The National Crime Agency (NCA) and Information Commissioner’s Office (ICO) have signed a Memorandum of Understanding (MoU) around cooperation to improve the UK’s cyber resilience.

The MoU sets out the “broad principles of collaboration and the legal framework governing the sharing of relevant information and intelligence between the participants.” This includes shared aims to “codify and enhance working” between the ICO and NCA, and include the exchange of appropriate information to assist them in discharging their functions.

In particular, the ICO and NCA will work together in the following areas:

• Assessing and influencing improvements in cybersecurity of regulated organisations

• Information sharing relating to entities subject to attack

• Deconfliction between the NCA and the Commissioner in relation to incident management

• Public communications and press releases.

The MOU also reaffirms the following commitments from the ICO:

• The ICO will encourage organisations to engage appropriately with the NCA on cybersecurity matters, including the response to cybercrime.

• The NCA will never pass information shared with it in confidence by an organisation to us without having first sought the consent of that organisation. 

• The ICO will support the NCA’s visibility of UK cyber-attacks by sharing information about cyber incidents with the NCA on an anonymised, systemic and aggregated basis, and on an organisation specific basis where appropriate, to assist the NCA in protecting the public from serious and organised crime.

• Where both the ICO and NCA are engaged on a cyber incident, they will endeavour to deconflict to minimise disruption to an organisation’s efforts to contain and mitigate harm.

• We will work together to promote learning, provide consistent guidance and improve standards on cyber-related matters.

Working More Closely

The ICO also said that it is working more closely with the NCA to ensure organisations are signposted to relevant bodies, such as the National Cyber Security Centre (NCSC), and are empowered to report cybercrime at the earliest opportunity.

Stephen Bonner, ICO deputy commissioner - regulatory supervision, said: “Unfortunately we’ve seen cyber-crime costing UK firms billions over the past years. That’s why it’s crucial that relevant bodies work together to boost the UK’s cyber resilience.

“This new memorandum of understanding builds on our existing relationship with the NCA and will help improve cyber security standards across the board, while respecting each other’s remits.”

NCA deputy director Paul Foster, head of the National Cyber Crime Unit, said: “The NCA leads a whole-system response to cybercrime, disrupting cyber-criminals and putting them before the courts wherever possible.

“We are pleased to be making this commitment with the Information Commissioner’s Office; this agreement signifies our common goal of establishing and maintaining a secure and resilient cyber ecosystem for all.”

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.