80% of cyber professionals say the Computer Misuse Act is working against them

techUK report calls for "rapid modernisation" of the 30-year-old law that's "stifling" penetration testing

A young professional showing signs of stress at work

Four in five UK cyber security professionals are worried about breaking the law due to confusion caused by the ageing Computer Misuse Act (CMA).

The 30-year-old legislation is restricting pen-testers and white hat hackers with strict and often out-dated definitions, according to a survey commissioned by teckUK and the CyberUp Campaign.

The survey, which was circulated between 46 respondents representing 11 organisations and some 25,120 employees, found that the legislation was stifling security teams in the UK, with 80% of respondents saying they have been worried about breaking the law when researching vulnerabilities or investigating cyber threat actors.

Around 40% of those surveyed said the CMA has acted as a barrier to them or their colleagues and had even prevented employees from proactively safeguarding against security breaches. Furthermore, 91% of businesses believed that the law puts UK consultancies at a competitive disadvantage with other countries.

Some of the answers also suggested confusion about what counts as a criminal offence under the CMA. In fact, in only three cyber incident examples - 'web scraping' (74%), 'open source internet scanning' (68%), and 'default credentials in login panels exposed to the internet' (74%) - did respondents reach a reasonable level of consensus.

The Computer Misuse Act was enshrined in 1990, long before the internet became the essential tool for businesses it is today. Although it has been updated a number of times, both techUK and the CyberUp Campaign are calling for the government to open a consultation within the industry to put the law through "rapid modernisation".

"I know from my time in this industry that there are now real concerns among the cyber security community that this law is impeding professionals ability to protect the nation from the ever-evolving range of cyber threats we face, and preventing the sector from establishing its leadership position on the international stage," Conservative MP Ruth Edwards wrote in the report.

"If ever there was going to be a time to prioritise the rapid modernisation of our cyber legislation, it is now, when our reliance on safe, reliable and resilient digital technologies has been brought into stark relief by the coronavirus pandemic."

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

1Password targets enterprise customers with Secrets Automation
IT infrastructure

1Password targets enterprise customers with Secrets Automation

14 Apr 2021
PowerShell threats increased over 200% last year
cyber security

PowerShell threats increased over 200% last year

14 Apr 2021
Russia launched over a million cyber attacks in three months
hacking

Russia launched over a million cyber attacks in three months

13 Apr 2021
New DNS vulnerabilities put millions of IoT devices at risk
Internet of Things (IoT)

New DNS vulnerabilities put millions of IoT devices at risk

13 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget
Mobile Phones

Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget

13 Apr 2021