About the CMC

Bringing clarity to the complex world of cyber events

Many physical events, such as earthquakes, floods, and hurricanes have easily understandable classification systems, designed to convey the intensity of the event. For example, the Saffir-Simpson hurricane wind scale was designed by wind engineer Herbert Saffir and meteorologist Bob Simpson as a way to describe the potential impact of hurricanes. The scale has been transformative in the way that it allows people to consistently describe and communicate about these events. Today we take this one to five scale for granted, but this was only developed in the early 1970s.

The aim of the Cyber Monitoring Centre (CMC) is to create the equivalent for the digital world – to design a way of consistently describing and communicating the seriousness and the severity of cyber events as they are occurring. The CMC has been formed as an independent, non-profit organisation, responsible for monitoring, defining, and classifying cyber events impacting UK organisations, and providing this information at no cost, to any interested organisations and individuals.

The CMC monitors for cyber events and when a qualifying event occurs, categorises the event using the CMC Scale. The scale runs from one to five based on the percentage of UK businesses impacted and the financial impact of the event. A consistent categorisation methodology has been developed that gathers information from polling, technical indicators, and other incident data. The CMC Technical Committee, made up of leading cyber experts from a diverse range of backgrounds, then meets to review this information and determine the category of the event. The target timeframe for categorising an event is 30 days from the start of the event.

During 2024 the Cyber Monitoring Centre will test and improve the methodology. Event categorisations will not be made available during this time. It is anticipated that event categorisations will be made public from early 2025.

More information on this scale and the methodology for categorising cyber events will be released throughout the course of 2024.