One year after its creation, the UK’s Cyber Monitoring Centre (CMC) is looking to expand to the US.
The UK-based nonprofit was established by a team of experts in February 2025 to assess the economic and financial impact of major cyber incidents occurring in the UK.
The Centre’s approach mirrors the methodologies used for physical events, such as the Richter scale for earthquakes and the Saffir-Simpson hurricane wind scale for hurricanes.
The CMC’s own scale (categories 0 to 5) categorizes cyber incidents based on how many people were affected and the overall financial impact.
The nonprofit’s Technical Committee first gathers data on UK-based organizations that have fallen victim to a cyber-attack, based on publicly available information and data provided by partners, including the British Chamber of Commerce, the UK’s National Health Service (NHS), the Office of National Statistics, CyXcel, Cirium and Fable Data.
The categorization of a cyber-attack is determined using an in-house methodology. The incident is then given a CMC category number at the organization provides a detailed report on the incident and its financial impact.
In 2025 the CMC analyzed two major events. First, the cyber-attack targeting Marks & Spencer and the Co-op in the spring of 2025 was considered a single ‘Category 2’ incident that led to a financial loss of between £270m and £440m ($360m-$587m) and a median estimated loss of £355m ($473m).
Second, the cyber incident that hit Jaguar Land Rover (JLR) in August was considered the costliest cyber-attack impacting the UK economy, with between £1.6bn and £2.1bn ($2.1bn-$2.8bn) of estimated loss, with a median estimated loss at £1.9bn ($2.5bn).
During a 2025 Year In Review event held by the CMC at the Royal United Services Institute (RUSI), in London, on March 16, head of operations and partnerships at the CMC, Ruth Goodwin, confirmed that establishing a US Cyber Monitoring Center was part of the nonprofit’s roadmap for 2026.
“Conversations are ongoing to appoint a technical committee for a US CMC and setting up a legal entity in the US,” she said, highlighting that some of the CMC’s data providers are already global, which will make it easier to collect information on the financial impact of cyber-attacks in the US,” she said.
“Similarly to what happened in the UK, we will likely have a period of incubation where the technical committee will adopt a data analytics methodology suited to the US economy.”
She said the US Cyber Monitoring Center should be officially established in 2027.
Read now: How the UK Retail Sector Responded to the Scattered Spider Hack Wave
