Out-Law News 1 min. read
Cyber incident ‘Richter scale’ tipped to support insurer pricing
10 Feb 2025, 12:09 pm
Insurers are likely to be better placed to price cyber insurance policies now that a new and more transparent system for categorising those incidents has been developed, an expert in cyber risk has said.
Ellie Ludlam of Pinsent Masons said the Cyber Monitoring Centre’s (CMC’s) new categorisation scale can help insurers better understand the risks associated with cyber incidents in a similar way to how the Richter scale helps the understanding of an earthquake’s strength and impact.
The CMC is an independent, non-profit body that analyses and categorises cyber events that impact UK organisations. The CMC is chaired by Ciaran Martin, former chief executive of the UK’s National Cyber Security Centre. It claims its new classification system, which is already in operation, is “a world-first initiative”.
Ludlam said: “Categorising major cyber incidents has historically been challenging due to a lack of standardisation, the complexity of measuring the impact of cyber incidents, availability of data points, diversity of thought across the various cyber disciplines, and the ever-evolving threat landscape. The new CMC methodology seeks to overcome these hurdles.”
“The new CMC methodology will provide cyber insurers with enhanced transparency in respect of cyber events by categorising and rating their severity, similar to the Richter scale for earthquakes. With a standardised framework for assessing cyber incidents, insurers will be able to more accurately evaluate the risks associated with different cyber threats, potentially leading to more precise underwriting and pricing of policies. The independence to the CMC assessment of cyber incidents is likely to help build confidence and trust in the cyber insurance market,” she said.
According to the CMC, it will categorise cyber incidents on a scale running from one to five, “based on the percentage of UK organisations impacted and the financial impact of the event”. The assessment factors in polling, technical indicators, incident data and insights from those with first-hand knowledge of the event, it said, with cyber experts on the CMC’s technical committee reviewing the analysis before making the final determination on categorisation.
Ciaran Martin said: “I have no doubt the CMC will improve the way we tackle, learn from, and recover from cyber incidents. If we crack this, and I’m confident that we will, ultimately it could be a huge boost to cybersecurity efforts not just here but internationally too.”
Contact an adviser
