Slide Self-adaptive cyber risk modeling platform using evidence-based data Want to know more?

    Cyber Risk Quantification

    What we do

    We are experts in quantifying cyber risk in financial terms to

    Enable industrial enterprises to measure and mitigate financial impact from cyber vulnerabilities based on their own data footprint

    Provide Insurers and Reinsurers with evidence-based data leading to superior risk selection and path to profit

    How we do it

    01-fragments-illustrations-how-we-do

    Evidence-based data and data analytics for superior risk assessment and quantification to understand cyber risk, and to prioritize risk mitigation actions

    • Inside-out data lake includes assets, vulnerabilities, configurations, anomalies and intrusions.
    • Outside-in data lake includes customized threat intelligence, supply chain and contextual information

    DeRISK©

    Powered by trusted data, probabilistic inference and Machine Learning, DeRISK is a self-adaptive SaaS analytics platform that identifies exposures and dynamically models financial value at risk.

    Fully compatible with the MITRE ATT&CK framework and ISA IEC 62443-3-02 standards, NIST CSF and CIS CSC.

    • Continuous data collection and integration
    • Topology, vulnerability and attack path mapping
    • Likelihood of exploitation
    • Estimation of business financial impact
    • ROI-based mitigation
    • Prioritization of response

    Request a Demo

    Review your security posture at a glance with our cloud-based security monitoring dashboard

      Services & Solutions

      We provide solutions to Industrial Enterprises and Cyber Insurers to help them run their business with confidence.

      Predictive analytics provide early warnings

      Enable insurance based on “what you need” and no size fits all

      Discover our solutions

      Industrial
      Enterprises

      See more

      Cyber
      Insurers

      See more

      Asset
      Location

      Utility-scale wind & solar farms
      Spain

      the challenge

      Understand their cyber security posture in more depth for a portfolio of renewable operating assets, wind and solar

      The Operational Technology (OT) cyber landscape is undergoing radical change, putting operators of critical infrastructure in constant financial uncertainty about their risk of cyber loss. 2019 witnessed a 2,000% year-over-year increase in industrial control system cyberattacks, with the average cost of an industrial cyber breach stacking up at $13.0m vs $11.7m in 2017.

      One of these critical infrastructures that is directly affected by the increase in cyber risk is the Renewable Energy sector. Our customer operates wind and solar PV generation facilities, and deployed DeRISK to better understand its exposure to cyber risks.

      the solution

      Provide a detailed risk assessment explaining their top cyber security risks

      DeRISK’s cyber risk platform was able to provide the client a detailed risk assessment explaining their top cyber security risk, in this case based on two Loss Breakdown Types: Source/Initial Access Vector and Consequence Type.

       

      the results

      DeRISK was able to provide the client a detailed risk assessment explaining their overall cyber exposure and top risk components, finding that the client’s portfolio has a significantly lower risk exposure compared to other power-sector peers of similar generation capacity. We provided two suggested mitigations, with which the customer can further reduce the expected loss by 14%.

      Currently the top source of probable loss is accident or carelessness, which is one of the few areas where controls are not at its strongest. In particular, a measure that would be very effective to reduce the impact of these accidents is to have routine backups on the OT side, to protect against accidental deletion or modification of key configuration files.

      With these results from DeRISK, the client is aware of their cyber security posture and is able to prioritize their risk mitigation based on ROI, Risk Reduction, Upfront Cost, Yearly Cost, Payback Period, or NPV.

      Expected Loss Breakdown

      62.6%

      Accident or carelessness

      22.3%

      Phishing

      39%

      Expected Loss compared to industry average

      Events

      Prioritizing Risk Mitigations for renewable Energy Assets

      Wed, Feb 17, 2021 10:00 AM -11:00 AM EST

      Many energy companies struggle to prioritize risk management efforts for their renewable energy projects in a financially meaningful way. To do this effectively, cybersecurity teams must first quantify their organization’s risk levels.

      17Feb