Cybersecurity and the UK Election: How Current Cyber Laws are Making the UK Less Safe

The views and opinions expressed in this article are those of the author and do not necessarily reflect the official policy or position of the University of Birmingham

“Investment into the policing and prosecution of cybercrime is sorely needed. However, the rush to promise funds for increased policing only engages with part of the problem.


All major political parties recognise the growing threat posed by computer misuse and the corresponding need to ensure an effective and co-ordinated cybersecurity regime. Computers are everywhere, from the control and coordination of our national infrastructure to our smartphones and home devises; and yet the principal criminal legislation (the Computer Misuse Act 1990) is both out of date in its content and conspicuously underused as a tool for prosecution. This year’s party manifestos recognise something of this problem, and they promise action.

The Conservative manifesto champions a new ‘cyber-crime force’, a strengthened National Crime Agency (NCA), and modernisation and training for police. Similarly, Labour focuses on training and investment for ‘modern’ cyber policing and reforming the NCA, as well as going further to suggest a review of the National Cyber Security Centre and the creation of a new Minister for Cybersecurity. The Liberal Democrat position, though perhaps more focused on the ethical dimension of new technologies, also recognises the need for investment in cyber policing.

Investment into the policing and prosecution of cybercrime is sorely needed. However, the rush to promise funds for increased policing only engages with part of the problem. Missing from each manifesto is an explicit pledge to reform current offences within the Computer Misuse Act 1990, and yet such reform is vital if the parties are to achieve their desired ends in terms of added security and safety online. The current legislation was created for a different time, and it approaches cyber offences through the blanket criminalisation of all ‘unauthorised’ access, supplemented with even broader provisions criminalising preparatory acts and the trading of equipment used for unauthorised computer access.

Overly broad offences of this kind result in perverse effects. Rather than providing tough regulation, non-culpable journalistic and academic research can be inadvertently criminalised; it has the same impact on the private cybersecurity operators that so many of us (including public bodies) rely upon for effective defence. In this manner, whereas cybersecurity operators from other jurisdictions can work freely in the public interest to police network defences, and to report cyber attack details to the public authorities, such activities in the UK are severely blunted (or are carried out under a cloud of potential prosecution).

The Criminal Law Reform Now Network is a group of leading practitioners and academics specialising in legal reform projects. The Network’s first report – Reforming the Computer Misuse Act 1990 - will be launched in Westminster on the 22nd January 2020 and available from the Criminal Law Reform Now Network website. The recommended reforms are simple and targeted, creating new public interest defences in line with other modern statutes, as well as clarifying advice on prosecution and sentencing. If the UK political parties are serious about investing in cyber defence, and we hope that they are, modernising the legal framework provides essential missing pieces to the puzzle. 

Have your say...

  • Corny
    1. At 11:03AM on 29 October 2021, Corny wrote

    Cyber laws need to be regularly changed. With every introduction of new technology and hardware, comes the different threat, that can easily be manipulated. The bad actors can't only take physical control of PC through social engineering, such as gaining access to motherboards, circuits, and complete systems, but can also deploy files to a computer remotely. MPs should also be pressed to bring regular changes to the laws and also further regulate the technology industry.

    2. At 2:24PM on 02 December 2021, wrote

    I hope they'll solve this quickly

    3. At 2:24PM on 02 December 2021, wrote

    Security is a big deal

  • Sarwat
    4. At 7:55AM on 03 January 2022, Sarwat wrote

    Really amazing guide

  • Sarwat
    5. At 7:55AM on 03 January 2022, wrote

    Fantastic guide

  • Mark Fiddlebottom
    6. At 6:36PM on 17 January 2022, Mark Fiddlebottom wrote

    Cybersecurity on companies are an investment for clients. This create trust among users and will help position among the community. However laws should be precise beacause the internet is still a delicate topic and being anonymous could represent a threat to a lot of people. Nonetheless being anonymous on the net is now being associated with negativiy.

    Mark Fiddlebottom

    Frozen Food Manufacturer

Add Your Feedback