The aim of this work is to ensure that organisations across the country can better protect themselves from criminals who steal data and hold it to ransom.
The MoU reaffirms a commitment to providing relevant, up to date information sharing on cyber security matters, to support improved cyber security, and to provide guidance on how change can be implemented.
Specifically, the two organisations are working more closely together to ensure organisations are signposted to relevant bodies, such as the National Cyber Security Centre (NCSC), and are empowered to report cyber crime at the earliest opportunity.
Stephen Bonner, ICO Deputy Commissioner - Regulatory Supervision, said: “Unfortunately we’ve seen cyber-crime costing UK firms billions over the past years. That’s why it’s crucial that relevant bodies work together to boost the UK’s cyber resilience. This new memorandum of understanding builds on our existing relationship with the NCA and will help improve cyber security standards across the board, while respecting each other’s remits.”
NCA Deputy Director Paul Foster, Head of the National Cyber Crime Unit, said: “The NCA leads a whole-system response to cyber crime, disrupting cyber criminals and putting them before the courts wherever possible. Organisations who are vulnerable to imminent attack or find themselves a victim also need support and guidance, and we work closely with our partners to provide this. We are pleased to be making this commitment with the Information Commissioner’s Office; this agreement signifies our common goal of establishing and maintaining a secure and resilient cyber ecosystem for all.”
The MOU reaffirms the following commitments, stating that both parties will:
- The ICO will encourage organisations to engage appropriately with the NCA on cyber security matters, including the response to cyber crime.
- The NCA will never pass information shared with it in confidence by an organisation to the ICO without having first sought the consent of that organisation.
- The ICO will support the NCA’s visibility of UK cyber attacks by sharing information about cyber incidents with the NCA on an anonymised, systemic and aggregated basis, and on an organisation specific basis where appropriate, to assist the NCA in protecting the public from serious and organised crime.
- Where both parties are engaged on a cyber incident, they will endeavour to deconflict to minimise disruption to an organisation’s efforts to contain and mitigate harm.
- Both organisations will work together to promote learning, provide consistent guidance and improve standards on cyber-related matters.