Brexit security threat

How Brexit could worsen the skills crisis in cybersecurity

Writer, Immigration Advice Service

Author Bio ▼

Nicholas Marin writes for the Immigration Advice Service, an organisation of UK Immigration Solicitors who distribute legal advice on Brexit and immigration-related matters.
February 8, 2019


State of Physical Access Trend Report 2024

Characterised by ignorance and an unwillingness to listen, the Brexit debate has become an issue of contention for most industries.

This is especially worrying for cybersecurity, an industry accustomed to silence – one that looms over an enquiry into the future and how to prepare for it.

The UK is putting in groundwork around cybersecurity characterised by international collaboration and seamless connectivity. But this is being upheaved by Westminster’s failure to consult with professional bodies about an issue dogging the industry: the widening skill gap.

It’s crucial that we know how our leaving the EU might amplify the problem further. How will our diverse, migrant workforce cope with immigration changes and what will our local talent initiatives do to ensure that workforce gaps are quickly filled.

Our ability to attract workers from the EU and maintain our existing workforce is under threat – let alone growing that workforce. So what has been done to deal with the skill shortage in the UK?

One example is the ‘Initial Cyber Security Skills Strategy’, a series of programmes aiming to educate and incentivise young people to develop cyber-based skillsets.

Alarming implications

This is a commendable initiative, but it isn’t enough. Europe will face a skills gap of 350,000 by 2022, while the UK currently has vacancy rates varying between 20%-30%. This has alarming implications for the UK’s security.

Cultivating local talent is commendable but this takes time and is not guaranteed to be enough. New talent has declined with a 16.6% fall in the number of students sitting a computing-related topic in the UK.

It is evident that the government is still in the early stages of any talent development scheme, but the UK can’t wait. We need workers now.

Laura Jones, a senior cyber intelligence analyst at Barclays, has said: “Cybersecurity is already suffering from a skills shortage, making it difficult to find qualified candidates.”

Many businesses have relied on free movement to respond quickly to any skill shortage

Many businesses have relied on free movement to respond quickly to any skill shortage. Replenishing the talent pool is vital given the fast-evolving nature of cybersecurity threats. We have created a dependence on this talent pool, a reality we can’t ignore.

Whether we restrict the workforce with red tape or a hostile environment, the consequences will be keenly felt. The Office of Budget Responsibility has estimated that the UK will lose a staggering 50% of its EU national workforce after Brexit.

The Data Protection Act 2018 and GDPR, both of which came into force last year, can strengthen data security by imposing punitive penalties on those who flout data privacy laws. However, organisations will struggle to comply if they cannot attract appropriately skilled professionals.

One of Theresa May’s negotiating ‘red lines’ is the obvious empowerment of the ‘hostile environment’ migrant strategy: an approach to migration control that denies legal migrants with skills the capacity to continue living as they once have.

The government’s immigration white paper seeks to define the meaning of ‘skill’ by salary alone. A ‘high-skill’ migrant must earn more than £30,000 to have their visa considered, alienating entry-level workers.

Many of these migrant workers are EU citizens who have been offered restricted recourse options. The Sponsor Licence application is one of the few remaining options left for employers to ensure that their current EU staff can continue to work in the UK.

Departure from Europol

Immigration issues aren’t the only issue exacerbated by Brexit. Our departure from Europol also jeopardizes our security. Given our defence strategy has been defined by ongoing collaboration, the loss of cross-border investigation and threat detection will greatly impair any attempt at intelligence collaboration.

The alternative, even worse outcome is the no-deal scenario, which has left any solution to the aforementioned issues undefined and in many cases impossible. This is nowhere truer than our defence systems and cyber regulation alignments.

Cyber-attacks, which could cripple critical infrastructure like banks, railways and telecommunications, aren’t an ignorable threat.

A precedent has already been set by the WannaCry cyber-attack of May 2017, which caused widespread disruption to the NHS, with more than a third of NHS trusts affected. Five accident and emergency departments had to divert patients to different branches as the software they relied on was rendered useless. The cyber-attack cancelled almost 20,000 hospital appointments and operations and cost the NHS an estimated £19m.

The WannaCry episode is an example of what happens when a government does not invest sufficiently cybersecurity.

What can the UK government do to ensure we can respond to another attack post-Brexit? It needs to maintain humility and acknowledge all the benefits collaboration can offer. Rather than pursuing unrealistic notions of independence, we must aim to maintain our connection with international bodies and talents.

Attacking our current capacity to do so via cuts to immigration and regulatory alignments is not a solution. And we crash out of the EU without a deal on 29 March at great peril to our nation’s security.

Related Topics

Notify of
Inline Feedbacks
View all comments