As 2024 draws to a close, we are celebrating a year of significant progress in our call for an urgent update to the UK’s outdated Computer Misuse Act 1990 (CMA). From shaping key legislative debates to expanding our engagement with both industry and Parliament, we’ve made great strides towards modernising the UK’s cyber laws. Here’s a look at six pivotal moments that defined our year:

On Wednesday afternoon, several peers spoke in support of Lord Holmes’s amendment to the Data (Use and Access) Bill proposing to update the Computer Misuse Act with a statutory defence to allow cybersecurity professionals to defend themselves from prosecution for legitimate cyber defensive activities.

In an exciting update, an amendment to the Data (Use and Access) Bill has been tabled by Lord Holmes proposing to update the CMA and introduce ‘a statutory defence’. This is a key ask of the CyberUp Campaign. The amendment will hopefully be raised at Grand Committee Stage on Monday 16th December.

Yesterday, the CyberUp Campaign hosted an expert-led drop-in event in Parliament. Our event focused on briefing parliamentarians on why updating the outdated Computer Misuse Act must be a priority for the new Government and why these much-needed updates to our cybersecurity laws will enhance sector growth and better equip the UK to tackle 21st century cybersecurity challenges impacting all areas of society.

The CyberUp Campaign hosted a virtual briefing event to update industry partners and professionals from within the sector on the progress of the campaign to update the Computer Misuse Act (1990).

Our parliamentary activity over the course of the last year has brought not insignificant successes, including securing amendments to the Criminal Justice Bill to include an update to the Computer Misuse Act from the then Labour shadow front bench and positive engagement with civil servants involved in the issue.

We urgently need your input on our survey to present decision-makers in the new Government with clear, up-to-date and indisputable evidence of how the Computer Misuse Act impacts cyber security researchers, professionals and businesses in the UK, so they are convinced of the necessity of this update.

The introduction of the Cyber Security and Resilience Bill in today's King's Speech – the first time ‘cyber security’ has been mentioned in the title of primary legislation – will be key to keeping the UK safe from rising cyberattacks, bringing the UK’s cyber regime in line with the EU’s Network and Information Systems Directive (NIS2) requirements in several ways.

Last week, the CyberUp Campaign hosted an expert-led drop-in event in the House of Lords in partnership with Lord Clement Jones, a long-time supporter of the CyberUp Campaign.

Representatives of the UK’s cyber security sector and the CyberUp Campaign have reacted to the worrying findings of the Government’s Cyber Security Breaches Survey, published today, with the report showing 50% of businesses and 32% of charities suffered a cyber breach or attack in the last year.

In an exciting update, an amendment to the Criminal Justice Bill has been tabled today on reform to the CMA and the introduction of ‘a statutory defence’.

As we come to the end of 2023, the CyberUp Campaign is reflecting on what has been a busy year for the Campaign.

The CyberUp Campaign launches its new cyber security industry survey report, which has found there is a widespread “chilling effect” on the UK’s cyber defenders.

The CyberUp Campaign reacts to today’s Autumn Statement.

The final push: all we need is 15 minutes of your time to help the UK government understand the impact of the Computer Misuse Act on the cyber security community.

As the CyberUp Campaign continues to call for urgent reform of the Computer Misuse Act in the UK, we have been looking towards international examples of recent updates to cyber crime legislation that should act as models for the UK to consider, because they better reflect the realities of the 21st century cyber defensive industry, and clearly acknowledge the importance of legal protections for the individuals that operate within it.

The CyberUp Campaign has welcomed the Government’s commitment to introducing a statutory defence as part of expected reform of the outdated Computer Misuse Act 1990 (CMA).

Today, the Government published its response to a review of the Computer Misuse Act 1990 (CMA) which concluded in spring 2021.

A new piece of work by the CyberUp Campaign released today establishes the current expert consensus of what should constitute legitimate cyber security activity under a reformed UK Computer Misuse Act.

The US Department of Justice (DoJ) recently produced guidance for prosecutors as to when to prosecute instances of potential breaches of the Computer Fraud and Abuse Act (CFAA).

Today, the Government released its legislative programme for the next parliamentary session via the Queen’s Speech in Parliament. Disappointingly for us as the CyberUp Campaign, it didn’t include any commitment to reform the Computer Misuse Act.