UK’s ICO and NCA Sign Memorandum to Boost Reporting and Resilience

Summary: The UK’s Information Commissioner’s Office (ICO) and National Crime Agency (NCA) have signed a memorandum of understanding (MoU) to enhance cooperation in improving the cyber-resilience of organizations affected by cybercrime. This agreement outlines commitments for information sharing and support for victim organizations to better respond to incidents.

Threat Actor: N/A | National Crime Agency
Victim: N/A | UK organizations

Key Point :

  • The ICO will encourage breached organizations to engage with the NCA for cybersecurity support.
  • The NCA will not share victim information with the ICO without consent.
  • The ICO will provide anonymized data to the NCA to enhance its understanding of cyber incidents.
  • Both agencies commit to minimizing disruption for victim organizations during incident response.
  • Collaboration on guidance and standards related to cybersecurity will be prioritized.

The UK’s data protection watchdog and serious and organized crime agency have signed a memorandum of understanding (MoU) designed to enhance cooperation and reaffirm their commitment to helping victim organizations.

The MoU sets out how the Information Commissioner’s Office (ICO) and National Crime Agency (NCA) will work together to improve the cyber-resilience of the UK. This includes sharing information with each other, and organizations impacted by cybercrime, and ensuring that the latter understand which agencies to report incidents to.

The document outlines the following commitments:

  • That the ICO will encourage breached organizations to engage with the NCA on cybersecurity and incident response
  • That the NCA will never pass on to the ICO information shared with it by a victim organization, unless given consent
  • That the ICO will share “anonymised, systemic and aggregated” data with the NCA to improve its visibility into cyber-incidents and ability to protect the public from future attacks
  • Where both bodies are engaged on an incident, a commitment to minimize disruption for the victim organization as it tries to mitigate and contain a breach
  • To collaborate on guidance, standards and learning across cybersecurity-related topics

For the NCA, the MoU is about enhancing its “whole system” response to cybercrime, according to head of its National Cyber Crime Unit, Paul Foster.

“Organizations who are vulnerable to imminent attack or find themselves a victim also need support and guidance, and we work closely with our partners to provide this,” he said.

“We are pleased to be making this commitment with the Information Commissioner’s Office; this agreement signifies our common goal of establishing and maintaining a secure and resilient cyber ecosystem for all.”

ICO deputy commissioner for regulatory supervision, Stephen Bonner, added that with cybercrime costing UK organizations billions, it’s more important than ever that the relevant bodies work together to improve cyber-resilience.

“This new memorandum of understanding builds on our existing relationship with the NCA and will help improve cybersecurity standards across the board, while respecting each other’s remits,” he said.

Read more on incident reporting: ICO Relaxes Breach Reporting for Comms Providers

Source: https://www.infosecurity-magazine.com/news/uk-ico-nca-memorandum-reporting