ICO and NCA announce collaboration on cybersecurity

The Information Commissioner’s Office (ICO) and the National Crime Agency (NCA) have signed a Memorandum of Understanding (MoU) for closer cooperation regarding cybersecurity.

The goal is to improve the cyber resilience of businesses, organizations and institutions that are located in the United Kingdom so they are better protected when hackers try to attack them.

“The MoU reaffirms our commitment to providing relevant, up-to-date information sharing on cyber security matters, to support improved cyber security, and to provide guidance on how change can be implemented,” the ICO and the NCA say in a joint statement.

One of the MoU’s objectives is to direct organizations to the relevant bodies to help them when they are in need, such as the National Cyber Security Centre (NCSC). The sooner organizations intervene, the better chance they stand against threat actors to minimize the scope and impact of a cyberattack.

“Unfortunately we’ve seen cybercrime costing UK firms billions over the past years. That’s why it’s crucial that relevant bodies work together to boost the UK’s cyber resilience. This new Memorandum of Understanding builds on our existing relationship with the NCA and will help improve cyber security standards across the board, while respecting each other’s remits,” ICO Deputy Commissioner Stephen Bonner says about the partnership.

Paul Foster, head of the National Cyber Crime Unit at the NCA, says his goal is to establish and maintain “a secure and resilient cyber ecosystem for all”.

The ICO and the NCA have made numerous arrangements about combating cybercrime. Firstly, they will stimulate organizations to contact the NCA when dealing with cybercrime-related matters. Secondly, all information that is shared in confidence will not be passed down to other parties unless consent is given. Information about cybersecurity incidents shall be handled on an anonymized, systematic and aggregated basis.

When both the ICO and the NCA are involved in a cybersecurity incident, they shall do everything in their power to minimize the disruption to an organization’s efforts to mitigate the incident. Lastly, both parties promise to work together to promote learning, provide consistent guidance and improve standards on cyber-related matters.