The UK wants to position itself as a highly secure place to do business after leaving the EU, but is it doing the right things to address the increasingly sophisticated threats, or do recent attacks like WannaCry demonstrate poor awareness and a lack of preparedness? That was the question posed to experts from civil society and the private sector at an event hosted at Access Partnership’s London headquarters on 19 September.
In a wide-ranging conversation our panelists addressed a number of hot-button issues, including: recent calls for increased surveillance in response to terrorist activities and the next steps for international cybersecurity cooperation following the most UN Group of Government Experts. Reflecting on the sort of cybersecurity relationships the UK may have with the EU and ENISA after Brexit, our panelists discussed the unique circumstances facing the UK and agreed that opportunities exist for continued global leadership on cyber issues. For example, the GDPR is about protecting privacy, but ultimately involves data breach reporting obligations that are closely related to cybersecurity.
The panel, led by Access Partnership’s cybersecurity public policy lead, Ryan Johnson, included Ms. Hanane Boujemi, a technology policy advisor to various United Nations agencies, and Mr. Pal Vaczi, privacy counsel at British Telecommunications plc (BT).
The panel agreed that work on voluntary industry-led standards, anticipatory guidance from relevant authorities before regulations are enforced, multi-stakeholder policy development, and collaborative information sharing frameworks are important elements of improving cybersecurity the UK. It addressed the nexus of privacy and cybersecurity, and how the two areas often interact.
Panelists remarked that companies are reluctant to share cybersecurity information, particularly related to data breaches, because of reputational and regulatory risks or duty of confidentiality. The panel agreed that sharing the relevant technical and other details by a neutral party (without disclosing the identity of the affected companies) with a selected group of stakeholders may be a good first start in building trust and collaboration.
One panelist remarked that there isn’t a mainstream culture of cybersecurity for users to understand their risks and protect themselves. Therefore, education is a critical part of continuing to improve cybersecurity. Likewise, educating businesses on how to meet existing regulations is an important role for government and regulators. As one panelist stated: “Regulation is a starting point. More help and guidance on understanding, implementing, and education on them is needed.”
Regarding the UK’s relationship with ENISA or the newly-proposed EU Cybersecurity Agency, panelists proposed that the UK should pursue full cooperation on cybersecurity, and should look beyond the EU to cooperate on cyber issues with other regions. It was noted by one panelist that the specific arrangements the UK strikes with the EU will determine the ease of collaboration.
Access Partnership, a world leader in technology public policy consulting, advises clients in industry and government on how to navigate today’s complex global regulatory and policy environment for their success. For more information about our cybersecurity practice and to find out about future events at our offices worldwide, please contact [email protected].