An unintended consequence of Brexit is that the UK may be left even less prepared for cyber attack and cyber warfare without a proper Cyber Task Force.
International Cyber Task Force President Paul Dwyer spoke to The Irish Times:
“There are concerns from the business and cybersecurity communities about the implications Brexit will have on existing cybersecurity, privacy and data-protection laws.
Many Irish and UK businesses don’t want to bet on the negotiations between the EU and the UK going well.
The awareness among these businesses of the threats posed by cyber criminals is growing rapidly. The overwhelming array of sophisticated cyber attack techniques and the sheer amount of cyber-criminals combined with a potential legal impotency post-Brexit is a real concern for many businesses.
What we need is for Ireland to take the lead on this and work with the UK to establish a joint cyber task force to deal with these issues post-Brexit.”
Leaving Irish and UK Businesses Wide Open to Attack
British businesses, in particular, are poorly prepared for cyber attack right now. Lockton, a large global broker, has some interesting findings in their Cyber Security Report 2017:
- Only half of the surveyed businesses recognize that they could lose customers as a result of a cyber attack.
- Recovery from a cyber attack can take months or years.
- Despite that, businesses underestimate how long it would take for them to recover from a cyber attack. Only 2% of surveyed British businesses think a security breach could affect their operations for more than ten days, about 50% think they'd be fully operational in less than 48 hours.
- 27% of staff are unaware of who they are supposed to contact if they suspect a security breach.
- Only 26% of surveyed British businesses involve the head of PR or communications in their cyber attack incident response planning. But cyber attacks can cause tremendous reputational damage - just ask Equifax!
A press release on August 21 from the British government also highlights how ill-prepared British industry is for cyber attack. Britain's 350 largest companies were surveyed. Some of the findings published on Gov.uk include:
- A mere 6% of surveyed organizations are sufficiently prepared for Britain's new data protection rules.
- 68% of board members have not been trained in how to deal with cyber attack.
- About 10% of organizations operate without a cyber incident response plan of some sort.
- Charities are just as susceptible to cyber attack as for-profit businesses are.
- 43% of businesses still lack a clear understanding of the impact of a cyber attack.
So assuming that Brexit is finalized, Great Britain and Northern Ireland will urgently need their own cybersecurity agency to replace functions that the EU has previously served for them.