New cyber incident severity scale launched by CMC in UK

The Cyber Monitoring Centre (CMC) has announced its new initiative to categorise cyber events impacting UK organisations, offering a consistent framework to gauge the severity of such incidents.

This world-first approach introduces a scale from one to five, representing the severity of cyber events, with one being the least severe and five being the most severe.

This initiative aims to provide a clear and objective assessment of significant cyber incidents.

The CMC's Technical Committee, chaired by former CEO of the National Cyber Security Centre, Ciaran Martin, will oversee the assessment using a broad range of data and analytical techniques. Martin commented on the initiative's potential impact: "Measuring the severity of incidents has proved very challenging. This could be a huge leap forward. I have no doubt the CMC will improve the way we tackle, learn from, and recover from cyber incidents. If we crack this, and I'm confident that we will, ultimately it could be a huge boost to cyber security efforts not just here but internationally too."

The classification will apply to cyber events with a potential financial impact of more than GBP £100 million, those affecting multiple organisations, and where sufficient data is available for assessment. Following an event's categorisation, the CMC will disseminate the information and an accompanying report across multiple platforms, providing a detailed explanation and additional insights.

This information will be accessible at no cost.

Will Mayes, CEO of the CMC, emphasised the rising risk of major cyber events as UK organisations grow increasingly tech-reliant. "The risk of major cyber events is greater now than at any time in the past as UK organisations have become increasingly reliant on technology."

"The CMC has the potential to help businesses and individuals better understand the implications of cyber events, mitigate their impact on people's lives, and improve cyber resilience and response plans."

Mayes acknowledged the critical support from experts contributing to the CMC's establishment and ongoing operations. "I would also like to acknowledge the support from a wide range of world-leading experts who have contributed so much time and expertise to help establish the CMC, and continue to provide data and insights during events. Their ongoing support will be vital and we look forward to add further expertise to our growing cohort of partners in the months and years ahead."

Edward Lewis, CEO of cybersecurity consultancy CyXcel, who has been instrumental in the CMC's development, offered his perspective on the importance of this initiative. "This initiative marks a revolutionary approach to cyber risk management and is a real gamechanger in our industry. As the risks of significant cyber incidents grow, it's more important than ever to categorise these events clearly and robustly to enable insurers, governments and organisations to better prepare for, respond to and recover from these challenges more effectively. Most importantly of all, however, this initiative goes far beyond cybersecurity and insurance; it is about reinforcing national security and business resilience. The CMC will play a crucial role in enhancing national awareness, understanding and response to systemic cyber threats, shaping strategies and preventive measures against such incidents."