World-first classification scale to convey impact of systemic cyber events
London – 6 February 2025 – The Cyber Monitoring Centre (CMC) has today announced it will officially categorise cyber events impacting UK organisations, with immediate effect.
In a world-first initiative, the CMC will deliver a consistent and objective framework to assess the severity of major cyber events as they occur, categorising incidents on an easy-to-understand scale from one (least severe) to five (most severe)1.
The CMC’s Technical Committee2 uses a wide range of data and analysis to assess and categorise incidents against the framework. The Committee is made up of leading cyber experts, chaired by former CEO of the National Cyber Security Centre, Ciaran Martin.
Commenting on this milestone in the UK’s approach to cyber risk management, Martin says: “Measuring the severity of incidents has proved very challenging. This could be a huge leap forward. I have no doubt the CMC will improve the way we tackle, learn from, and recover from cyber incidents. If we crack this, and I’m confident that we will, ultimately it could be a huge boost to cyber security efforts not just here but internationally too.”
The CMC will categorise cyber events that have a potential financial impact greater than £100M, affect multiple organisations and where there is data or information available to enable assessment.
Once the Technical Committee has categorised an event, the CMC will publish the event category from one to five through multiple channels. Each categorisation will be supported by an event report, which will provide an explanation of the analysis, including additional insights from the analysis work. All this information will be made available free of charge.
CEO of the CMC, Will Mayes, adds: “The risk of major cyber events is greater now than at any time in the past as UK organisations have become increasingly reliant on technology. The CMC has the potential to help businesses and individuals better understand the implications of cyber events, mitigate their impact on people’s lives, and improve cyber resilience and response plans.”
“I would also like to acknowledge the support from a wide range of world-leading experts who have contributed so much time and expertise to help establish the CMC, and continue to provide data and insights during events. Their ongoing support will be vital and we look forward to add further expertise to our growing cohort of partners in the months and years ahead.”
- Full details of the CMC’s methodology and categorisation matrix can be found here ↩︎
- Full details of the CMC’s Technical Committee can be found here ↩︎
About the Cyber Monitoring Centre
With its origins in an idea from members of the insurance industry, the Cyber Monitoring Centre is a completely independent, non-profit organisation responsible for analysing and categorising cyber events that impact UK organisations.
Events are categorised by an independent technical committee made up of leading cyber experts, and based on analyses of data from leading data providers. Event categorisation and event reports will be provided free of charge to any interested organisations and individuals to help increase the understanding of the impact of cyber events, and improve cyber mitigation and response plans.
For more information visit https://cybermonitoringcentre.com/ or follow us on LinkedIn.