Four in five UK cyber security professionals are worried about breaking the law due to confusion caused by the ageing Computer Misuse Act (CMA).
The 30-year-old legislation is restricting pen-testers and white hat hackers with strict and often out-dated definitions, according to a survey commissioned by teckUK and the CyberUp Campaign.
The survey, which was circulated between 46 respondents representing 11 organisations and some 25,120 employees, found that the legislation was stifling security teams in the UK, with 80% of respondents saying they have been worried about breaking the law when researching vulnerabilities or investigating cyber threat actors.
Around 40% of those surveyed said the CMA has acted as a barrier to them or their colleagues and had even prevented employees from proactively safeguarding against security breaches. Furthermore, 91% of businesses believed that the law puts UK consultancies at a competitive disadvantage with other countries.
Some of the answers also suggested confusion about what counts as a criminal offence under the CMA. In fact, in only three cyber incident examples - 'web scraping' (74%), 'open source internet scanning' (68%), and 'default credentials in login panels exposed to the internet' (74%) - did respondents reach a reasonable level of consensus.
The Computer Misuse Act was enshrined in 1990, long before the internet became the essential tool for businesses it is today. Although it has been updated a number of times, both techUK and the CyberUp Campaign are calling for the government to open a consultation within the industry to put the law through "rapid modernisation".
"I know from my time in this industry that there are now real concerns among the cyber security community that this law is impeding professionals ability to protect the nation from the ever-evolving range of cyber threats we face, and preventing the sector from establishing its leadership position on the international stage," Conservative MP Ruth Edwards wrote in the report.
"If ever there was going to be a time to prioritise the rapid modernisation of our cyber legislation, it is now, when our reliance on safe, reliable and resilient digital technologies has been brought into stark relief by the coronavirus pandemic."
-
Asus ZenScreen Fold OLED MQ17QH reviewReviews A stunning foldable 17.3in OLED display – but it's too expensive to be anything more than a thrilling tech demo
-
How the UK MoJ achieved secure networks for prisons and offices with Palo Alto NetworksCase study Adopting zero trust is a necessity when your own users are trying to launch cyber attacks
-
Bugcrowd’s new MSP program looks to transform pen testing for small businessesNews Cybersecurity provider Bugcrowd has launched a new service aimed at helping MSP’s drive pen testing capabilities - with a particular focus on small businesses.
-
Building a new approach to security with the next generation of penetration testingSponsored Combining human-led testing with continuous automated scanning can elevate your security regime
-
OpenAI to pay up to $20k in rewards through new bug bounty programNews The move follows a period of unrest over data security concerns
-
Kali Linux releases first-ever defensive distro with score of new toolsNews Kali Purple marks the next step for the red-teaming platform on the project's tenth anniversary
-
Podcast transcript: Meet the cyborg hackerIT Pro Podcast Read the full transcript for this episode of the IT Pro Podcast
-
The IT Pro Podcast: Meet the cyborg hackerIT Pro Podcast Resistance is futile - offensive biotech implants are already here
-
Russia-linked state-sponsored hackers launch fresh attacks by abusing latest red team toolNews Researchers said the new tool has evaded the detection of many leading security products and is quickly growing in popularity
-
Train firm slammed over 'bonus' phishing testNews Security experts suggest businesses use other 'lures' to avoid upsetting workers in the current climate
