The CyberUp Campaign, advocating for urgent reform of the outdated Computer Misuse Act of 1990, has launched a new survey to gather insights from security professionals and researchers on the impact of the 34-year-old law on their work.
Arguing that the CMA is severely outdated, CyberUp highlights that it was established shortly after the inception of the worldwide web by Sir Tim Berners-Lee. They express concerns that certain clauses in the law regarding unauthorized access to computer systems could potentially criminalize legitimate security professionals and ethical hackers who are trying to defend organizations.
The campaign was initiated in early 2020, prior to the Covid-19 pandemic, urging Prime Minister Boris Johnson to address these issues. By May 2021, their efforts led to commitments from the then Home Secretary Priti Patel to initiate a consultation. However, progress on this matter was halted due to political distractions, and by 2023, with new leadership in place, the campaign had not made significant advancements.
The survey, expected to take around 10 minutes to complete, aims to provide the new Labour government with updated evidence to support changes to the law. The campaigners believe that with the recent introduction of the Cyber Security and Resilience Bill, there is an opportunity to update the CMA to align with the current cybersecurity landscape.
Representatives from top cybersecurity firms like WithSecure, McAfee, NCC Group, and Trend Micro support the CyberUp campaign, along with accreditation bodies Crest and techUK. Previous studies by the group have shown a consensus within the industry regarding the need for reform.
Findings suggest that the CMA has had a negative impact on the effectiveness of cybersecurity professionals in the UK, hindering the country’s competitive advantage in the global market. Economic losses and talent drain are also cited as consequences of the current law.
The campaign believes that with a revised legal framework that supports legitimate cybersecurity activities while appropriately penalizing malicious threats, the UK’s cyber resilience could significantly improve, leading to greater benefits for the sector and the country as a whole.