UK security pros worry about breaking the law when defending against attacks
The Computer Misuse Act (1990) is the law that governs the activities of cyber security professionals in the UK and the survey finds a near-unanimous (93 percent) belief that the Act -- written before the advent of modern cyber security -- does not represent a piece of legislation fit for this century.
The survey shows that, in some cases, cyber security researchers are being stopped from preventing harm to businesses and citizens by the Computer Misuse Act. This arises out of both fear of breaking the law and a lack of certainty about what exactly constitutes a breach.
The act is also felt to have a stifling effect on the UK cyber security industry, with 91 percent of businesses feeling they had been put at a competitive disadvantage relative to other countries with better legal regimes. In addition, a similar number (90 percent) indicate that a change in the law would lead to growth and productivity benefits for their organization.
Ed Parsons, MD at F-Secure Consulting and spokesperson for the CyberUp campaign, says:
The survey findings highlight that many cyber security professionals, at present, are having to carry out their jobs with one hand tied behind their back in order to stay within the law. Reform of the CMA will make the UK cyber security industry more competitive and more attractive to work in at a time when cyber skills are in short supply and in high demand.
Meanwhile, the current pandemic has not only underlined our dependence on digital technology, but also accelerated shifts in enterprise architecture, increasing the complexity of the environments we need to protect. Now more than ever, we need clear legal definitions to ensure that cyber security professionals who reasonably believe they have authorization to act can legitimately do so.
You can find out more and get the full report on the CyberUp site.