The law is fine and doesn't need changing
If a "security person" wants to "test" the vulnerabilities of someone's computer, then they should ask permission from the owner of the computer before conducting such testing. Otherwise anyone could claim after being caught that he was a "white hat" merely "testing security".
If the police want to secretly infect a suspect's computer with software that gathers evidence that may aid their investigation, or to download data without the suspect's approval or knowledge, then to do so legally requires that they first obtain a warrant that grants permission for them to do so (called an "interference to equipment" warrant). If they do not obtain such a warrant, then they are quite rightly guilty of breaking the computer misuse act. The warrant provides judicial oversight to ensure that the unauthorised access to the suspect's computer is fair and proportionate, and the police are not abusing their powers. See https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/715479/Equipment_Interference_Code_of_Practice.pdf