CyberUp Campaign launches new industry survey report on ‘chilling effect’ of CMA reform
Today, the CyberUp Campaign has released the findings of their cyber security industry survey report, which has found there is a widespread “chilling effect” on the UK’s cyber defenders. The new analysis by the CyberUp Campaign shows 16,850 cyber security professionals may have been lost to countries with more permissive cyber laws because of the UK’s thirty-year-old law governing cybercrime in the UK, the equivalent to losing two GCHQs worth of talent. The Campaign estimates this has had a stifling effect on the whole sector, resulting in revenue losses of around £3 billion. The Campaign urges the Government to recognise the risk of inaction and expedite progress on reform.
The survey’s key findings highlight the “chilling effect” on the UK cyber security industry:
60% of respondents believed that the Computer Misuse Act acts as a barrier to their work across areas of threat intelligence and security vulnerability research, which are both key types of research to preventing cyber attacks, especially from foreign state actors.
80% of respondents believed that the UK was at a competitive disadvantage due to the Computer Misuse Act.
34% found it extremely or very difficult to compete with non-UK firms and 30% reported losing contracts or customers to non-UK firms due to activities deemed illegal under the Act, potentially resulting in significant economic losses.
An estimated 16,850 UK cyber defenders have been lost to countries with more permissive cyber laws. There are in total 7,181 GCHQ employees across the UK.
594 out of 1,979 UK active cyber security firms may have experienced an economic loss as a result of the Computer Misuse Act, putting at risk up to £3 billion out of the total £10.5 billion revenue generated by the entire sector.
Based on responses the CyberUp Campaign estimates that with a fit-for-purpose regime, the cyber resilience benefits delivered by the UK cyber industry would be at least three times as significant.
Respondents state that the “lack of clarity in UK law” is a major concern and many “do not feel confident” undertaking work currently which could help protect vital UK infrastructure. The findings come as the Home Office continues to consider how reform of the CMA could work in practice, more than two years on from the Government’s announcement of an initial review in May 2021. As part of this process, the CyberUp Campaign has been advocating for the introduction of a statutory defence to the CMA. 100% of respondents to this latest survey believe this would bring some of the necessary protections needed for UK cyber professionals when carrying out their crucial work to protect the public from cyber attacks.
Flick Drummond, Conservative MP for Meon Valley said:
“The UK faces unprecedented levels of cybercrime and fraud. As we witness the ever-increasing frequency and sophistication of cyber threats to our computer and personal devices, businesses and critical national infrastructure, it is imperative that we ensure that our legislative frameworks are able to safeguard our nation's cybersecurity.
I am pleased to support this report, with its findings serving as a clear and urgent signal, exposing the restrictive impact that the Act is having on the very professionals tasked with defending our businesses, citizens, and national security from the ever-evolving landscape of cyber threats. This report further emphasises the urgent need for the UK Government to reform the Computer Misuse Act. Further inaction and delay will only continue to leave the UK vulnerable.”
Rob Dartnall, CEO of SecAlliance, Chair of CREST UK and representative of the CyberUp Campaign commented:
“Today’s survey findings are an important reminder of the detrimental impact that the UK’s outdated cyber laws are having on the UK’s cyber resilience. The longer we wait for reform, the more we risk bleeding crucial cyber expertise and costing the UK economy billions. Most importantly, we are dangerously exposed to growing cyber threats all because of the lack of political will to legislate for the changes needed. Urgent reform is our shield against cyber threats.
This snapshot is crucial as we look to the future. We urge Government to lay out a clear timetable for the next steps for reform, which positively reflect industry’s support for professional safeguards. This will ensure that the UK cyber security industry can continue to flourish. We must bring the UK’s cyber laws into the 21st century to prevent further economic and financial setbacks and defend the UK’s critical national infrastructure.”