An overwhelming majority (97%) of senior security professionals say that they hold concerns for the security of UK businesses following the country’s departure from the European Union (EU), particularly in the wake of heightened awareness of cyber attacks backed by nation-states.
Six years after the divisive vote, and 18 months after Boris Johnson’s Conservative government elected to push through a hard Brexit in the midst of a global pandemic, CISOs responding to a survey conducted by CyberArk said they were worried Brexit was lowering standards for cyber security in the UK, lessening insight into emerging threats, and raising carriers to effective intelligence sharing between Britain and its erstwhile partners.
It was divergence in cyber security regulations that was cited as the major contributing factor to these worries, with 39% saying they were concerned the UK was becoming an easier target for global threats.
A similar proportion (32%) felt that inconsistent security legislation between the UK and the EU was becoming a concern, especially in light of government plans to significantly alter the UK General Data Protection Regulation (GDPR), which currently remains in-line with its EU-developed “parent”.
“CEOs need to be able to provide clear direction and make good decisions based on an often-fragmented pool of information,” said CyberArk EMEA senior vice-president, Rich Turner.
“Cyber security is an area that is increasingly strategic, underpinning the success of every digital initiative that organisations undertake. Greater, shared understanding of the threats that can undermine these initiatives is therefore crucial.
“Cyber security works best when it is a team game. The more that nations globally – not just the UK and our EU partners – collaborate, the more resilient we are to cyber threats.”
Other findings from the survey included discrepancies in the attitudes of UK and EU organisations around security investment strategies, with 60% of EU-based respondents in France, Germany, Italy and Spain saying they would prioritise funding from the EU’s National Recovery and Resilience Plan to bolster their security postures – a source that clearly does not exist for British CISOs.
CyberArk noted that although the UK’s National Cyber Strategy made some bold commitments, it contained no specific investment initiatives.
CyberArk said that when it comes to the UK’s security, elevating cyber within overall business strategies is becoming essential to navigating the current threat landscape, and keeping organisations secure.
In this regard the research did contain encouraging signs that UK decision-makers are stepping up, with 90% saying they had appointed an executive to run security incident planning and decision-making, and 63% saying they had “accelerated” security initiatives in the past 12 months.
However, wrote the report’s authors, prioritising collaboration with the UK’s neighbours in the EU could further bolster our collective ability to secure against cyber attack.