Methodology

The Cyber Monitoring Centre (CMC) categorises events on the CMC Scale. The scale runs from 1 to 5 based on the percentage of UK organisations impacted and the financial impact of the event.

The CMC category is calculated based on the number of UK organisations impacted and the financial impact of the event. The assessment combines polling, technical indicators, incident data, and insights from those with firsthand knowledge of the event. The analysis is overseen and reviewed by a Technical Committee of leading cyber experts who then determine the event classification. The target timeframe to categorise an event is 30 days from the event being known, although in 2025 this may take longer. 

You can find the detailed methodology here.