We have signed a Memorandum of Understanding (MoU) with the National Crime Agency (NCA) that sets out how both organisations will cooperate to improve the UK’s cyber resilience.
The aim of this work is to ensure that organisations across the country can better protect themselves from criminals who steal data and hold it to ransom.
The MoU reaffirms our commitment to providing relevant, up to date information sharing on cyber security matters, to support improved cyber security, and to provide guidance on how change can be implemented.
Specifically, we are working more closely with the NCA to ensure organisations are signposted to relevant bodies, such as the National Cyber Security Centre (NCSC), and are empowered to report cyber crime at the earliest opportunity.
Stephen Bonner, ICO Deputy Commissioner - Regulatory Supervision, said:
“Unfortunately we’ve seen cyber-crime costing UK firms billions over the past years. That’s why it’s crucial that relevant bodies work together to boost the UK’s cyber resilience.
“This new memorandum of understanding builds on our existing relationship with the NCA and will help improve cyber security standards across the board, while respecting each other’s remits.”
NCA Deputy Director Paul Foster, Head of the National Cyber Crime Unit, said:
“The NCA leads a whole-system response to cyber crime, disrupting cyber criminals and putting them before the courts wherever possible.
“Organisations who are vulnerable to imminent attack or find themselves a victim also need support and guidance, and we work closely with our partners to provide this.
“We are pleased to be making this commitment with the Information Commissioner’s Office; this agreement signifies our common goal of establishing and maintaining a secure and resilient cyber ecosystem for all.”
The MOU reaffirms the following commitments:
- We will encourage organisations to engage appropriately with the NCA on cyber security matters, including the response to cyber crime.
- The NCA will never pass information shared with it in confidence by an organisation to us without having first sought the consent of that organisation.
- We will support the NCA’s visibility of UK cyber attacks by sharing information about cyber incidents with the NCA on an anonymised, systemic and aggregated basis, and on an organisation specific basis where appropriate, to assist the NCA in protecting the public from serious and organised crime.
- Where we are both engaged on a cyber incident, they will endeavour to deconflict to minimise disruption to an organisation’s efforts to contain and mitigate harm.
- We will work together to promote learning, provide consistent guidance and improve standards on cyber-related matters.
Notes to editors
- The ICO is the independent regulator for upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals. The Commissioner is empowered to take a range of regulatory actions including enforcement of the Data Protection Act 2018, the UK General Data Protection Regulation, and the Network and Information Systems Regulations 2018 in respect of Digital Service Providers for which the ICO serves as competent authority.
- The National Crime Agency (NCA) leads the UK’s fight to cut serious and organised crime. As a high proportion of cyber incidents are criminal, the NCA plays a pivotal role in protecting the public from cyber crime, supporting organisations who fall victim to attack and identifying and locating those responsible.