A report by the Criminal Law Reform Now Network (CLRNN) has highlighted the inadequacy of current UK legislation in enabling professionals to deal with the threat from cybercriminals.

They state that “The Computer Misuse Act 1990 (CMA 1990) is now almost 30 years old. In the years since, it has not kept pace with rapid technological change. It is clear that the CMA 1990 requires significant reform to make it fit for the 21st century”.

The report by the CLRNN highlights that the Crime survey for England & Wales estimates that for the year to June 2019 there were around 977,000 incidents of Computer misuse – such as hacking or using computer viruses or malware to disrupt services, obtain information illegally or extort individuals or organisations. Only about 2% of CMA offences result in a police investigation; and only a fraction of 1% result in a prosecution or conviction.

In the view of the CLRNN report the CMA 1990 provides a confused legal framework, with outdated and ambiguous terminology, and an unjustifiably broad application (beyond our international comparators and treaty obligations). The inappropriate breadth of CMA offences serves to criminalise or deter non-culpable actors, making the UK less safe. Under the current law Cyber threat intelligence professionals may be prevented from testing and defending systems with the most effective means while journalists and academics may be prevented from researching cyber threats in the public interest.

Read the Report

Back to News