UK's data protection watchdog deepens cooperation with National Crime Agency
The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
The UK's Information Commissioner’s Office (ICO) and National Crime Agency (NCA) are planning to improve the support they give to organizations experiencing cyber attacks.
In a Memorandum of Understanding (MoU), the two agencies set out plans to make sure that victims are signposted to relevant bodies, such as the National Cyber Security Centre (NCSC), and are empowered to report cyber crime at the earliest opportunity.
“Unfortunately, we’ve seen cyber crime costing UK firms billions over the past years. That’s why it’s crucial that relevant bodies work together to boost the UK’s cyber resilience," said Stephen Bonner, ICO deputy commissioner - regulatory supervision.
"This new memorandum of understanding builds on our existing relationship with the NCA and will help improve cybersecurity standards across the board, while respecting each other’s remits."
The MoU commits the ICO and NCA to encourage organizations to engage with the NCA on cybersecurity matters, including the response to cyber crime, promising that the NCA will never pass on information shared in confidence without having first received the organization's consent.
The ICO will also share information about cyber incidents with the NCA on an anonymized, systemic, and aggregated basis - and on an organization-specific basis where appropriate - to help protect the public from serious and organized crime.
Where the ICO and NCA are both engaged in a cyber incident, they'll work together to minimize disruption to the organization’s efforts to contain and mitigate harm.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Similarly, the two agencies will also work together to promote learning, provide consistent guidance, and improve standards on cyber-related matters while continuing to work closely with the National Cyber Security Centre (NCSC).
The NCA noted that organizations have a legal responsibility – under both data protection law and the Network and Information Systems Regulations – to report incidents that meet a certain threshold.
There’s a huge amount of assistance on offer, the crime agency added, including tailored technical advice, the creation of secure communication channels, insight into an attacker’s possible motivations, and strategic advice on how to engage with the rest of government, regulators, and the media.
"The NCA leads a whole-system response to cyber crime, disrupting cyber criminals and putting them before the courts wherever possible," said NCA deputy director Paul Foster, head of the National Cyber Crime Unit.
"Organizations who are vulnerable to imminent attack or find themselves a victim also need support and guidance, and we work closely with our partners to provide this."
"We are pleased to be making this commitment with the Information Commissioner’s Office; this agreement signifies our common goal of establishing and maintaining a secure and resilient cyber ecosystem for all."
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.