UK Government announces formal review of the Computer Misuse Act

The Computer Misuse Act (CMA), originally enacted in 1990, has become increasingly outdated and unfit for the 21st Century as our physical and cyber worlds have evolved exponentially.

In its current form, the legislation restricts UK cyber security professionals, researchers and companies across the industry from carrying out crucial vulnerability research and threat intelligence work that would help to better protect the most critical parts of our society.

However, yesterday was a landmark day for the legislation, with Home Secretary Priti Patel announcing at the CYBERUK 2021 conference that a formal review of the CMA will be carried out.

The CyberUp campaign has been a driving force behind calls for urgent reform of the outdated law, which has been supported by cyber security firms – including NCC Group – academics, legal experts, industry groups, and politicians.

Ollie Whitehouse, global CTO at NCC Group commented: “We welcome the Home Secretary’s announcement that the government has heeded our calls for a review into the Computer Misuse Act. This is a long overdue step for a piece of legislation that simply hasn’t kept pace with changes in technology and the threat landscape."

Katharina Sommer, head of public affairs at NCC Group said: “The support the CyberUp campaign has received over the years has been incredible, and this has, no doubt, played a part in getting the issue of the UK’s outdated cyber crime legislation important airtime. There is much work to be done to ensure the review follows through and real change is made, but for now we’re pleased that this is firmly on the political agenda.”

Lord Chris Holmes, a supporter of the CyberUp campaign, added: “The cyber threat landscape is rapidly shifting, and policy in the UK and around the world needs to keep pace with this. The Computer Misuse Act is one example of legislation that is out of date, and it would be remiss to ignore the calls for reform and a greater focus on access to crucial security research and threat intelligence. I’m pleased to hear that the CyberUp campaign has achieved this recognition and that a formal review is now underway.”