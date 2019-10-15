Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

Analyst Urges UK CISOs to Act on Brexit

A leading analyst firm has warned British CISOs to focus on three key areas to mitigate the potential fallout from the UK’s departure from the European Union.

Whether the UK strikes a withdrawal agreement with the EU or not, security bosses must carefully consider action to maintain unhindered international data flows, and manage potential staffing and regulatory challenges, according to Forrester senior analyst, Paul McKay.

He warned that a no-deal Brexit would invalidate current equivalence between the UK and EU’s data protection regimes, putting up barriers to seamless data transfers.

“We recommend that CISOs and DPOs start looking into alternative means now for guaranteeing the legal basis for their international data flows between the UK and EU,” he urged. “This can either be through model clauses or a binding corporate rules program, for example, which are already widely used for transfers outside of the EU.”

CISOs should also work hard to provide reassurance and support for any EU citizens on the staff roster, some of whom may need help with applications to remain in the country. More challenging still will be recruitment.

“Restrictions on the numbers of EU citizens entering the UK and vice versa are generally expected, so review your operating model carefully to mitigate the impact that restrictions on freedom of movement could bring to your security organization structure and headcount deployment,” said McKay.

“In addition, consider the implications for business travel for any service providers and staff supporting you from outside of your main headquarters locations.”

Finally, there are the requirements from EU laws PSD2, GDPR and NIS Directive to report breaches to the relevant authorities. McKay urged UK CISOs to review and update reporting lines as regulatory relationships change, as well as to update incident response plans and any supporting operational processes.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Microsoft and NIST Team Up on Patching Guide

2
News

#SecTorCa: Millions of Phones Leaking Information Via Tor

3
News

Stolen Cloud API Key to Blame for Imperva Breach

4
News

Tactics of Supply-Chain Attack Group Exposed

5
News

Pitney Bowes and Groupe M6 Hit By Ransomware

6
News

Thoma Bravo to Buy Sophos Group for $3.8bn

1
News

#ISWUK: Trust Erosion Preventing Business Transformation

2
News

Ex-TalkTalk Security Leader to Take on Firm in Unequal Pay Dispute

3
Interview

Interview: Rafe Pilling, Senior Security Researcher, Secureworks

4
News

Analyst Urges UK CISOs to Act on Brexit

5
News

Pitney Bowes and Groupe M6 Hit By Ransomware

6
Opinion

We’ve Been Breached! What Do You Want From Us?

1
Webinar

#HowTo Improve Security & Efficiency for Your File Transfers

2
Webinar

The Persistence of Ransomware, New Variants & Better Tactics to Defend & Defeat

3
Webinar

Mobile Access: Best Practices for a Modern Security Approach

4
Webinar

Mitigating the Spear-Phishing Attack Threat

5
Webinar

Are You At Risk? Know Your Cybersecurity Posture With Security Ratings

6
Webinar

Preventing Email Data Breaches: A Modern Approach

1
Interview

Interview: Shlomi Gian, CEO, CybeReady

2
Blog

Signal From Noise: How to Win Customers and Influence CISOs

3
Opinion

Thinking Outside the National Vulnerability Database Box

4
Blog

Security by Sector: Two in Five Real Estate Pros Say Industry is Unprepared for Cyber-Attacks

5
Webinar

Mobile Access: Best Practices for a Modern Security Approach

6
News Feature

EternalGlue: Using NotPetya as a Testing Tool