UK’s Cyber Monitoring Centre Plans US Expansion One Year After Launch
One year into its operations, the UK’s Cyber Monitoring Centre (CMC) is poised to broaden its reach by establishing a new presence in the United States. This nonprofit organization, founded by a group of experts in February 2025, aims to evaluate the economic and financial repercussions of significant cyber incidents affecting the UK.
The CMC’s methodology for assessing cyber incidents emulates the systematic approaches used in the assessment of physical disasters. For instance, the organization utilizes a categorization scale akin to the Richter scale for earthquakes and the Saffir-Simpson scale for hurricanes. Such established frameworks enable clearer communication about the severity and implications of these incidents. The CMC has developed its own scale, ranging from categories 0 to 5, wherein cyber events are categorized based on the number of affected individuals and their overall financial implications.
To initiate the assessment process, the CMC’s Technical Committee meticulously collects data on UK-based organizations that have suffered cyber-attacks. This data is derived from publicly available sources and contributions from various partners, including notable entities such as the British Chamber of Commerce, the National Health Service (NHS), the Office of National Statistics, CyXcel, Cirium, and Fable Data.
Once sufficient data is compiled, an in-house methodology is utilized to categorize the attack. Following this classification, the organization generates a detailed report documenting the incident’s specifics and its financial impact, assigning a corresponding CMC category number.
In its inaugural year, the CMC analyzed two significant events of immense economic consequence. The first occurrence was a cyber-attack during the spring of 2025 that targeted prominent retailers Marks & Spencer and the Co-op. This incident was classified as a ‘Category 2’ event, culminating in financial losses between £270 million and £440 million ($360 million to $587 million), with a median loss estimated at £355 million ($473 million).
The second event revolved around a cyber incident that struck Jaguar Land Rover (JLR) in August 2025, which was acknowledged as the most costly cyber-attack impacting the UK. The estimated financial losses from this event ranged from £1.6 billion to £2.1 billion ($2.1 billion to $2.8 billion), with a median estimated loss arriving at approximately £1.9 billion ($2.5 billion).
During a “2025 Year In Review” event held at the Royal United Services Institute (RUSI) in London on March 16, Ruth Goodwin, the head of operations and partnerships at the CMC, confirmed ongoing plans to set up a US Cyber Monitoring Center as part of the nonprofit’s growth strategy for 2026. She mentioned that efforts are currently underway to appoint a technical committee specific to the US CMC, alongside establishing a legal entity within the United States.
Goodwin elaborated that some data providers the CMC collaborates with already operate on a global scale, enabling easier data collection regarding the financial impacts of cyber-attacks within the US. “We will likely have a period of incubation,” she explained. “During this phase, the technical committee will develop a data analytics methodology that is tailored to the complexities of the US economy.”
According to Goodwin, the official launch of the US Cyber Monitoring Center is anticipated for 2027. This new initiative signifies a significant step for the CMC as it seeks to address the burgeoning challenges posed by cyber threats, not only in the UK but also across the Atlantic.
The importance of establishing such a center cannot be overstated. As the frequency and sophistication of cyber-attacks escalate globally, the need for comprehensive analysis and effective response mechanisms becomes paramount. The CMC’s planned expansion represents an understanding that cyber resilience is a pressing issue that transcends borders, necessitating coordinated efforts and data sharing to mitigate risks effectively.
This development is highly relevant given the increasing vulnerabilities faced by sectors across the board, from healthcare to retail, highlighting the critical need for organizations to fortify their defenses against potential cyber threats. As the CMC prepares to engage with American stakeholders, the implications of their work will likely resonate through various industries, paving the way for enhanced cybersecurity measures worldwide.