A new Cyber Monitoring Centre (CMC) has been launched in the UK to help measure the severity of cyber threats and their potential impact on organizations in the region.
The CMC is an independent nonprofit organization set up by the UK insurance industry to boost trust in the cyber insurance market and improve the nation's understanding and response to cyber threats.
It’s already been operating behind the scenes for roughly a year, and was publicly launched at an event held by the Royal United Services Institute (RUSI) on 6 February 2025.
The CMC’s mission statement compares itself to classification systems built to convey the intensity and impact of physical events, such as the Richter scale for earthquakes or the Saffir-Simpson hurricane wind scale.
“The aim of the Cyber Monitoring Centre (CMC) is to create the equivalent for the digital world – to design a way of consistently describing and communicating the seriousness and the severity of cyber events as they are occurring,” the CMC said.
The CMC Scale will run from one to five, from least severe to most severe, according to the proportion of UK-based organizations that are affected by the attack and the overall financial impact of the incident.
It will also gather information from polling, technical indicators, and other incident data to create a consistent categorization methodology.
The body has assembled a CMC Technical Committee that will include leading cyber experts who will review this information and determine the classification of the event.
All of this will take place within a target timeframe of 30 days from the start of the event, according to the CMC, which noted that “in 2025 this may take longer”.
Former NCSC chief says CMC will improve UK’s response to cyber attacks
As of 6 February 2025, the CMC said it will start officially categorizing cyber events impacting UK organizations, which it added will be free to access for organizations and individuals in the UK and around the world.
The CMC noted that it will only be categorizing events that have potential financial impact greater than £100 million, affect multiple organizations, and if there is enough data available to carry out a thorough analysis of the event.
Ciaran Martin, former CEO of the National Cyber Security Centre (NCSC) and Chair of the CMC, said the task of creating a metric to track the severity of cyber attacks has been a difficult task, but claimed the creation of the CMC is a sign of strong progress towards this goal.
“Measuring the severity of incidents has proved very challenging. This could be a huge leap forward. I have no doubt the CMC will improve the way we tackle, learn from, and recover from cyber incidents. If we crack this, and I’m confident that we will, ultimately it could be a huge boost to cyber security efforts not just here but internationally too.”
Will Mayes, CEO at the CMC, stated that as UK businesses become increasingly dependent on technology, the potential impact of cyber attacks has never been greater and, as such, the CMC will fill an important role in helping these organizations understand these events.
“The risk of major cyber events is greater now than at any time in the past as UK organisations have become increasingly reliant on technology. The CMC has the potential to help businesses and individuals better understand the implications of cyber events, mitigate their impact on people’s lives, and improve cyber resilience and response plans,” he explained.
“I would also like to acknowledge the support from a wide range of world-leading experts who have contributed so much time and expertise to help establish the CMC, and continue to provide data and insights during events. Their ongoing support will be vital and we look forward to add further expertise to our growing cohort of partners in the months and years ahead.”
MORE FROM ITPRO
