A guide to UK cybercrime legislation + helpful links

Cyber Security Concept Man Hand Protection Network With Lock Icon

Posted on February 9, 2021 by Louise Howland

Cybercrime is everywhere online. As well as this, cyber-risks are increasingly harder to identify as cyber-crime becomes more sophisticated. With threats posed by everything from social media through to cyber-fraud, organisations need to be more vigilant about rising risks online.

Over the past two decades, both commercial and private computing has become more normal in the UK, but so has cybercrime leading to more urgency for tighter, more vigilant, cybercrime legislation and punishment. So, as cybersecurity awareness is on the rise, it would benefit many businesses to understand cybercrime legislation.

Computer Misuse Act 1990, UK

The primary cybercrime legislation in the UK is known as the Computer Misuse Act 1990 (or “CMA”), which handles many of the malicious attacks or offences against computer solutions, including hacking and ransoming, this is the act under which all cybercriminals are prosecuted for cybercrime attacks. According to the CPS (Crown Prosecution Services), “computer” could mean further devices, which store, process or retrieve information. That means that cybercrime legislation covers smartphones, tablets, and a host of other technological devices beyond the traditional desktop computer.

The Computer Misuse Act defines the following as illegal and will prosecute:

  • Unauthorised, or malicious, access to material stored on a computer.
  • Intentional harm, or crime, using computer systems.
  • Modifying, removing, or ransoming data.
  • Aiding in computer misuses, such as supplying information.

The penalties vary in severity, from costly fines to prison sentences.

Offence / Crime Penalty for the cyber-criminal
Unauthorised, or malicious, tampering with material stored on a computer.A six-month sentence in prison with a possible fine of £5,000
Intention to commit a cybercrime.A five-year prison sentence or unlimited fine.
Modifying, removing, or ransoming data.A five-year prison sentence or unlimited fine.
Aiding in computer misuses.A ten-year sentence or unlimited fine.

Protection Acts for Businesses

Data Protection Act (1998)

This legislation in the UK is key in safeguarding all types of private, confidential, or business information. It ensures that data is handled in a safe, fair, and lawful manner. It works by protecting a data subject, such as a person’s medical information, by regulating and controlling how their information gets stored, which is normally through an “Information Commissioner”. This act works to protect businesses and users against misuse of information within the business or externally.

Data Protection Act (2018)

In the new digital age, data protection has become even more important. The new Data Protection Act (2018) continues the goals from the previous legislation, controlling how “information is used by organisations, businesses, or the government”. This is part of the UK’s General Data Protection Regulation (or GDPR), which is a tough privacy and security law regulating how information is used, handled, and stored to protect users and businesses.

How to Report Cybercrime & Fraud

The severity of cybercrime or fraud shouldn’t be overlooked, whether it’s a petty offence or something more malicious. Instead, it can be conveniently addressed by getting in contact with the police and reporting it.

Action Fraud, the national cybercrime reporting centre, monitors cyber-attacks, fraudulence online, or further cybersecurity incidents. It also contains guidance on the types of cybercrime in the UK and, critically, prevention tips). According to Action Fraud, the areas of a business most likely to be jeopardised, include:

  • Computing systems
  • Internal employees
  • External Suppliers
  • Assets

The National Fraud Intelligence Bureau (or NFIB), which acts in correspondence with Action Fraud, and rests within the City of London Police, is the leading investigator for economic crime. Specifically, this partnership is strategic. The NFIB combs through cybercrime reports to notice any emerging patterns, such as new types of online crime, or serial and repeat offences, or even organised crime that indicates a group.

If you need to report and/or get advice about fraud or cyber crime, you can call the NFIB on 0300 123 2040, they are available to phone 24/7. Alternatively, if you are deaf you can contact them via text on 0300 123 2050 or use their live chat function on their website.

The National Cyber Security Centre

As cybercrime is typically unexpected, it not easy to know how to react. From response to recovery, organisations will focus on the to return to work, minimising the effect of the breach and mitigating future risks. The NCSC (National Cyber Security Centre) supports SME’s to larger businesses (including governmental agencies and public departments), by providing guidance on incident response and recovery.

Find out more about how your business can be protected from cyberattacks within the organisation by checking out our cybersecurity services.

Related Posts

  • Data Protection and Innovation: The Role of the ICO Regulatory Sandbox in the UK
    November 28th, 2023

    Data Protection and Innovation: The Role of the ICO Regulatory Sandbox in the UK

    Cybersecurity

    In this blog, we'll explore the concept of the ICO Regulatory Sandbox and its objectives in the data protection landscape in the UK [...]

    Read article

  • What is a break glass account?
    October 27th, 2023

    What is a break glass account?

    Cybersecurity

    If you’re creating a business continuity plan, have you considered a break glass account? Learn what one is and how to create one here. [...]

    Read article

  • Cybersecurity vs cyber resilience – what is the difference?
    October 11th, 2023

    Cybersecurity vs cyber resilience – what is the difference?

    Cybersecurity

    What’s the difference between cybersecurity and cyber resilience, and how can you implement them? We cover this and more. [...]

    Read article

  • Celebrating 20 Years of Cybersecurity Awareness Month
    September 19th, 2023

    Celebrating 20 Years of Cybersecurity Awareness Month

    Cybersecurity

    October is Cybersecurity awareness month, follow us on LinkedIn or Twitter for daily tips on how you can protect your organisation against Cybercrime. [...]

    Read article

  • How much should businesses invest in cyber resilience? 
    September 11th, 2023

    How much should businesses invest in cyber resilience? 

    Cybersecurity

    In this blog we explore how much organisations should invest in cyber resilience to protect against cybercrime [...]

    Read article

  • The European Cyber Resilience Act explained – how it impacts your business
    September 5th, 2023

    The European Cyber Resilience Act explained – how it impacts your business

    Cybersecurity

    On the 15th of September 2022, the European Commission published its proposal for new regulation regarding cybersecurity requirements for products with digital elements (such as smart fridges, cameras, TVs [...]

    Read article