The CyberUp Campaign has complained that yesterday’s King’s Speech was a missed opportunity to reform to the UK’s outdated Computer Misuse Act, which came into force in 1990.
Campaigners wish to see updated and upgraded cyber crime legislation to protect UK national security and promote international competitiveness. Visit www.cyberupcampaign.com.
Rob Dartnall, CEO of SecAlliance, Chair of CREST UK is a representative of the CyberUp Campaign. He said: “The reality is that in the war against cybercrime, our professionals’ hands are tied by out of date laws. Surely now, with nearly eight million cyber attacks taking place since the Government’s original commitment to reforming cyber security legislation, the urgency should be there to make this a political priority and give us the tools to protect the country from online threats. It is almost certain that more timely reform could have helped prevent a good proportion of these threats which have had huge consequences for our businesses and charities. Every day that passes without reform leaves people exposed to even more rapidly growing threats.
“A reformed Act will unleash the full potential of the UK cyber security industry, who are frustrated by current legislation, which leaves our country dangerously exposed. We urge Government to lay out a clear timetable for the next steps for reform, which positively reflect industry’s support for professional safeguards. As the future of our security landscape grows increasingly uncertain, we must ensure our cyber professionals are equipped with the necessary tools to stay ahead of hostile threat actors and cyber criminals.”
Campaigners say that they want a new law to take account of the motivations of ethical cyber security people, enabling them to operate free from the fear of prosecution that restrains them. The CyberUp Campaign is hosting a drop-in event in Parliament to make their case to MPs and peers.
In May 2021, the then Home Secretary Priti Patel initially announced a review into the Computer Misuse Act.
Meanwhile, Dan Morgan, Senior Government Affairs Director, Europe &and APAC at SecurityScorecard, contrasted the European Union’s proactive stance in cyber legislation and the introduction of its NIS2 and CRA directives, and the UK that lacks a cohesive legislative counterpart despite commendable efforts from the National Cyber Security Centre (NCSC).
He said: “The Science, Innovation and Technology Committee’s recent inquiry into the cyber-resilience of the UK’s CNI is a step forward. This inquiry will examine the UK’s trajectory towards meeting resilience goals by 2025, the requisite support for the CNI sector to attain these objectives, and initiatives to enhance the security of computer hardware architecture.
SecurityScorecard takes this opportunity to urge the Committee to advocate for comprehensive legislative action. For SecurityScorecard the absence of standardised cyber risk measurements has perpetuated a security trust deficit, with regulations and standards varying significantly across different sectors and nations. This inconsistency has led to a patchwork of security measures, leaving critical infrastructures exposed to cyber threats.The company also notes that point-in-time assessments of cyber risk are insufficient in the face of ever-evolving threats. They argue for the adoption of cyber risk ratings to enhance visibility across the critical infrastructure sector and government agencies.”
