6 Apr 2021

Editor Introduction

When the United Kingdom voted to leave the European Union, a world of uncertainty unfolded for those doing business in the UK and the EU. The referendum was passed in July 2016. Including subsequent delays, the separation was completed after four years in January 2020, with a transition period ending December 2020. Even with the deadlines past, there are still pockets of uncertainty stemming from the separation. We asked this week’s Expert Panel Roundtable: How has Brexit affected the security industry?

Paul Dodds Genetec, Inc.

While the UK’s formal separation from the EU is very recent, we have had a few years to get ready for Brexit’s impact. With offices, development and distribution centres located in the UK, and throughout the EU, Genetec has been able to ensure business as usual for our customers. Many of our enterprise customers have also been getting ready by adopting a more unified, federated approach to physical security across their facilities, and across borders. This allows them to make the most of their investments and enables them to leverage the data generated by their security system to make more informed business decisions. As questions remain about the free movement of people, many businesses are turning to technology, rather than manpower, to ensure the security of their premises. While the cybersecurity implications of Brexit are yet to be determined, we remain hopeful that Britain will continue to play a leading role in the global fight against cyber-crime.

Brad McMullen STANLEY Security

The UK’s exit from the EU has had a significant impact on many industries, including the Security Industry. The implications of Brexit are starting to become clearer to manufacturers, security dealers and customers, however, there are still practical and implementation questions that need to be answered. Here are some ways the Security Industry has been impacted:

Uncertainty. The biggest impact over the last several years is not knowing what the new rules of engagement are. Once companies know the rules and regulations, they can plan and make decisions to minimize costs, reduce risk and ensure customer success. Not knowing the changes to duties and taxes, required documentation or delays in supply, make it difficult to plan for success.

Increased Costs. It seems very unlikely that we can avoid increased costs when dealing with the UK market, including compliance costs, increased documentation and potential delays at the ports.

Compliance and Certification. Traditionally, CE has been the compliance standard for Europe, including the UK. The impact of Brexit on the UK market may require the UKCA (UK Conformity Assessed) marking to designate compliance. Further, there are still many questions regarding General Data Protection Regulation (GDPR); especially as it relates to data stored in the UK and cloud services being hosted in the UK versus the EU countries.

Any slowdown in collaboration and information sharing between national cyber-defence organisations is without a doubt going to affect each country’s ability to protect critical national infrastructure. This will filter down to the largest of corporates, such as financial services, healthcare, and defence contractors who rely on the National Cyber Security Centre (NCSC), police, and Government Communications Headquarters (GCHQ), amongst other agencies for critical pre-emptive attack information. For the wider business community, the challenge remains largely unchanged. Threat actors are international and seldom care about borders in their hunt for ransoms or sensitive data. Some organisations will be specifically targeted because of wealth or for political reasons; many are still just indiscriminate victims. The strategy, for me at least, remains the same. Understand your business, catalogue risks by probability and impact, and then construct a balanced security strategy to protect you, your business, and your customers.

We have not noticed any effect on our business within the UK since Brexit, as we ensured we had stocks of components and finished goods well before the end of the Transition period on 31st December 2020.

We have however noticed some teething issues on export shipments to EU customers. This includes some idiosyncrasies creeping in on “additional requirements” from the likes of the French Customs authorities – for example requiring a formulaic form of words on Commercial Invoices in respect of the Country-of-Origin statement. We have now put this on all our Commercial Invoices to shipments across the EU. Another example is Romanian Customs now requiring their paperwork in the Romanian language. Additionally, EU Customers of UK suppliers are also having to get used to paying additional VAT as well, which is charged by their respective tax authorities.

Phil Bindley Intercity Technology Ltd

For the security industry, Brexit is far from a done deal. The end of the transition period in December brought confusion about the steps businesses actually need to take while we wait for decisions to be made on data sharing. This confusion has the potential to create more opportunities for cyber-attacks at a time when online attacks have skyrocketed. Meanwhile, many companies have had to place security on the backburner while they deal with the immediate impact of Covid-19. Brexit has highlighted a number of key challenges the UK must address.

Membership of the EU afforded our industry collaborative and multilateral working, enabling organisations to benefit from wider intelligence to plan and mitigate against cyber threats. Whilst this collaborative approach is still to be confirmed, retaining visibility remains vital to protecting networks. The UK could also be faced with a serious security skills shortage. Much of the cybersecurity talent working in the UK is not homegrown and, as an industry, we must consider how we can redress this imbalance.

Editor Summary

Security professionals had plenty of notice before the completion of Brexit, and many were well prepared when the deadline finally came. However, questions remain, and some companies are still struggling with a range of subtleties. One result has been added costs. Another has been a more disjointed approach to cybersecurity. Unfortunately, approaching five years after the vote, there are still elements of confusion and issues to be addressed.