In an open letter to the incoming Prime Minister Liz Truss, businesses, trade bodies, NGOs, and lawyers from across the UK cyber security industry have called for reform of the 30-year-old law governing cybercrime in the UK. They write under the umbrella of the CyberUp Campaign, which describes the UK’s Computer Misuse Act as outdated. They write:
We are a coalition of industry leaders writing to ask that your Government reform the Computer Misuse Act 1990 to include a statutory defence, so that the UK’s ethical cyber security professionals can contribute to defending the UK from cyber threats, free from the fear of prosecution.
As you will be aware, last year the Home Office conducted a review of the effectiveness of the Act. We understand from Freedom of Information requests that 66pcof those who responded to the review expressed concerns over the lack of protections in the Act for legitimate cyber activity.
More than a year on, the Home Office have not yet responded to the views collected in that consultation exercise.
This is an incredibly pressing issue. The 2022 DCMS cyber security breaches survey found that 39pc of businesses reported a cyber security breach or attack. Extrapolating those figures to the UK’s business population as a whole, last year, 2.3 million businesses were a victim of a computer misuse offence.
You will of course be all too aware of the increased cyber threat posed by our adversaries not least following Russia’s invasion of Ukraine. We believe this strengthens the case for prioritising efforts to reform the Computer Misuse Act to include a statutory defence. As you assume responsibility for this new administration, we urge you to put this important step towards improving the whole-of-society approach to cyber – as envisaged by the National Cyber Strategy set out in late 2021 – at the top of your Government’s agenda.
Moreover, you lead a Government that is already investing millions of pounds to foster a constructive business environment for technology companies. Given this, it would seem remiss not to take the opportunity of this revenue-neutral step towards doing just that. A statutory defence in the Computer Misuse Act would mark the UK out in having a world-leading cybercrime regime and foster investment in what is already a high-growth sector. Taking this step now would assist with further embedding standards in the cyber security sector, by driving membership of the UK Cyber Security Council, a key pillar of the Department for Digital, Culture, Media and Sport’s blueprint for the industry’s thriving future.
The cyber security sector is ready to play our role in the security of the nation to the fullest of our abilities – if only the Government will allow us to by including a statutory defence in the Computer Misuse Act.
Yours sincerely,
Steve Leighton, Chair, Internet Services Providers’ Association (ISPA UK)
Jean-Christophe Le Toquin, President, Cyber Advisors Network (CyAN)
Ciaran Martin CB, former CEO, National Cyber Security Centre (NCSC)
Dame Janet Trotter, CEO, Cyber Trust
Bob Nowill, Executive Chair, UK Cyber Security Challenge
Charles Whyte, Founding Director, Cyber Scheme
Ollie Whitehouse, Chief Technology Officer, NCC Group
Don Smith, Vice President Threat Research, SecureWorks
Rob Dartnall, CEO, Security Alliance
Oliver Church, CEO, Orpheus Cyber
Simon Whittaker, CEO, Vertical Structure
Danny Rigby, Managing Director, Modux Ltd
Stijn Jans, Founder and CEO, Intigriti
Paul Cronin, Partner, Root Shell Security
James Loureiro, CEO, Interrupt Labs
Andrew Henderson, Secretariat to the APPG on Cyber Security
Graham Cluley, cyber security expert and commentator
Michael Thompson, Information Security Manager, Zen Internet
Professor John Child, Birmingham Law School, Director of Criminal Law Reform Now Network (CLRNN)
Dr Audrey Guinchard, Senior Lecturer of Law, University of Essex,
Rob Dyke, security consultant and campaigner.
Visit www.cyberupcampaign.com.
