Cyber Monitoring Centre to independently classify cyber attacks

Weightmans, a national law firm, has joined forces with global insurer CFC. They will introduce the UK Cyber Monitoring Centre (CMC), an initiative designed to independently identify and categorise systemic cyber attacks, similar to the classification of natural disasters. Set to begin in January 2024, the CMC aims to revolutionise cyber insurance by establishing a standardised framework for defining large-scale cyber events.

Led by a technical committee comprising experts from academia, cybersecurity, public policy, defence, and law, the CMC will employ a novel methodology to categorise cyber incidents on a severity scale ranging from ‘category one’ to ‘category five.’ The classification will be based on the scope of the cyber event, considering the number of businesses affected and its economic impact.

The CMC’s goal is to issue categorisations within 30 days of an event occurring, contributing to a comprehensive understanding of systemic cyber risk. While not directly serving the insurance market, the CMC’s classifications are anticipated to assist insurers in improving coverage for systemic cyber incidents, a historically challenging area due to their widespread nature.

During its first year, the CMC plans to refine its programme without publicly declaring incidents. However, the long-term vision includes insurers simplifying policy language by referencing CMC classifications, streamlining cyber coverage and reducing the risk of policy disputes. This potential simplification would make cyber insurance more accessible, particularly for small and medium-sized enterprises (SMEs).

Weightmans, in collaboration with CFC, conducted a legal feasibility study and contributed to its development. Edward Lewis, partner at Weightmans stated:

“The CMC provides the independent measure that is necessary to better understand when a systemic attack has occurred and how much damage it has caused. And this isn’t just something that will benefit insurers through policy wording. Through its expertise and independence, we see it becoming an integral part of the nation’s cyber defence network, working hand-in-hand with government and public agencies to respond to incidents more effectively when they occur and even improve measures to prevent such events happening in the first place.”

James Burns, head of cyber strategy at CFC, commented:

“The CMC aims to deliver the missing piece of the puzzle in tackling systemic risk. It’s something that we and our partners have helped catalyse, but is entirely independent of any one company, organisation or sector. It is this independence that we think will make it so effective in its role as a reliable, expert assessor of systemic incidents. The centre serves no one but its own methodology.”

Image: Edward Lewis, Weightmans

Emma Cockings Emma is a content editor for Claims Media. Emma is a experienced writer with a background in client-centric personal injury for a major firm. She has attended and reported on multiple brokerage events throughout her career.