Global Site
Argentina Aruba Barbados Bolivia Brazil Canada Cayman Islands Chile Colombia Costa Rica Curacao El Salvador Guatemala Honduras Mexico Paraguay Peru Puerto Rico Saint Martin Suriname United States Uruguay Venezuela
Australia Cambodia China Hawaii Hong Kong India Indonesia Japan Macau Malaysia Maldives Mongolia Myanmar Nepal New Zealand Pakistan Philippines Singapore South Korea Sri Lanka Taiwan Thailand Vietnam
Albania Andorra Armenia Austria Azerbaijan Belgium Bulgaria Croatia Cyprus Czech Republic Denmark Estonia Finland France Georgia Germany Greece Hungary Ireland Italy Kazakhstan Kosovo Latvia Lithuania Luxembourg Malta Moldova Netherlands Norway Poland Portugal Romania Serbia Slovakia Slovenia Spain Sweden Switzerland Tajikistan Turkey Ukraine United Kingdom Uzbekistan
Algeria Angola Bahrain Egypt Ghana Israel Jordan Kenya Kuwait Lebanon Liberia Mauritius Morocco Mozambique Nigeria Oman Qatar Saudi Arabia Senegal Sierra Leone South Africa Tanzania Togo Tunisia Uganda United Arab Emirates Yemen
Contact us
home Insights
lady with an ipad in a server room

What does the new Cyber UN Agreement mean for the future cyber security?

Authors: Mollie Marsh, Assistant, Forensic Services
Tim Robinson
10/11/2025
lady with an ipad in a server room

It seems that barely a week goes by without there being mention of a cyber incident in the news.

In April, hackers from the Scattered Spider group used social engineering to infiltrate M&S systems, posing as executives to bypass password protections. The resulting ransomware attack caused weeks of disruption and is expected to cost over £300 million.

To give another example, a major breach at Jaguar Land Rover halted global production for five weeks, costing an estimated £1.9 billion and impacting over 5,000 UK organisations –making it the most economically damaging cyber event in UK history.

Other major UK institutions, including Co-op, Harrods, and Heathrow Airport, have also suffered cyber incidents, exposing vulnerabilities in critical infrastructure and supply chains.

Cyber security is no longer optional – It’s essential.

A rising tide of threats

The National Cyber Security Centre (NCSC) revealed in its latest Annual Review that cyber threats facing the UK continue to escalate. The NCSC dealt with 204 ‘nationally significant’ cyberattacks in the 12 months to August 2025. This is up from 89 the previous year. As a result, the British public are losing faith in online safety and data protection, with three in four people saying they feel their data is not safe.

A global approach

It is not just the UK that is experiencing these types of significant cyberattacks. The impact of such incidents, and the need to combat them, has been recognised globally, with the establishment of the United Nations Convention against Cyber Crime (Convension). Signed in Hanoi in October 2025 by 65 nations, the Convention is a global and legally binding treaty aimed at tackling cyber crime. It took five years to develop, with the following aims:

  • Strengthen international cooperation in investigating and prosecuting cyber crime.
  • Facilitate the sharing of electronic evidence across borders.
  • Support technical assistance and capacity-building, especially for developing countries.
  • Criminalise a wide range of cyber-dependent and cyber-enabled offences, including ransomware and online fraud.

What does this mean for the UK?

The Convention requires signatory nations to criminalise specific cyber-related activities, such as illegal access, data interference, online fraud, and ransomware attacks. This provides a more consistent global standard, reducing legal discrepancies and simplifying compliance for UK companies operating internationally.

However, the Convention may come with increased reporting requirements for some businesses. The UK's proposed Cyber Security and Resilience Bill, which aligns with the principles of the UN convention, will likely introduce stricter mandatory incident reporting requirements for certain businesses, particularly those in critical infrastructure sectors.

On an individual level, the Convention will provide improved protection against online crime. Additionally, the framework for faster data requests and a cooperation network among states means law enforcement can respond more effectively to transnational cyber incidents affecting individuals, potentially leading to faster resolution and justice for victims.

A turning point?

This new Convention expands on the existing Budapest Convention on Cyber Crime, adopted by the Council of Europe in 2001, which was the first international treaty to tackle internet and computer related crimes. The cyber threats we face today have evolved dramatically since 2001, triggering the need for a more comprehensive approach.

Given the borderless nature of cyber crime, the new UN Cyber Crime Convention represents a major step toward a unified global response to cyber threats. For the UK, it offers a framework to bolster resilience, improve cross-border cooperation, and protect citizens from increasingly sophisticated attacks.

The UK’s signing of the Convention signals its commitment to leading the global fight against cyber crime. But its success will depend on how it is implemented, and whether nations uphold the principles of transparency and accountability.

How we can help

Our Cyber Security and Counter Fraud team are always happy to offer advice and training to ensure your organisation can manage cyber risk. For more information, contact Tim Robinson or your usual Crowe contact.

Contact us

Tim Robinson
Tim Robinson
Partner, Cyber Security and Counter Fraud
+44 (0)20 7842 7164

Insights

Unexpected cyber attack in the bagging area: UK’s retailers under threat from sweeping attacks
M&S, Co-op and Harrods targeted by cyber criminals in a sweeping attack on the retail sector.
Cyberattacks on the retail sector
Following any major cyberattack, an essential part of the recovery process is being able to reflect on what can be learned from the incident.

Related services

Retail Cyber Security