Cybersecurity professionals are struggling to balance the need to defend their organizations and the need to adhere to laws and regulations.
This is according to a new report from the CyberUp Campaign and TechUK, which argues that the Computer Misuse Act, a piece of legislation that has been in effect since 1990, hinders efforts to protect business assets.
The legislation is so outdated that some IT pros weren't able to prevent their organization from being harmed, out of fear of prosecution. Others intervened, knowing that doing so could result in charges.
Ruth Edwards MP, a former cybersecurity professional who contributed a foreword to the report, called upon the government to change the legislation as soon as possible.
The report proposes multiple changes that would allow the law to take into account the motives of ethical cybersecurity pros, making sure they operate within legal boundaries and free from fear of prosecution.
The report further claims that the Computer Misuse Act also puts the UK at a competitive disadvantage compared to other countries. Almost all IT pros surveyed for the report (90 percent) said updating the legislation could improve their organization's productivity.
The CyberUp Campaign and TechUK argue that the IT industry stands to gain more than $2.12 billion and 6,200 jobs with a change in legislation.
“The Computer Misuse Act, though world-leading at the time of its introduction, was put on the statute book when 0.5 percent of the population used the internet. The digital world has changed beyond recognition, and this survey clearly shows that it is time for the Computer Misuse Act to adapt,” concluded Edwards.