The Cyber Monitoring Centre (CMC) aims to establish a ‘consistent and objective framework’ to provide clarity to enterprise insurance buyers.
A UK body backed by the cyber insurance industry is seeking to establish a framework to classify the severity of cyber incidents affecting UK organisations.
The Cyber Monitoring Centre (CMC) — an independent nonprofit organisation launched last week — aims to create a standardised scale for measuring the impact of cyber incidents from one (least severe) to five (most severe).
A wide range of data and analysis will be used to assess and categorise incidents against the framework, which measures severity based on the proportion of UK organisations affected and the overall financial impact.
Edward Lewis, CEO of cybersecurity consultancy CyXcel, told CSO that the focus of CMC is on the needs of insurance buyers, rather than the industry itself.
“The CMC evolved from market reactions to the Lloyd’s cyber war bulletin, which faced backlash for its conflation of systemic cyber risk with cyber war, as well the ambiguity and attribution challenges posed by the associated model clauses which followed it,” Lewis explained.
Insurance marketplace Lloyd’s of London put forward a policy requiring insurance group members to exclude liability for losses arising from state-backed cyberattacks from 2023. The measure, which was controversial even when it was introduced, remains contentious.
Lewis continued: “While large global companies with deep pockets may weather disputes over attribution and accept delays in cyber policy payouts, small and medium-sized businesses cannot afford such delays. These businesses need rapid support, particularly financial support, in a measure of days not the weeks, months, or even years that insurers, lawyers, and brokers could end up arguing about attribution and whether a loss is excluded from cover.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
