The Cyber Monitoring Centre (CMC) is set to revolutionize the way major cyber events are categorized, with implications that could significantly impact the understanding of cyber risks and harms. In a groundbreaking move, the CMC, an independent and non-profit organization, will introduce a framework to assess the severity of cyber events on a scale from one (least severe) to five (most severe).
Led by the CMC’s Technical Committee, which includes renowned cybersecurity experts such as former CEO of the National Cyber Security Centre, Ciaran Martin, the categorization process will utilize a wide range of data and analysis to evaluate incidents against the established framework. Incidents with a potential financial impact exceeding £100 million, affecting multiple organizations, and with accessible data for assessment will be categorized by the committee.
Transparency is a key objective for the CMC, and the detailed event categorization methodology is readily available for public perusal. This move represents a significant milestone in the UK’s cyber risk management strategy, with Martin expressing confidence in the CMC’s ability to enhance the response to cyber incidents and bolster cybersecurity efforts both domestically and internationally.
The conventional estimation of cybercrime costs in the UK stands at £27 billion annually, a figure calculated back in 2011. However, the evolving landscape of cyber threats necessitates a more dynamic and accurate approach. Once an event is categorized by the Technical Committee, the CMC will disseminate the classification through various platforms along with an event report detailing the analysis and insights derived from the process.
Martin underscored the critical need for a more precise measurement of cyber harm, given the industry’s data-rich nature and technical acumen. Misleading media coverage often distorts public perceptions of cyber incidents, with the attention garnered by high-profile data breaches overshadowing smaller yet more damaging breaches. The new classification system aims to rectify this disparity and provide a comprehensive assessment of cyber risks and harms.
CEO of the CMC, Will Mayes, emphasized the escalating risk posed by major cyber events in today’s technology-reliant landscape. The CMC’s role in enhancing understanding, mitigating impacts, and bolstering cyber resilience underscores its significance in the cybersecurity domain. Mayes lauded the collective efforts of experts in shaping the CMC’s framework and expressed gratitude for their ongoing support in advancing the organization’s mission.
As the CMC prepares to implement its classification scale for systemic cyber events, stakeholders across various sectors anticipate a more nuanced and standardized approach to evaluating cyber risks and mitigating potential harms. With an emphasis on collaboration and expertise, the CMC aims to redefine the response to cyber incidents and foster a heightened awareness of cybersecurity challenges in an increasingly interconnected world.