Cybersecurity is front and centre

The ICO and NCA have signed a memorandum of understanding outlining how they will be tackling cybercrime and cybersecurity together.

The Information Commissioner’s Office (ICO) has signed a memorandum of understanding (MoU) with the National Crime Agency (NCA) that sets out how both organisations will cooperate to improve the UK’s cyber resilience.

The aim of this work is to ensure that organisations across the country can better protect themselves from criminals who steal data and hold it to ransom.

The ICO is the independent regulator for upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals. The Commissioner is empowered to take a range of regulatory actions including enforcement of the Data Protection Act 2018, the UK General Data Protection Regulation (GDPR) and the Network and Information Systems Regulations 2018 in respect of Digital Service Providers, for which the ICO serves as the competent authority. 

The NCA leads the UK’s fight to cut serious and organised crime. As a high proportion of cyber incidents are criminal, the NCA plays a pivotal role in protecting the public from cybercrime, supporting organisations that fall victim to attack and identifying and locating those responsible.

The MoU reaffirms a joint commitment to providing relevant, up-to-date information sharing on cybersecurity matters, to support improved cybersecurity, and to provide guidance on how change can be implemented.

Specifically, the ICO is working more closely with the NCA to ensure organisations are signposted to relevant bodies, such as the National Cyber Security Centre, and are empowered to report cybercrime at the earliest opportunity.

Stephen Bonner, ICO Deputy Commissioner, Regulatory Supervision, said: “Unfortunately, we’ve seen cybercrime costing UK firms billions over the past years. That’s why it’s crucial that relevant bodies work together to boost the UK’s cyber resilience.

“This new memorandum of understanding builds on our existing relationship with the NCA and will help improve cybersecurity standards across the board, while respecting each other’s remits.”

NCA Deputy Director Paul Foster, Head of the National Cyber Crime Unit, said: “The NCA leads a whole-system response to cybercrime, disrupting cyber criminals and putting them before the courts wherever possible.

“Organisations who are vulnerable to imminent attack or find themselves a victim also need support and guidance, and we work closely with our partners to provide this.

“We are pleased to be making this commitment with the Information Commissioner’s Office; this agreement signifies our common goal of establishing and maintaining a secure and resilient cyber-ecosystem for all.”

The MoU reaffirms the following commitments:

• The ICO will encourage organisations to engage appropriately with the NCA on cybersecurity matters, including the response to cybercrime.
• The NCA will never pass information shared with it in confidence by an organisation to the ICO without having first sought the consent of that organisation. 
• The ICO will support the NCA’s visibility of UK cyber-attacks by sharing information about cyber incidents with the NCA on an anonymised, systemic and aggregated basis, and on an organisation-specific basis where appropriate, to assist the NCA in protecting the public from serious and organised crime.
• Where both the ICO and NCA are engaged on a cyber incident, they will endeavour to deconflict to minimise disruption to an organisation’s efforts to contain and mitigate harm.
• Both the ICO and NCA will work together to promote learning, provide consistent guidance and improve standards on cyber-related matters.