"Speaking on 3 December at the Financial Times Cyber Resilience Summit 2025, security minister Dan Jarvis said: "We've heard the criticisms about the Computer Misuse Act, and how it can leave many cyber security experts feeling constrained in the activity that they can undertake. These researchers play an important role in increasing the resilience of UK systems, and securing them from unknown vulnerabilities.""
"Introduced in part as a response to a high-profile hack of BT systems by a technology journalist, the CMA as written includes the offence of unauthorised access to a computer. While this offence is still used successfully to prosecute cyber criminal hackers to this day, many British cyber pros argue that it also runs the risk of criminalising their work because from time-to-time, they may need to access a computer without explicit permission."
The UK government will change the Computer Misuse Act to provide a statutory defence for cybersecurity researchers who identify and share vulnerabilities, provided they meet defined safeguards. The move aims to reduce legal constraints that can deter legitimate security research and improve resilience of UK systems. The current CMA criminalises unauthorised access and was introduced after a high-profile hack of BT systems. The offence still supports prosecutions of cybercriminals but also risks criminalising researchers who sometimes need access without explicit permission. Multiple reform attempts over recent years have not yet succeeded.
Read at ComputerWeekly.com
Unable to calculate read time
Collection
[
|
...
]