The UK's Information Commissioner’s Office (ICO) and National Crime Agency (NCA) are planning to improve the support they give to organizations experiencing cyber attacks.
In a Memorandum of Understanding (MoU), the two agencies set out plans to make sure that victims are signposted to relevant bodies, such as the National Cyber Security Centre (NCSC), and are empowered to report cyber crime at the earliest opportunity.
“Unfortunately, we’ve seen cyber crime costing UK firms billions over the past years. That’s why it’s crucial that relevant bodies work together to boost the UK’s cyber resilience," said Stephen Bonner, ICO deputy commissioner - regulatory supervision.
"This new memorandum of understanding builds on our existing relationship with the NCA and will help improve cybersecurity standards across the board, while respecting each other’s remits."
The MoU commits the ICO and NCA to encourage organizations to engage with the NCA on cybersecurity matters, including the response to cyber crime, promising that the NCA will never pass on information shared in confidence without having first received the organization's consent.
The ICO will also share information about cyber incidents with the NCA on an anonymized, systemic, and aggregated basis - and on an organization-specific basis where appropriate - to help protect the public from serious and organized crime.
Where the ICO and NCA are both engaged in a cyber incident, they'll work together to minimize disruption to the organization’s efforts to contain and mitigate harm.
Similarly, the two agencies will also work together to promote learning, provide consistent guidance, and improve standards on cyber-related matters while continuing to work closely with the National Cyber Security Centre (NCSC).
The NCA noted that organizations have a legal responsibility – under both data protection law and the Network and Information Systems Regulations – to report incidents that meet a certain threshold.
There’s a huge amount of assistance on offer, the crime agency added, including tailored technical advice, the creation of secure communication channels, insight into an attacker’s possible motivations, and strategic advice on how to engage with the rest of government, regulators, and the media.
"The NCA leads a whole-system response to cyber crime, disrupting cyber criminals and putting them before the courts wherever possible," said NCA deputy director Paul Foster, head of the National Cyber Crime Unit.
"Organizations who are vulnerable to imminent attack or find themselves a victim also need support and guidance, and we work closely with our partners to provide this."
"We are pleased to be making this commitment with the Information Commissioner’s Office; this agreement signifies our common goal of establishing and maintaining a secure and resilient cyber ecosystem for all."
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Five Eyes cyber agencies issue guidance on edge device vulnerabilitiesNews Cybersecurity agencies including the NCSC and CISA have issued fresh guidance on edge device security.
-
"Thinly spread": Questions raised over UK government’s latest cyber funding schemeThe funding will go towards bolstering cyber skills, though some industry experts have questioned the size of the price tag
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
State-sponsored cyber crime is officially out of controlNews North Korea is the most prolific attacker, but Russia and China account for the most disruptive and tightly-targeted campaigns
-
Modern enterprise cybersecuritywhitepaper Cultivating resilience with reduced detection and response times
-
IDC InfoBrief: How CIOs can achieve the promised benefits of sustainabilitywhitepaper CIOs are facing two conflicting strategic imperatives
-
The NCSC and FBI just issued a major alert over a state-backed hacker group – here’s what you need to knowNews State-affiliated attackers are targeting individuals via spear-phishing techniques, according to the NCSC
