UK Cyber Monitoring Centre Sets Its Sights on US Expansion One Year After Launch

The UK Cyber Monitoring Centre (CMC) launched in February 2025 as a nonprofit dedicated to quantifying the economic fallout of major cyber incidents. Borrowing from physical‑event rating systems, the CMC applies a proprietary 0‑to‑5 scale that combines affected population size with direct financial loss. Its technical committee aggregates publicly available breach data and contributions from partners such as the British Chamber of Commerce, NHS, and Office of National Statistics. By standardising impact measurement, the centre offers policymakers and insurers a clearer risk baseline than traditional incident reports.

In its first year, the CMC evaluated two headline‑making breaches. The spring 2025 attack on Marks & Spencer and the Co‑op was classified as a Category 2 event, generating losses estimated between £270 million and £440 million, with a median impact of £355 million. More striking, the August Jaguar Land Rover breach topped the UK’s cyber‑cost chart, costing between £1.6 billion and £2.1 billion and a median £1.9 billion. These figures underscore how single incidents can rival the GDP contribution of entire sectors, prompting tighter cyber‑risk underwriting and greater governmental scrutiny.

The centre’s roadmap now targets a US counterpart, with a technical committee and legal entity slated for 2026 and an operational launch in 2027. Leveraging existing global data providers, the US CMC aims to replicate the UK model while tailoring its analytics to the larger, more fragmented American economy. If successful, the initiative could become the first cross‑border standard for cyber‑economic impact, influencing insurance pricing, corporate board reporting, and regulatory frameworks in both markets. Stakeholders are watching closely as the venture promises to fill a long‑standing measurement gap.