The UK’s data protection watchdog and serious and organized crime agency have signed a memorandum of understanding (MoU) designed to enhance cooperation and reaffirm their commitment to helping victim organizations.
The MoU sets out how the Information Commissioner’s Office (ICO) and National Crime Agency (NCA) will work together to improve the cyber-resilience of the UK. This includes sharing information with each other, and organizations impacted by cybercrime, and ensuring that the latter understand which agencies to report incidents to.
The document outlines the following commitments:
- That the ICO will encourage breached organizations to engage with the NCA on cybersecurity and incident response
- That the NCA will never pass on to the ICO information shared with it by a victim organization, unless given consent
- That the ICO will share “anonymised, systemic and aggregated” data with the NCA to improve its visibility into cyber-incidents and ability to protect the public from future attacks
- Where both bodies are engaged on an incident, a commitment to minimize disruption for the victim organization as it tries to mitigate and contain a breach
- To collaborate on guidance, standards and learning across cybersecurity-related topics
For the NCA, the MoU is about enhancing its “whole system” response to cybercrime, according to head of its National Cyber Crime Unit, Paul Foster.
“Organizations who are vulnerable to imminent attack or find themselves a victim also need support and guidance, and we work closely with our partners to provide this,” he said.
“We are pleased to be making this commitment with the Information Commissioner’s Office; this agreement signifies our common goal of establishing and maintaining a secure and resilient cyber ecosystem for all.”
ICO deputy commissioner for regulatory supervision, Stephen Bonner, added that with cybercrime costing UK organizations billions, it’s more important than ever that the relevant bodies work together to improve cyber-resilience.
“This new memorandum of understanding builds on our existing relationship with the NCA and will help improve cybersecurity standards across the board, while respecting each other’s remits,” he said.
Read more on incident reporting: ICO Relaxes Breach Reporting for Comms Providers