Mind the Brexit gap in cyber security
.jpg)
There has long been a strong partnership between the UK and Europe in cyber security. With the outcome of Brexit still uncertain, there is much debate about how these links will be maintained in the future.
There will clearly be changes, not least that the UK is set to lose its seat on Europol’s management board and will no longer be able to shape European Union (EU) cyber security policy and regulation. However, there are many areas where it is still unclear what will change, so organisations will need to make sure they are aware of new developments, understand the implications for their business and respond quickly.
Cyber security standards
One area in doubt is the level to which EU cyber-related standards will continue to apply in the UK. For example, while the Network and Information Systems Regulations (NIS), which is based on an EU directive, has now been put into law in the UK, some aspects of it require cross-EU cooperation, such as the participation in a Computer Security Incident Response (CSIR) team network. The nature of this cooperation will depend on the final deal between the UK and the EU.
The E-Privacy Regulation, which replaces the Privacy and Electronic Communications Regulations (PECR), has yet to come into force, but may do so later this year and will have a one-year implementation period. Whether it will be implemented is likely to depend on a Brexit deal.
The EU has also proposed a new Cyber Security Act, but it is unlikely to be implemented before any transition period, although not being part of it could affect future information sharing between the UK and the EU. The real challenge is that if there is no deal, the UK may become a so-called third country, and this could raise concerns about UK standards which could have implications for UK organisations holding EU-related data.
Flow of personal data
The UK government has taken some action to address these uncertainties, including the recent ratification of Convention 108+, an agreement on robust data protection principles and rules signed by 25 other countries – 19 from Europe and six from the rest of the world.
This convention lets the signatory states share data, providing they implement its principles, which are aligned to the General Data Protection Regulation (GDPR). Although this does not remove the Brexit uncertainty, it will lessen the impact of a no-deal scenario and help to enable the continued flow of personal data.
Despite this move, organisations, especially those that trade in information between the UK and the EU, will need to take action to minimise any cyber security issues when trading with the EU and other countries.
That should include continued monitoring of new cyber-related laws and regulations in other countries and a process for assessing whether there is a business need to meet these new requirements, rather than just the local UK-based ones, such as Cyber Essentials.
This should be supplemented by a review of the organisation’s cyber security standards to ensure that it is not locked out of important markets. This may well mean adopting even more stringent or different controls relating to cyber security than we have today or in the future to ensure the business can continue to trade.
Good cyber security practice should remain a priority, including deploying an adequate proactive threat intelligence service to monitor the potential for increased cyber attacks. It is possible that malicious actors could look to exploit a disorderly exit and look for loopholes in current systems or use uncertainty and inconsistency in the cyber security laws between the UK and Europe to find new ways to attack systems.
International rules
Good relationships with regulators and government bodies, such as the National Cyber Security Centre (NCSC), will also be more important than ever. It will be vital for all those involved to work together to understand how UK-based regulations can be aligned and recognised under other international cyber security standards.
Finally, there are some practical steps that organisations need to take in relation to data transfers. They should review which third-country data transfer safeguard mechanisms can be used for personal data transfers to the EU, such as standard contractual clauses and binding corporate rules.
They also need to review their privacy notices, information and internal documentation to identify any details that will need updating when the UK leaves the EU. In addition, they should liaise with data protection authorities in all the EU countries of operation to ensure they comply with their local specifications.
Of course, all of this is no guarantee that the rest of the world will be happy to continue to share information with UK organisations, but careful monitoring and proactive adoption of cyber security standards is the best way to navigate through the uncertainties of the post-Brexit world.
source computerweekly
Industry: Cyber Security News
Latest Jobs
-
- Technical Pre Sales Cybersecurity Consultant. Healthcare
- England
- N/A
-
Technical Pre Sales Cybersecurity Consultant UK Remote | Healthcare Focus Overview We are seeking an experienced Technical Pre Sales Cybersecurity Consultant to support healthcare organisations by delivering advisory, solution design, and security uplift services. This role focuses on improving security outcomes, addressing operational challenges, and enabling informed technology decisions across complex and regulated environments. The position blends technical pre sales expertise with a consultative approach, working closely with clinical, technical, and commercial stakeholders to shape effective cybersecurity solutions. The individual must be able to achieve UK Security Clearance. Key Responsibilities Provide technical pre sales support across cybersecurity solutions and services for healthcare organisations Engage stakeholders to understand security challenges, risks, and operational pain points Deliver advisory guidance and recommendations to strengthen security posture and resilience Translate customer requirements into clear, outcome focused technical and commercial solution designs Act as a trusted technical advisor throughout the sales and early delivery lifecycle Produce clear technical documentation, recommendations, and customer facing materials suitable for regulated environments Collaborate closely with sales, delivery, and technical teams to align solutions with customer needs Experience and Skills Proven experience in technical pre sales or cybersecurity consultancy Experience working within healthcare or other highly regulated sectors Broad knowledge of cybersecurity technologies, managed services, and risk based approaches Strong communication skills with the ability to engage both technical and non technical stakeholders Confident operating in a client facing, consultative role UK based role with remote working Occasional travel for customer engagement as required
-
- Contract Technical Pre Sales Cyber Security Healthcare. SC clearance needed
- England
- Outside IR35
-
Contract Technical Pre Sales Cyber Security Healthcare Outside IR35 Contract | UK Remote | Healthcare Focus Existing SC clearance is required. Overview Seeking an experienced Technical Pre Sales Cybersecurity Consultant is required to deliver advisory and uplift services across complex healthcare organisations. This Outside IR35 contract operates on a consultancy basis, focused on improving security outcomes, addressing operational pain points, and supporting informed Cyber Security decisions. The role combines deep technical pre sales capability with consultative advisory delivery, working across clinical, technical, and commercial stakeholders to shape effective and proportionate cybersecurity solutions. Responsibilities Provide technical pre sales consultancy across cybersecurity solutions and services within healthcare environments Engage senior stakeholders to understand security challenges, risks, and operational pain points Deliver advisory guidance and uplift recommendations to improve security posture, resilience, and maturity Translate healthcare requirements into clear, outcome focused technical and commercial propositions Act as a trusted technical advisor throughout the pre sales and early engagement lifecycle Produce concise technical documentation, recommendations, and advisory outputs suitable for regulated healthcare settings Experience Strong background in technical pre sales or cybersecurity consultancy Experience working with healthcare or other highly regulated environments Broad understanding of cybersecurity technologies, managed services, and risk based security approaches Ability to communicate complex technical concepts to both technical and non technical audiences Comfortable operating independently in a client facing advisory role
-
- London Sales Manager, Key Clients. Security. Immediate
- London
- N/A
-
London Sales Manager, Key Clients A senior sales leadership role within the cyber security services and technology market, focused on account development and revenue growth across key clients. You will lead a sales team with responsibility for customer retention, increasing share of wallet and maintaining a strong commercial pipeline. The role works closely with technical, delivery and marketing teams, as well as technology partners. Key focus Lead and coach a field based sales team Own forecasting, pipeline quality and revenue delivery Drive renewals and account development Expand customer investment across services and solutions Build relationships with vendors and partners Background Proven experience managing enterprise sales teams Consistent performance against revenue targets Cyber or IT security sales leadership experience Exposure to Palo Alto, Check Point, Microsoft, etc Commercially focused with a structured sales approach A role for a sales leader focused on long term client value and sustainable growth.
-
- Outside IR35 Functional tester - London - Security Cleared
- London
- Outside IR35
-
Outside IR35 Functional tester - London - Security Cleared Willing to undergo DV Clearance 3 days a week onsite. (London) We are looking for a Functional Test Specialist to support a complex technology programme where accuracy and delivery assurance matter. Key Focus Validate application behaviour and run functional test scenarios Identify risk, defects, and delivery issues early Define practical test approaches and environment needs Produce automated checks where appropriate Work closely with technical teams to agree acceptance criteria Report clearly on outcomes, defects, and risks Experience Needed Strong Microsoft stack exposure Experience supporting server or infrastructure migrations Solid functional testing background Comfortable working remotely onsite (London 3 days a week) Linux or container exposure Jira / Wiki Restricted or isolated environments A hands on role for someone who values clarity, ownership, and quality.