Follow NCC Group Newsroom

The only way is (Cyber)Up: bringing the UK’s cyber crime laws into the 21st Century

News   •   Jan 22, 2020 10:13 GMT

Shutterstock: Royalty-free stock illustration ID: 1383126782

The Criminal Law Reform Now Network (CLRNN) has launched an independent report, which calls for an urgent reform of the Computer Misuse Act (CMA) 1990, the legislation that effectively governs the UK’s cyber security industry today. 

Brought together by academics, practitioners, legal experts and industry professionals, the report highlights how the 30-year-old legislation is compromising the UK’s cyber resilience.

NCC Group, alongside other industry specialists, acted as expert editors for the report and will be supporting its parliamentary launch in the House of Commons.

Recommendations put forward by the CLRNN include:

  • A range of measures to better tailor existing offences in line with the UK's international obligations and other modern legal systems, including new corporate offences.
  •  New public interest defences to untie the hands of cyber threat intelligence professionals, academics and journalists, to provide better protections against cyber-attacks and misuse while ensuring consistency with overlapping offences within the Data Protection Act 2018.
  • The creation of new sentencing guidelines and details of their formation and function.

In its current form, the Act threatens critical national infrastructure by preventing cyber security professionals from carrying out vital threat intelligence research, as well as restricting journalists and academics from researching cyber threats in the public interest.

This report signals the next step in the CyberUp campaign to reform the CMA, which is backed by a number of industry leaders. This includes NCC Group, as well as Orpheus Cyber, Context Information Security, Nettitude, techUK, CREST, F-Secure, and Digital Shadows. 

Commenting on the report, Ollie Whitehouse, global CTO at NCC Group and spokesperson for the CyberUp campaign said: “This report shines a welcome light on the UK’s outdated cyber security crime laws, which leave the cyber industry tackling one of the biggest threats facing our national security within a regime drawn up 30 years ago – when less than 0.5% of the world’s population had access to the internet.

“The government needs to take urgent action by updating and upgrading the Computer Misuse Act, so our nation’s cyber defenders no longer have to act with one hand tied behind their backs, paralysed by the fear of being prosecuted for doing their jobs.

“In today’s uncertain international climate, the ability of cyber criminals and geo-political threat actors to disrupt our technology systems will only continue to grow. We must seize the opportunity to develop 21st century rules to allow the industry to flourish and make the country safer and more secure.”

Download the report here and join the CyberUp campaign to Update our laws, Upgrade our defences and Upskill our protectors.