CFC, the insurer behind the idea to set up an independent body for an industry-wide cyber event declaration system, has partnered with law firm Weightmans to launch the UK Cyber Monitoring Centre (CMC) next month.
Previously, a CFC expert said: “The insurance market can push forward the initiative initially, as we’re seeing the need for it firsthand. But the body for an industry-wide declaration system has to be independent. Otherwise, there would be a natural conflict. We can’t have an insurer-owned body declaring events off the back of which major reinsurance contracts and payouts are based.
“That’s why, on January 1, 2024, CFC is launching an independent cyber monitoring centre, as we look to address the perennial challenge of systemic risk.”
Now it’s been announced that CFC and Weightmans are leading the upcoming launch, with the latter having assisted the insurer through a legal feasibility study and on developing the CMC’s methodology.
Weightmans partner Edward Lewis (pictured) stated in an emailed release: “The CMC is a milestone in the UK’s approach to tackling systemic cyber risk. Systemic attacks – whether the result of sophisticated criminals or hostile nation states – are those that have the potential to cause the most damage. But because of their complexity, scale, and spread, it has historically been difficult to quickly, effectively, and consistently identify when they have occurred and measure their impact.
“The CMC provides the independent measure that is necessary to better understand when a systemic attack has occurred and how much damage it has caused. And this isn’t just something that will benefit insurers through policy wording.
“Through its expertise and independence, we see it becoming an integral part of the nation’s cyber defence network, working hand-in-hand with government and public agencies to respond to incidents more effectively when they occur and even improve measures to prevent such events happening in the first place.”
According to this week’s announcement, the CMC will be led by a technical committee that consists of non-insurance experts from across academia, cybersecurity, public policy, defence, and law. They will be using the newly developed methodology to categorise cyber incidents on a five-step severity scale.
“The CMC aims to deliver the missing piece of the puzzle in tackling systemic risk,” James Burns, cyber strategy head at CFC, said. “It’s something that we and our partners have helped catalyse, but is entirely independent of any one company, organisation, or sector. It is this independence that we think will make it so effective in its role as a reliable, expert assessor of systemic incidents. The centre serves no one but its own methodology.
“This launch is very much the start of the centre’s journey. It needs time to prove the strength of its approach in the real-world environment, and build the trust from industry, government, and the UK’s business community that will be critical to making it a viable and effective part of the UK’s cyber ecosystem in the long term.”
What do you think about this story? Share your thoughts in the comments below.