Integrated Risk Management
Through the application of technology and automation, we'll help you manage your risks efficiently and effectively across the entire enterprise.
Identity and Access Management
We'll help you ensure everybody within your organisation has access to the right systems and data, for the right reasons, and at the right time.
Cyber & Application Security
Our experts will uncover security weaknesses within your security design and business-critical applications. Helping you protect your organisation from both internal and external threats.
Bedrock Managed Service
Scalable support and on-demand expertise that seamlessly integrates with your existing operations.
About us
A group of passionate individuals with a shared purpose to help the world's leading companies embrace best practices for GRC and risk management.
Turnkey's strategic partner network consists of selected organisations that complement our capabilities.
Corporate Social ResponsibilityCSR
We are committed to being agents for change through our Climate Action Plan, championing diversity in our workplaces, and more.
Get in touch
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Webinars & eBooks
All of Turnkey's webinars, guides and other insights available in one place.
Read the latest insights from our experts on GRC and risk management, covering the latest industry topics.
Press Coverage
See all the publications where Turnkey, our experts and our successes have been noted.
Key events
See the key industry conferences on GRC, SAP security and risk management which we are attending.
Case Studies
Client satisfaction is of the utmost importance to us, and we strive to constantly deliver above expectations, going the extra mile at every opportunity.
22 July 2016

Brexit and the future of EU Network & Information Security directive

Brexit_egg_JPEGThe European Commission originally proposed the first EU-wide directive on Network and Information Security (NIS) alongside an associated cybersecurity strategy in 2013. The key priorities of this new cybersecurity strategy are:

  1. Achieve EU cyberresilience
  2. Reduce cybercrime in EU member states
  3. Develop a cyberdefence policy in line with the EU’s Common Security and Defence Policy (CSDP)
  4. Provide the necessary industrial and technological resources for strong cybersecurity capabilities
  5. Establish a comprehensive international cyberspace policy for all EU member states

Specific goals of the directive include improvements to cybersecurity provisions at a national level, developing powerful risk management and incident reporting systems, as well as creating a unified co-operation network across competent EU authorities. The European Parliament has adopted the directive, which is forecasted to be transposed into the laws of all EU member states by May 2018.

Following the Brexit referendum result, the extent to which the NIS directive will be implemented in the UK remains unclear. Whatever the outcome of discussions, operators of essential services as recognised by the UK government, and digital service providers with 50 employees or more, should start to prepare for the future consequences.

If the directive is transposed into UK law, organisations will need to introduce new measures to protect themselves against cybersecurity threats, and ensure the appropriate management systems are in place to report and deal with any cybersecurity incidents accordingly.

However, even if the UK government decides not to implement the directive before the UK leaves the EU, future compliance is still an important issue. Both essential service operators and digital service providers may still be liable in other EU member states. The directive will apply on an extraterritorial basis, such that digital service providers offering their services in Europe will be affected – even if those services are provided from the UK.

While these changes will be costly for organisations to put into effect, it will allow them to safeguard the trust of global customers and protect their reputation on an international level. The UK will need to prove it can still be considered to be a country with adequate data protection provisions. Consequently, the UK Data Protection Authority would be wise to encourage the UK government to comply with new EU data protection laws and cybersecurity strategy. With 10% of the UK’s 2015 GDP coming from digital service providers, this is not an issue to be ignored or underestimated.

At this point, it seems sensible to prepare your organisation thoroughly for the changes to come. Proceeding with the idea that the NIS directive will be implemented before the UK leaves the EU for good can only bolster and strengthen your cybersecurity capabilities in the long term.


Insert image