- The 45+ best early Amazon Presidents' Day tech deals live right now
- Nvidia's Shield TV finally gets an update - and some users see 'unbelievable' performance gains
- AT&T's new 'free iPhone' deal is surprisingly easy to qualify for. Here's how it works
- How popular is Windows 11? Statcounter can't tell you - here's why
- I tried a $200 robot vacuum from Amazon - it left my more expensive models in the dust
Cyber Attack Severity Rating System Established in U.K.
A new rating system in the U.K. will classify the severity of cyberattacks on a scale from one to five, aiming to provide businesses and policymakers with more precise insights into the impact of cyber threats. The Cyber Monitoring Centre, an independent nonprofit organisation of industry experts, will assess incidents in real time and publish results for free.
The system is designed to be easily understood, similar to the Saffir-Simpson hurricane scale, which categorises hurricanes based on sustained wind speed. A score of one on the CMC scale represents the least severe incidents, while a five indicates the most serious cyberattacks. Only events that impact multiple organisations and result in financial losses exceeding £100 million will receive a rating.
The U.K. has experienced a surge in high-profile hacking events over the past year, including ransomware incidents targeting the British Library, supermarkets Sainsbury’s and Morrisons, and pathology company Synnovis, which disrupted the NHS operations. In December, the head of the U.K.’s National Cyber Security Centre warned that the country’s cyber risks are “widely underestimated.”
SEE: 99% of UK Businesses Faced Cyber Attacks in the Last Year
The CMC will gather data from sources such as Chamber of Commerce polling, technical indicators, and incident reports to assess an ‘attack’s severity. The organisation’s Technical committee — comprising the former CEO of the National Cyber Security Centre, a former Director General for Technology at GCHQ, and a cybersecurity professor from Oxford University — will review the findings and assign a classification.
Results and corresponding reports will be freely available to “help increase the understanding of the impact of cyber events and improve cyber mitigation and response plans.”
“The risk of major cyber events is greater now than at any time in the past as UK organisations have become increasingly reliant on technology,” said the CEO of the CMC, Will Mayes, in a press release. “The CMC has the potential to help businesses and individuals better understand the implications of cyber events, mitigate their impact on people’s lives, and improve cyber resilience and response plans.”
U.K. businesses should not rely solely on a reactive system, critics say
While the rating system offers valuable insights, some cybersecurity experts argue that businesses should not rely on it as their primary defence. Instead, they emphasise the importance of proactive security measures.
“A fantastic incident response is well managed, it’s well trained, it’s well tested, and it’s got experience of real-life incidents under its belt,” said Benedict Peet, Information and Cyber Security Risk Manager at Standard Chartered Bank, in an email to TechRepublic. “Just a general incident response is where there’s a framework in place, there’s no testing, there’s no planning, there’s no experience.”
Haris Pylarinos, CEO and Founder of security training platform Hack The Box, told TechRepublic in an email: “The U.K.’s introduction of the Cyber Monitoring Centre is a step forward, but it focuses on the aftermath rather than the root cause. Companies should take the opportunity to learn from realistic and dynamic crisis scenarios to stress-test their incident response capabilities before an incident.”
