In a world-first initiative, the CMC - a pioneering initiative co-led by Edward Lewis, CEO of CyXcel, a Weightmans business - will deliver a consistent and objective framework to assess the severity of major cyber events as they occur, categorising incidents on an easy-to-understand scale from one (least severe) to five (most severe).
The CMC’s Technical Committee uses a wide range of data and analysis to assess and categorise incidents against the framework. The Committee is made up of leading cyber experts, chaired by former CEO of the National Cyber Security Centre, Ciaran Martin.
Edward Lewis, who has helped to lead the CMC as a director during its incubation year and carried out the initial feasibility assessment, said:
“This initiative marks a revolutionary approach to cyber risk management and is a real gamechanger in our industry. As the risks of significant cyber incidents grow, it’s more important than ever to categorise these events clearly and robustly to enable insurers, governments and organisations to better prepare for, respond to and recover from these challenges more effectively.
“Most importantly of all, however, this initiative goes far beyond cybersecurity and insurance; it is about reinforcing national security and business resilience. The CMC will play a crucial role in enhancing national awareness, understanding and response to systemic cyber threats, shaping strategies and preventive measures against such incidents.”
The CMC will categorise cyber events that have a potential financial impact greater than £100M, affect multiple organisations and where there is data or information available to enable assessment.
Once the Technical Committee has categorised an event, the CMC will publish the event category from one to five through multiple channels. Each categorisation will be supported by an event report, which will provide an explanation of the analysis, including additional insights from the analysis work. All this information will be made available free of charge.
