• United States



UK Editor

CREST throws support behind CyberUp campaign to reform UK’s Computer Misuse Act

Jan 17, 20233 mins
GovernmentThreat and Vulnerability Management

The CyberUp campaign is calling for the UK’s Computer Misuse Act (CMA) to be reformed to allow greater vulnerability and cyberthreat intelligence research.

cloud security / data protection / encryption / security transition
Credit: Metamorworks / Getty Images

International cybersecurity membership body CREST has become an official supporter of the CyberUp campaign, an initiative pushing for reform of the UK’s Computer Misuse Act (CMA). Established in 1990, the CMA is the foundational law that governs cybercrime in the UK. However, campaigners say it is outdated and needs reforming to better reflect the modern cybersecurity landscape. Having made the case for reform in Parliament and the media since 2019, the CyberUp campaign secured a comprehensive Home Office review of the legislation in 2021, the first in the Act’s 32 years’ history. The consultation findings have not yet been published.

CMA prevents, criminalises vulnerability, cyberthreat intelligence research

In its current form, the CMA prevents and criminalises a large proportion of vulnerability and cyberthreat intelligence research that UK cybersecurity professionals can carry out, reads the CyberUp campaign website. “The CMA criminalises individuals who attempt to access or modify data on a computer without authorisation. This often involves cyberattacks like malware or ransomware attacks which seek to disrupt services, obtain information illegally or extort individuals or businesses,” it added. “Cybersecurity is one of the most advanced and rapidly developing sectors in the world, yet the UK is still allowing cybercrime to be governed by laws passed when less than 0.5% of the population used the internet.”

The cybersecurity industry works closely with law enforcement and intelligence agencies to defend the UK against rising cybercrime and geo-political threat actors, but that collaboration is hampered by the CMA’s current shortcomings, CyberUp stated.

“CREST has supported and admired the efforts of the CyberUp Campaign since its inception, so it is great to make this support official,” commented Rob Dartnall, chair of CREST’s UK Council. “The CMA is out of date and its view of security testing and threat intelligence is not fit for today’s increasingly digitised world with ever growing and more sophisticated cyberthreats. We will be working with the campaign to help engage industry and drive forward successful reform.”

CMA reform will deliver significant benefits to UK cybersecurity sector

CyberUp campaigners say reform of the CMA will bring about notable benefits for the UK’s cybersecurity industry. “A reformed CMA will strengthen the essential building blocks needed to be a leading democratic and responsible global cyber power – an ambition the UK Government set out in the Integrated Review and reiterated in the National Cyber Strategy 2022,” a statement on the CyberUp website reads.

Reform would put the UK on a level footing with global competitors and drive growth, creating an estimated £1.8 billion additional annual sector revenue, and 7,000 new jobs, CyberUp argued. “The restrictions put in place by the CMA put the brakes on what has the potential to be one of the biggest growth areas in the UK’s burgeoning tech sector.”

UK Editor

Michael Hill is the UK editor of CSO Online. He has spent the past 8 years covering various aspects of the cybersecurity industry, with particular interest in the ever-evolving role of the human-related elements of information security. A keen storyteller with a passion for the publishing process, he enjoys working creatively to produce media that has the biggest possible impact on the audience.

More from this author