We all know that the vote to leave the European Union on 23rd June 2016 is going to have wide reaching effects on the United Kingdom and Europe as a whole, from finance to immigration. Before the referendum vote, there were widespread concerns amongst fraud and cyber-security experts that a decision to leave the EU could cause an increase in online fraud. Concerns were mainly related to worries about the lack of cooperation between the EU and UK, increase in fraud from non-EU countries and the potential widening of the cyber-security skills gap because of restrictions in EU immigration. However, there were also many who thought these concerns were grounded in panic rather than truth.
Recent research revealed some concerns amongst businesses about the effects Brexit may have on fraud in the UK, including the beliefs that a potential lack of communication between the UK and the rest of Europe (50 percent) and “increased trade with non-EU countries” (46 percent) would make fraud harder to tackle. What's more, over one in five (28 percent) believe the threat of fraud will be heightened following the UK's decision to leave the EU. But is this really the case?
Since Article 50 was triggered on 29th March 2017, the debate around the impact of Brexit on fraud in the UK has continued, however it looks like the impact may not be as catastrophic as the findings first implied.
Continued UK/EU cooperation against fraud
One of the key concerns amongst cyber-security professionals is reduced information sharing. However, in her speech outlining the government's Brexit plan in January 2017, one of the points that Theresa May highlighted was that the UK would continue to “co-operate with the EU in the fight against crime and terrorism”. In addition, the Government's recently released White Paper on Brexit highlights their continued commitment to cooperation on “cyber-security with our European and global allies”. This paper indicates that, providing negotiations go smoothly, not only will reduced information sharing not be a significant problem but we will also attempt to grow our capabilities in fighting cyber-threats.
After Brexit, it is likely that the information-sharing arrangements agreed between governmental agencies will be replaced by bi-lateral and multi-lateral arrangements which would mirror the current agreements. Problems could arise, however, if the EU laws and regulations that protect businesses and individuals are not replaced by similar laws. One such regulation is the Network and Information Security Directive (NISD), the first EU-wide rule on cyber-security aimed at achieving a high common level of network and information security across the European Union.
Another concern is that there will be less cooperation between the UK's National Crime Agency (NCA) and Europol. Some experts believe this is unlikely because of the NCA's direct access to Britain's intelligence agency GCHQ and the indirect access to the NSA via GCHQ. For many, the belief is that the UK is too valuable to be excluded from cooperation around cyber-security and fraud prevention.
Increase in fraud from non-EU countries
As well as concern that there will be a reduction in information sharing between the UK and the EU, 46 percent of fraud and risk professionals are worried that fraud would increase because of increased in trade with non-EU countries. However, since the government will discuss and implement new agreements and procedures, including with the non-EU countries it will be trading with, this should help mitigate the potential increased threat. During the Obama presidency, for example, the UK and US agreed to “bolster efforts to enhance the cyber-security of critical infrastructure in both countries”, and that agreement will likely continue and be enhanced after Brexit. By ensuring that new agreements and regulations are in place, the government can help reduce the threat of increased fraud from outside the European Union.
Immigration and the skills gap – a major concern
One of the key aims of the Vote Leave campaign was to reduce immigration into the UK by removing the freedom to travel, guaranteed under the EU Schengen Agreement. It is currently unclear what the consequences for EU residents will be now that Article 50 has been triggered. However, there are widespread fears that it will put a greater strain on the UK's recruitment of cyber-security professionals, as Europe is a key source of talent for technology businesses in the UK because of the digital skills gap.
Seeing as the cyber-security profession was already added to the UK skills shortage register in 2015, a key consideration has to be ensuring that any change in EU immigration does not exacerbate the current skills crisis.
There is no reason why Brexit should increase the threat of fraud for businesses if they continue assessing and investing in their fraud protection strategies. Doing this will ensure that they Brexit-proof their businesses to mitigate the potential negative impacts of the leaving the EU. The cyber-security threat is a global one so businesses should be focusing on safeguarding themselves from both within and outside the EU. A key part of this is continued cooperation with both EU and non-EU countries to fight cyber-crime on multiple fronts.
Contributed by John Cannon, commercial director – fraud & ID, Callcredit Information Group
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.