Slide Self-adaptive cyber risk modeling platform using evidence-based data Want to know more?
Industrial Cyber Risk Quantification

What we do

We are experts in quantifying cyber risk in financial terms to

Enable industrial enterprises to measure and mitigate financial impact from cyber vulnerabilities based on their own data footprint

Provide Insurers and Reinsurers with evidence-based data leading to superior risk selection and path to profit

How we do it


Evidence-based data and data analytics for superior risk assessment and quantification to understand cyber risk, and to prioritize risk mitigation actions

  • Inside-out data lake includes assets, vulnerabilities, configurations, anomalies and intrusions.
  • Outside-in data lake includes customized threat intelligence, supply chain and contextual information


Powered by trusted data, probabilistic inference and Machine Learning, DeRISK is a self-adaptive SaaS analytics platform that identifies exposures and dynamically models financial value at risk.

Fully compatible with the MITRE ATT&CK framework and ISA IEC 62443-3-02 standards, NIST CSF and CIS CSC.

  • Continuous data collection and integration
  • Topology, vulnerability and attack path mapping
  • Likelihood of exploitation
  • Estimation of business financial impact
  • ROI-based mitigation
  • Prioritization of response

Request a Demo

Review your security posture at a glance with our cloud-based security monitoring dashboard

Services & Solutions

We provide solutions to Industrial Enterprises and Cyber Insurers to help them run their business with confidence.

Predictive analytics provide early warnings

Enable insurance based on “what you need” and no size fits all

Discover our solutions


See more


See more


Utility-scale wind & solar farms

the challenge

Understand their cyber security posture in more depth for a portfolio of renewable operating assets, wind and solar

The Operational Technology (OT) cyber landscape is undergoing radical change, putting operators of critical infrastructure in constant financial uncertainty about their risk of cyber loss. 2019 witnessed a 2,000% year-over-year increase in industrial control system cyberattacks, with the average cost of an industrial cyber breach stacking up at $13.0m vs $11.7m in 2017.

One of these critical infrastructures that is directly affected by the increase in cyber risk is the Renewable Energy sector. Our customer operates wind and solar PV generation facilities, and deployed DeRISK to better understand its exposure to cyber risks.

the solution

Provide a detailed risk assessment explaining their top cyber security risks

DeRISK’s cyber risk platform was able to provide the client a detailed risk assessment explaining their top cyber security risk, in this case based on two Loss Breakdown Types: Source/Initial Access Vector and Consequence Type.

the results

DeRISK was able to provide the client a detailed risk assessment explaining their overall cyber exposure and top risk components, finding that the client’s portfolio has a significantly lower risk exposure compared to other power-sector peers of similar generation capacity. We provided two suggested mitigations, with which the customer can further reduce the expected loss by 14%.

Currently the top source of probable loss is accident or carelessness, which is one of the few areas where controls are not at its strongest. In particular, a measure that would be very effective to reduce the impact of these accidents is to have routine backups on the OT side, to protect against accidental deletion or modification of key configuration files.

With these results from DeRISK, the client is aware of their cyber security posture and is able to prioritize their risk mitigation based on ROI, Risk Reduction, Upfront Cost, Yearly Cost, Payback Period, or NPV.

Expected Loss Breakdown


Accident or carelessness




Expected Loss compared to industry average


Prioritizing Risk Mitigations for renewable Energy Assets

Wed, Feb 17, 2021 10:00 AM -11:00 AM EST

Many energy companies struggle to prioritize risk management efforts for their renewable energy projects in a financially meaningful way. To do this effectively, cybersecurity teams must first quantify their organization’s risk levels.