits of a single market.

But with the Brexit, there is clear ambiguity about the next course of action. Organizations are unsure if they have to align with EU laws or if Britain will come up with its own policy for the companies operating within its borders.

For example, British organizations were readying themselves to address new General Data Protection Regulation (GDPR) requirements mandated by European law. Now they are unsure if they should continue with their programs or if the British government will enact new data security and privacy laws. What will happen to the current initiatives and investments? There is no clear answer to that.

2. Cloud Hosting

Cloud hosting services will also feel the consequences of the Brexit. With Britain part of the EU, European companies were enjoying the benefits of leveraging cloud service providers based in the U.K. and vice versa. But with Brexit, it’s going to be difficult because EU law mandates hosting data in EU geographies. Cloud providers will have to go back to the drawing board and plan for future demands accordingly.

For example, Amazon Web Services (AWS) doesn’t have a data center in U.K. at present, but it has planned one. Now AWS will be challenged to speed up the commissioning of that center to serve customers within the country.

Smaller players in the industry will also be impacted. Take cloud hosting provider Datapipe, which has two data centers in Europe — in Amsterdam and Frankfurt — and was leveraging London data centers for other European clients. Now Datapipe will have to plan for additional capacity in Europe itself.

3. Skilled Labor

Britain and the EU had free access to the European markets, but that’s going to change with Brexit. I can see both U.K. and European organizations already struggling to get the required skill sets from staffers, and that will be amplified when labor laws across borders change. Organizations will be forced to spend money and time on visas and other legal requirements in addition to recruiting and training employees. It could also mean more limited opportunities for cybersecurity workers across Europe.

The road ahead looks tough. Of course, much will stem from the road map we get from British and EU authorities, but we won’t have that information for months.

more from CISO