British Information Commissioner’s Office (ICO) and the National Crime Agency (NCA) have signed a Memorandum of Understanding (MOU) to enhance the cybersecurity resilience of organizations. The agreement outlines the collaboration between the two agencies to boost the protection of businesses and government entities from cybercriminals involved in data theft and extortion.
The primary goal of the MOU is to facilitate the exchange of pertinent cybersecurity information and provide recommendations to organizations for effective data protection and cyber response strategies. ICO and NCA plan to direct companies to relevant entities like the National Cyber Security Centre (NCSC) for prompt reporting of cyber incidents.
ICO highlighted that the new MOU strengthens the existing partnership with NCA and elevates security standards, with each department maintaining its specific areas of responsibility. On the other hand, NCA stressed the significance of supporting and educating vulnerable organizations, citing the signed agreement as a critical step towards a more secure cyber environment in the UK.
The agreement establishes the key responsibilities of both parties. Specifically, ICO and NCA will facilitate organizations in engaging with NCA promptly on cybersecurity matters and responding to incidents. Furthermore, any information shared confidentially by NCA will not be disclosed to ICO without the consent of the relevant organization.
Additionally, both agencies agreed on the anonymous exchange of cyber incident data to safeguard public interests and deter serious cybercrime. In cases where ICO and NCA are both involved in investigating an incident, they will coordinate efforts to minimize potential interference and avoid impeding affected companies in resolving the aftermath.
Furthermore, the MOU aims to promote cybersecurity training, offer consistent recommendations, and elevate safety standards across all sectors. Collaboration between ICO and NCA is expected to fortify British cybersecurity defenses and make them less susceptible to malicious attacks.