Britain's European Union referendum polling day is here and it has the tech industry worried, particularly cybersecurity firms. While the voters' decision to either remain or leave the EU is to be confirmed, the cybersecurity industry in the UK is deeply concerned and largely do not favour a Brexit, just like the tech industry in the UK as a whole.
London's technology sector has openly spoken out against the possibility of a Brexit with an overwhelming opposition against Britain exiting the EU, according to a survey of members of Tech London Advocates. The survey, which was conducted among 3,000 senior members of the capital's tech scene, showed that 87% opposed Brexit amid fears of being unable to attract European customers, attract talent from overseas, and gain cooperation from overseas companies.
Under the IT and tech industry umbrella comes the relatively new but pivotal cybersecurity industry. The community in the UK is relatively compact but fairly inclusive.
The industry actively recruits its staff, especially for R&D (Research and Development) from both within the UK as well as from Europe and elsewhere. Ease of movement between the UK and other EU states is key to security researchers, both for professional as well as private purposes.
IBTimes UK spoke to some cybersecurity firms operating in the UK in efforts to understand how Brexit may affect the industry and consequently the security of UK businesses.
Impact on workforce a talent crunch for R&D
Currently, Europe is an important source of talent for the UK which has been experiencing nothing short of a skills crisis in technology. A recent study conducted by the Science and Technology Committee and presented to the House of Commons highlights the alarming lack of "digital skills" among people in Britain.
This dearth of skilled tech labour compels cybersecurity firms to seek labour from other EU as well as non-EU countries. A Brexit could result in these companies operating in the UK engaging in a mass exodus to return to the EU fold. Removing a flow of talent and expertise from Europe could deprive UK tech companies of an essential ingredient for sustained growth. Additionally, given that Britain's tech scene - especially in London - is quite multicultural, start-up founders worry that leaving the European Union will make it much harder to hire the best employees.
Brian Spector, CEO of Miracl, a cybersecurity firm based and operating in UK in this regard says, "The UK has a well-documented shortage of tech talent that means it simply cannot compete globally without tapping into highly-skilled overseas workers. Splitting away from Europe would make it even more difficult for UK tech firms to compete with the US tech giants, because their talent pool would be so much larger than ours. To cut ourselves off from the rest of Europe therefore does nothing to protect the UK's reputation as being open for business."
Lastline on the other hand is an American cybersecurity firm, but has an established branch in the UK. They are of the opinion that while the firm's sales channels are unlikely to be affected, there is a possibility that "unforeseen issues" may impact the firm's equipment shipping process.
"Our R&D department in Shoreditch, London, comprises of developers from several different EU nations – including Italy, Finland and Germany. These guys live and work in London and travel around Europe for research purposes – as well as to return home to visit family. There is an obvious concern post-Brexit that the rules might change regarding their ability to stay in the UK and or travel freely around Europe. We will have to wait and see if these concerns are founded or not and will of course support our team to remain employed and productive," says Jamie Moles, security consultant for Lastline.
The firm adds that if a Brexit was to take place, they have solid connections with Academic organisations and Universities throughout Europe and the US to resolve their workforce issues. This indicates that cyber-security companies like Lastline, that have so far had a smooth ride in the UK, may start building a stronger base in other European nations, if they perceive the talent shortage and the cost of operation are mounting.
Escalating cost of operations
A considerable number of cyber-security firms currently in the UK fall under the start-up category given the basic capital required for setting up shop is comparatively lower than a traditional hardware or equipment-based tech company. Experts have warned that if a Brexit took place, the operations for UK start-ups may become more expensive, depending on what new laws they have to abide by.
"We are a distributed organisation with employees based throughout Europe, and the prospect of having to apply for visas and fight our way through reams of red tape to access the highly-skilled workforce that's essential to our business, could really slow us down. The UK start-up scene is fast and furious, and to disconnect it from the rest of Europe would be a backwards step," says Brian Spector.
How Brexit will affect cyber-security data sharing
Brexit could also impact data and privacy laws in the country, with the very real possibility of laws undergoing changes, which may in return affect citizens' privacy and security. EU laws have been traditionally designed to create a "digital single market" and they could take a particularly big hit should the UK leave. For example, data sharing "safe harbor" agreements across EU countries — like the EU-United States which was invalidated earlier this year — might not apply to the UK.
The way data is handled in Britain has so far been modelled on European regulation, with the GDPR (General Data Protection Regulation), a new EU-wide regulatory regime, scheduled to come into force in 2018. If Britain leaves the EU, an air of uncertainty is prevalent, on whether it will simply choose to adopt a regulatory framework for data that mirrors the GDPR - or create a radical new framework of its own.
Highlighting the issue, Spector says, "The right to privacy is a highly developed area of law in Europe. If Britain were to leave the EU, and its extensive human rights legislation, it's likely to make it easier for future governments to access our data as and when they choose. This could mean that any software made by a British company could soon be perceived to be facilitating government spying on its customers' data."
Threat of cyberattacks post Brexit?
Yet another scenario which could impact cybersecurity, is that cybercriminals may be induced to increase focus on conducting cyberattacks on the UK by capitalising on prospective bureaucratic loopholes, which may leave businesses vulnerable to such attacks. This concern was echoed by security information service provider Comparitech.com.
"When you combine the fact that those in the know say the UK would become more vulnerable to cyberattacks with a reduction in privacy, the data protection landscape in the UK could become a completely different beast," Richard Patterson, director of Comparitech.com told IBTimes UK.
"We could end up in a situation where British citizens have far less protections than their EU counterparts from their own government's intrusions on one hand and on the other, subject to more cyber-crime."
A study by AlienVault earlier this week showed that almost 40% of IT security professionals believed leaving the EU would make the UK more vulnerable to cyberattacks. Moles is of the opinion however, that this would largely depend on how regulations are shaped up.
"The increase in vulnerability from cyberattacks depends entirely on whether EU laws and regulations that protect businesses and individuals are stopped from being enforced in the UK. Criminals will always look to take advantage of weaknesses in the system and the 'easy mark' to make a quick, low-risk profit," he says.