Brit infosec firms urge PM Boris to reform the Computer Misuse Act
.jpg)
A group of British infosec companies has written to UK prime minister Boris Johnson asking him to reform the Computer Misuse Act 1990, saying the act "has failed to keep pace with technological and market developments, inadvertently prohibiting a large component of contemporary threat intelligence research."
The companies, comprising NCC Group, Orpheus Cyber, Context Information Security and Nettitude, urged the winner of the Conservative Party's recent internal leadership contest to bring about "legislative reform to bring cybercrime legislation in step with other regimes".
Key among the companies' demands for reform is the introduction of "statutory defences that apply to accredited professionals who act ethically, in the public interest, to detect and prevent criminal activity."
The letter came after The Register revealed in May this year that while 90 per cent of hacking prosecutions last year were successful, the odds of a prison sentence were very low.
The letter said, in part:
"Legislation currently forces cybersecurity specialists to act with one hand tied behind their backs. Reforming the Computer Misuse Act would enable us to learn more about an attacker’s tactics and identify additional victims, addressing current barriers that often halt our defence investigations so as not to break the law. More modern legislation exists in other jurisdictions - countries which we actively compete within the global cybersecurity market. Failure to modernise our laws risks the increasing demand for cybersecurity services being met outside the UK."
Its signatories, all C-suite execs from the named firms, added: "We believe removing current legislative restraints, and offering certainty to the industry, would significantly unlock the growth of the UK cyber threat intelligence sector, while allowing the industry to better support law enforcement and intelligence agencies."
Researchers have long complained that the Computer Misuse Act (CMA) inhibits research because of broad wording that does not make it completely clear what is and what is not illegal in the fast-moving world of infosec. While no statute could be exhaustively prescriptive about what can and cannot be done, the companies say that the time is ripe to give protection to bona fide researchers.
Ollie Whitehouse, global chief technical officer at NCC Group, said in a statement to The Register: "We're proud to be the driving force behind the necessary reform to the Computer Misuse Act (CMA) – an essential but outdated legislation, which currently restricts many industry specialists like ourselves from carrying out crucial threat intelligence work. Cybersecurity is a global issue, so it’s vital that the UK is able to compete on a level playing field with our international colleagues.”
The act was last amended five years ago, causing some severe worries.
source theregister
Industry: Cyber Security
Latest Jobs
-
- Account Director | Cyber Security Consulting | UK - South East
- London
- N/A
-
Account Director | Cyber Security Consulting - Financial Services | UK - South East. New Role due to Growth We are looking for an experienced Account Director to develop and expand existing relationships across the financial services sector, working with investment firms, asset managers, private equity groups and strategic partners to deliver intelligent cyber consulting and a bespoke Cyber product offerings. You will act as a trusted advisor, helping organisations strengthen digital resilience, manage third-party and regulatory risk and adopt a proactive approach to cyber assurance. Key Responsibilities Manage a defined portfolio of financial clients, understanding business priorities and aligning tailored cyber solutions. Drive new client engagement while nurturing existing partnerships through a consultative, long-term approach. Present the benefits of advanced cyber services including threat intelligence, vulnerability management, incident readiness, and continuous risk monitoring. Collaborate with technical and delivery teams to ensure smooth engagement from proposal through to implementation and ongoing support. Prepare proposals, negotiate commercial terms, and clearly articulate value and business outcomes. Build trusted relationships at senior and board level. Ideal Profile Strong background in cybersecurity, consulting, or risk management within financial services. Skilled communicator with proven success managing and growing key accounts. Able to translate complex technical insight into commercial and strategic value for clients. Confident engaging with senior stakeholders and decision makers. Please note: Sponsorship is not available.
-
- SOC Analyst- Level 2- Hybrid Greater London
- London
- N/A
-
SOC Analyst- Level 2- Hybrid Greater London New opportunity created through continued growth. We’re looking for a SOC Analyst (Level 2) to strengthen a growing managed security team. You’ll work hands-on with Microsoft Sentinel and Defender XDR, investigating alerts, responding to incidents, and helping improve how clients stay protected. This role is ideal for someone who enjoys unravelling security events, thinking critically under pressure, and making a real difference day to day. What you’ll do · Investigate and respond to security activity across SIEM and endpoint tools · Analyse network and log data to uncover real threats · Support automation initiatives to streamline response processes · Help maintain visibility, data flow, and performance across SOC platforms What you’ll need · Practical experience using Microsoft Sentinel and Defender XDR · Confident working with KQL or similar query languages · Understanding of attacker tactics and response techniques · SC-200 certifications would be nice. · Experience supporting multiple customer environments Please note: Sponsorship is not available.
-
- Senior SOC Engineer - UK - New role due to growth
- London
- N/A
-
Senior SOC Engineer – New role due to growth We are hiring a Senior SOC Engineer to take the lead across security operations for a growing managed service. You will lead detection, response and onboarding activity across multiple clients, helping shape how the SOC evolves. Expect variety; from fine-tuning alerts and threat hunting to supporting customers and mentoring junior analysts. What you’ll bring · Strong experience across SIEM, EDR, and threat detection tools · Confident working with customers in a managed service environment · Skilled in scripting or query languages such as KQL or PowerShell · Knowledge of frameworks like NIST, ISO27001, MITRE ATT&CK · Calm communicator with a problem-solving mindset · Experience with Azure Lighthouse or delegated access models · Prior involvement in automation or SOC improvement projects Location: South East England- Hybrid role Please note: Sponsorship cannot be offered now or in the future.
-
- SENIOR Cyber Risk Consultant. Cyber Risk consultancy - the right way. UK. Hybrid - Remote first
- United Kingdom
- N/A
-
Senior Cyber Risk Consultant needed. New position due to growth Seeking a passionate Cyber Security Risk Consultant who enjoys helping clients make a different to their business. Dedicated training budgets, Unlimited holiday structured career path, Work life balance guaranteed Cyber Risk consultancy done the right way. A successful individual will have experience working with clients to identify business cyber security risk. This is a remote first opportunity which means you will spend the majority of your time working remotely. You will however spend some time meeting clients as well as meeting up with the team on a monthly basis.. Some of the nice to have certifications. CRISC, ISO27001 Lead implementer, CISA, CISM, CISSP Unable to offer Visa sponsorship now or in the future.