The CyberUp Campaign’s highlights of 2023

As we come to the end of 2023, the CyberUp Campaign is reflecting on what has been a busy year for the Campaign. We have continued to grow our supporter base in both parliament and with industry and while we still await reform, we have ensured that the issue of Computer Misuse Act 1990 (CMA) reform has remained firmly on the government’s political agenda.

 The Campaign is looking back on our six key moments of this year, as we look forward to continuing to push for reform of this crucial piece of cyber legislation in 2024:

 The Security Minister provided a long-awaited update on CMA reform to parliament

 At the start of the year in February, Tom Tugendhat provided Parliament with a long-awaited update on the reform of the Computer Misuse Act. This was in direct response to the previous consultation issued by the former Home Secretary Rt Hon Priti Patel MP, which concluded in June 2021. 

In the update, the Government acknowledged that the UK needs “to ensure that the cyber security industry is not unnecessarily prohibited from conducting activities that would protect entities and individuals from hostile cyber actors”. However the Government’s response outlined that ‘further consideration’ was required and a multi-stakeholder programme was proposed to consider how reform could work in practice. The Campaign’s response at the time that we need urgency and pace in achieving reform quickly and it is essential that the Government lay out a clear timetable and plan for the next steps for this multi-stakeholder engagement.

 Sir Patrick Vallace’s Digital Technology Review recommends CMA reform to government

 In what was a major moment for the Campaign, in March, Sir Patrick Vallace’s Digital Technology Regulation Review was published. The review included the recommendation of an introduction of a statutory public interest defence in a reformed Computer Misuse Act. The review stated the current act limits our cyber professionals from conducting legitimate cybersecurity research due to fear of risking prosecution if they attempt to access a computer or computer material without obtaining the necessary authorisation. The review also commented on how other countries such as France and the United States have already updated their regulations to provide this defence. The review urged the UK government to do the same, to allow our cyber industry to compete on a level playing field. 

 Following the review, we were delighted to that the Chancellor committed to implementing all of the review’s recommendations during the Spring Budget, marking the first time government had committed to CMA reform.

CyberUp provides evidence to the Home Office’s industry working group on CMA reform

The CyberUp Campaign and our supporters were delighted to submit a series of written responses to the Home Office’s next stage of consideration for reform of the Computer Misuse Act 1990.  As part of this process, the Home Office would welcomed input from CyberUp supporters based on different ‘themes’, including the introduction of a statutory defence for legitimate cyber security work. The Campaign remains committed to ensuring the views of the UK cyber security industry are heard in these important ongoing discussions.

The CyberUp Campaign drop in event

 In November, the Campaign held a drop in event in parliament for MPs and Peers to speak to some of the UK’s world-leading cyber experts, to hear first-hand experience on why CMA reform is required to protect UK businesses and consumers from increasingly complex cyber threats, and why a fit-for-purpose cyber crime regime is a necessity for the UK’s successful digital future. We were happy to see attendance from a range of cross-party parliamentarians, who expressed their interest and support for our calls for reform of the outdated Computer Misuse Act. 

The Joint Committee on the National Security Strategy report on ransomware calls for urgent CMA reform

In December, the Joint Committee on the National Security Strategy released their report on ransomware, which warned that the UK is at risk of a “catastrophic cyber attack” and called for urgent CMA reform, stating that the act is not fit for the digital age we now live in. The report also stated “the Minister for Security’s acknowledgement of how out of date the Computer Misuse Act is does not excuse the lack of progress which has been made to legislate in this space. It has been two-and-a-half years after its main consultation and 33 years since that dated legislation received Royal Assent. It is hard to see how the Criminal Justice Bill brought forward by the King’s Speech 2023 will sufficiently cover the gap left by the outdated CMA.”

2023 CyberUp Industry Survey on reform of the UK’s Computer Misuse Act 1990

 Finally, this month the Campaign published its new industry survey report on the ‘chilling effect’ of Computer Misuse Act reform. We were delighted to see our key findings published in the Mirror, highlighting that the CMA is ‘hampering UK’s battle against cyber attacks’.

Our new analysis found that 16,850 cyber security professionals may have been lost to countries with more permissive cyber laws because of the UK’s thirty-year-old law governing cybercrime in the UK, the equivalent to losing two GCHQs worth of talent. The Campaign estimates this has had a stifling effect on the whole sector, resulting in revenue losses of around £3 billion.

We were pleased to also have Conservative MP and CyberUp Supporter Flick Drummond MP endorse this report, calling on government to ensure urgent reform, as “it is imperative that our legislative frameworks are able to safeguard our nation's cybersecurity.”

We look forward to redoubling our efforts to ensure reform of our outdated Computer Misuse Act in 2024. We thank all our supporters for their support this year, which has been another successful year for the Campaign as we edge ever closer to legislative reform.