Cyber industry welcomes Priti Patel Computer Misuse Act review announcement

Campaigners from the cyber security industry have welcomed Home Secretary Priti Patel’s announcement today that the Government will be conducting a formal review into the Computer Misuse Act. The CyberUp Campaign, which brings together a broad coalition of supporters across the UK cyber security sector – and is backed by the Confederation of British Industry (CBI) and tech industry trade body techUK – described the move as a ‘long overdue step’.

 The Government’s review will ask academia, business, law enforcement agencies, the cyber security industry, and the private sector for their views on a series of questions about the Act, including whether current “protections in the CMA for legitimate cyber security activity provide adequate cover”.

 Research conducted by the CyberUp Campaign and techUK has found that the overwhelming majority of cyber security professionals (80 per cent) worry about breaking the law in the process of defending against cyber attacks.

 Cyber crime is a widespread problem in the UK. In the last year for which data was available, there were 3,648,000 incidents of online fraud and 976,000 incidents of computer misuse. This is a total of 4,624,000 incidents of online crime.5 A different data set reveals 32 per cent of businesses reported cyber breaches or attacks in the last 12 months, and that £4,180 is the average annual cost for businesses that lost data or assets after breaches.6

 CyberUp Campaign research also found that the Computer Misuse Act is having a stifling effect on the UK cyber security industry, with 91 per cent of cyber security businesses feeling they had been put at a competitive disadvantage relative to other countries with more progressive legal regimes. In addition, a similar number (90 per cent) indicated that a change in the law would lead to growth and productivity benefits for their organisation. When averaged across the latest figures for revenue and employment in the sector, a change in legislation would lead to an increase in revenue of £1.6 billion and 6,200 jobs.

Announcing the review at the CYBERUK 2021 conference, the Home Secretary said:

“The Computer Misuse Act has proved to be an effective piece of legislation to tackle unauthorised access to computer systems, and it has been updated a number of times to take account of the changes we now face…As part of ensuring that we have the right tools and mechanisms to detect, disrupt, and deter our adversaries, I believe now is the right time to undertake a formal review of the Computer Misuse Act. And today, I am announcing that we will be launching a call for information on the Act this year. I urge you all to provide your open and honest views to ensure our legislation and powers continue to meet the challenges posed by threats in cyber space.”

Ollie Whitehouse, CTO of NCC Group and spokesperson for the CyberUp Campaign, commented:

“We welcome the Home Secretary’s announcement that the Government have heeded our calls for a review into the Computer Misuse Act – this is a long overdue step for a piece of legislation that simply hasn’t kept pace with changes in technology.

“This law – written in 1990 – didn’t foresee the birth of the cyber security profession, and therefore leaves ethical cyber security researchers unclear as to whether or not they will be prosecuted simply for doing their jobs. The result is a chilling effect on the cyber security industry, leaving the UK less safe from cyber criminals.

“We hope the Government’s review will shine a light on these problems in short order, and will lead to sensible reforms that will keep protecting the UK from an evolving landscape of cyber threats. We look forward to contributing to the review.”

Matt Evans, Director, Markets, techUK said:

“techUK welcomes the Home Secretary’s announcement today committing to a Government review of the Computer Misuse Act 1990. Through the CyberUp Campaign industry have been calling for reform in order to better protect the UK from cyber criminals.

 techUK looks forward to engaging with Government throughout the review process on behalf of industry. Through working towards sensible reforms we can ensure that law enforcement and the UK’s flourishing cyber security sector are able to put their best forward protecting citizens and organisations alike.”