Skip to main content

What Brexit means for the cybersecurity industry

By July 29, 2016No Comments


Eskenzi PR is a niche international PR agency that specialises in cybersecurity. We’ve been around for just over 20 years and up until a couple of weeks ago our market place was booming – the Israelis and American’s were investing heavily in the UK and using us as their first port of call to expand into Europe.  Our business follows that trend with our offices in the UK, Germany, France and the US.

The Tech City UK survey results on how the UK technology sector is feeling about its future after the referendum vote to leave the EU seemed largely negative, so we were keen to know whether Brexit would have a detrimental effect on our so far strong and robust security industry, which saw growth during the recession and has sped forward in the past 5 years with extreme vigour and success.  We asked a number of leading cybersecurity analysts and vendors who have years of experience to their names and survived many recessions to hear their views on Brexit. The general feeling was actually more positive than one might have thought.

Scott Crawford, a senior analyst with 451 group said that companies with a global reach wouldn’t be so affected but that hiring would become more difficult. “If companies have a global appeal or global market reach, the impact of Brexit should not be a factor, and possibly negligible.  However, it is to be expected that UK companies will have more limited access to markets, opportunities and personnel on the European continent.  The greatest challenge to security organisations is to find and retain qualified and experienced security personnel. If UK companies are limited in their access to that talent, they could face constraints in innovation and product or service development. UK technology vendors in particular may need to step up their efforts to expand their global access to such talent, which could mean taking on expansion of product development, engineering and R&D facilities and resources into geographies beyond Europe to meet demand.”

This sentiment was mirrored by another leading and respected cybersecurity analyst Derek Brink from Aberdeen Group who said “For US based vendors in the information security space – the UK has always been a favoured base for expanding marketing and sales into Europe, because of factors like workforce, language, the UK market itself, and easy access to prospective buyers on the continent.”

We have heard a lot of interest in Amsterdam as a destination for those wishing to get out, but Brink thinks that Ireland could help fill the gap in terms of personnel post-Brexit. “Ireland as a place to use as a first port of call into Europe instead of the UK has the workforce, language, and easy access to prospective buyers on the continent.  Germany too has the workforce, the German market, and easy access to prospective buyers on the continent.

Brink concluded that where the UK was the strongest option in Europe, it now doesn’t tick all boxes. “The UK used to have a clear advantage – ticking the boxes in 4 out of 4 categories. Post-Brexit, no country ticks all 4 boxes, so it definitely complicates the decision, for high-tech vendors who are just at the point of deciding where to invest.”

By contrast, Phil Lieberman, a successful businessman who runs Lieberman Software, sells into US government and has a growing presence in Europe. He feels very strongly that leaving the EU can only have a positive effect on the UK in the long run. He said “The general feeling of many US technology vendors, especially in security, has been to find the EU and the UK a very difficult place to do business due to EU regulations that make the environment hostile to US based companies (and to EU technology companies too).  In the last 20 years the EU has become a technological backwater in security and innovation as a result of the EU regulations and generally hostile environment toward businesses (especially US based businesses).  Look at the constant stream of fines and lawsuits against US based companies with innovative technology and business models that are being punished to preserve the status quo in the EU.

Lieberman believes that leaving the EU will make Britain a ‘friendlier’ place to do business, with less regulation. “The removal of the EU bullying regulations could make the UK a friendlier place for US companies (and others) to do business and to invest in.  We have been reducing our investment in the EU and UK with each and every new data protection regulation and potential fine for failure to comply with what are regulations based in a fantasy world created by the EU.  With Brexit we are seriously considering increasing our investments in the UK as it becomes are friendlier place to do business.”

So, this could mean that the UK Government should seriously look at making the UK a more attractive place to do business, becoming a safe haven for companies to store their data with less draconian laws – allowing stronger encryption and more incentives for innovation.  Being free from European rules and regulations should, in theory, mean that the UK could rival Silicon Valley for cybersecurity and indeed technology generally.

Lieberman also believes that it’s a great move for his business. “This change will bring the UK to the forefront of cybersecurity and technology, since the EU’s mission has been to destroy these businesses, especially if they are not home grown in the EU (few if any could sprout and survive under the EU regime). “ Echoing Scott Crawford’s sentiment, Lieberman is also concedes that the lack of talent is a concern. “We are already overstretched and under serviced, with very few people already skilled and experienced in cybersecurity matters and how to stop them.  This will definitely effect them.”

“If the objective is serving the larger, single European market, access to European talent, or if issue such as data sovereignty mean the need to develop resources in EU member states, then use, I would expect EU-member states to be preferred. If however the opportunity is global, and the UK is where the companies or the talent can be found to meet a global need – or if the target opportunity is primarily UK-oriented, then Brexit’s impact should be less.”

Michael Callahan, CMO Firemon agreed with Lieberman on Brexit having a positive effect on the industry, saying “This will drive additional revenue in the security industry because the uncertainty will open risks as companies try and separate or implement new systems as a result of pulling out of the EU. So, good for the industry but bad for companies’ own security posture.”

Callahan also made the point that “a cheap pound makes investing in the UK very attractive.” This is true for nearly all our clients who are based in the US – which is the vast majority. For those based there, I do not anticipate they will make any changes in the short term. In the technology space, the UK is the first market that they enter and I don’t think in that regard that being part of the EU makes any difference to them at all. The negative side will be seen if the UK does not adhere to EU regulations – for example, the GDPR. If they do not rewrite the UK version of the data protection directive, there could be a danger that the UK’s data protection legislation is deemed as being inadequate. If that is so, special arrangements will have to be make by firms based in the UK to process data on EU citizens. That would be a disaster for businesses in the UK.

In essence, cybercrime and hackers in general don’t care about borders – it’s all about where the money is. Brexit or no Brexit, the cybersecurity will continue to flourish as long as hackers can find rich pickings!

By Yvonne Eskenzi