Phil Gwinnell

The United Kingdom has launched a new system for rating the severity of cyber attacks through the Cyber Monitoring Centre (CMC), which began its operations on Thursday, February 6, 2025123. This initiative aims to enhance the nation’s response to cybercrime and improve understanding of cyber incidents.Key features of the new system include:

1. Severity Scale: The CMC will categorize cyber events on a scale from one (least severe) to five (most severe)134.
2. Focus: The system will assess incidents with a potential financial impact greater than £100 million, affecting multiple organizations, and where sufficient data is available for proper assessment124.
3. Reporting: Once an event is categorized, the CMC will publish the event rating alongside a detailed report, providing important information to help organizations protect themselves or recover if impacted14.
4. Expert Analysis: The technical committee, chaired by Ciaran Martin, former chief executive of the National Cyber Security Centre (NCSC), will lead the monitoring and analysis135.
5. Timeframe: The CMC aims to categorize events within 30 days, although this is not a strict deadline for 20255.

The CMC’s approach is compared to methodologies used for physical events, such as the Richter scale for earthquakes5. This system is expected to bring greater clarity and transparency to complex cyber incidents, helping organizations better react and prepare for future events2.Will Mayes, CEO of the CMC, stated that the initiative “has the potential to help businesses and individuals better understand the implications of cyber events, mitigate their impact on people’s lives, and improve cyber resilience and response plans”145.Ciaran Martin emphasized the significance of this development, saying, “Measuring the severity of incidents has proved very challenging. This could be a huge leap forward,” and expressed confidence that it could boost cyber security efforts both in the UK and internationally134.