UK's data protection watchdog deepens cooperation with National Crime Agency
The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery


The UK's Information Commissioner’s Office (ICO) and National Crime Agency (NCA) are planning to improve the support they give to organizations experiencing cyber attacks.
In a Memorandum of Understanding (MoU), the two agencies set out plans to make sure that victims are signposted to relevant bodies, such as the National Cyber Security Centre (NCSC), and are empowered to report cyber crime at the earliest opportunity.
“Unfortunately, we’ve seen cyber crime costing UK firms billions over the past years. That’s why it’s crucial that relevant bodies work together to boost the UK’s cyber resilience," said Stephen Bonner, ICO deputy commissioner - regulatory supervision.
"This new memorandum of understanding builds on our existing relationship with the NCA and will help improve cybersecurity standards across the board, while respecting each other’s remits."
The MoU commits the ICO and NCA to encourage organizations to engage with the NCA on cybersecurity matters, including the response to cyber crime, promising that the NCA will never pass on information shared in confidence without having first received the organization's consent.
The ICO will also share information about cyber incidents with the NCA on an anonymized, systemic, and aggregated basis - and on an organization-specific basis where appropriate - to help protect the public from serious and organized crime.
Where the ICO and NCA are both engaged in a cyber incident, they'll work together to minimize disruption to the organization’s efforts to contain and mitigate harm.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Similarly, the two agencies will also work together to promote learning, provide consistent guidance, and improve standards on cyber-related matters while continuing to work closely with the National Cyber Security Centre (NCSC).
The NCA noted that organizations have a legal responsibility – under both data protection law and the Network and Information Systems Regulations – to report incidents that meet a certain threshold.
There’s a huge amount of assistance on offer, the crime agency added, including tailored technical advice, the creation of secure communication channels, insight into an attacker’s possible motivations, and strategic advice on how to engage with the rest of government, regulators, and the media.
"The NCA leads a whole-system response to cyber crime, disrupting cyber criminals and putting them before the courts wherever possible," said NCA deputy director Paul Foster, head of the National Cyber Crime Unit.
"Organizations who are vulnerable to imminent attack or find themselves a victim also need support and guidance, and we work closely with our partners to provide this."
"We are pleased to be making this commitment with the Information Commissioner’s Office; this agreement signifies our common goal of establishing and maintaining a secure and resilient cyber ecosystem for all."
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.
-
Cisco takes aim at AI security at RSAC with ServiceNow partnership
News The companies claim Cisco AI Defense and ServiceNow SecOps will help address new challenges raised by AI
By Jane McCallion
-
Why veterans can excel in data centers – and could help the IT sector address its skill shortages
In-depth Ex-military workers can bring software and hardware to civilian roles
By John Loeppky
-
Five Eyes cyber agencies issue guidance on edge device vulnerabilities
News Cybersecurity agencies including the NCSC and CISA have issued fresh guidance on edge device security.
By Emma Woollacott
-
"Thinly spread": Questions raised over UK government’s latest cyber funding scheme
The funding will go towards bolstering cyber skills, though some industry experts have questioned the size of the price tag
By George Fitzmaurice
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuse
News The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
By Emma Woollacott
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victims
News Companies need to treat victims with swift, practical action, according to the ICO
By Emma Woollacott
-
State-sponsored cyber crime is officially out of control
News North Korea is the most prolific attacker, but Russia and China account for the most disruptive and tightly-targeted campaigns
By Emma Woollacott
-
Modern enterprise cybersecurity
whitepaper Cultivating resilience with reduced detection and response times
By ITPro
-
IDC InfoBrief: How CIOs can achieve the promised benefits of sustainability
whitepaper CIOs are facing two conflicting strategic imperatives
By ITPro
-
The NCSC and FBI just issued a major alert over a state-backed hacker group – here’s what you need to know
News State-affiliated attackers are targeting individuals via spear-phishing techniques, according to the NCSC
By Emma Woollacott