There has been a 2,000% year-over-year increase in industrial control system cyberattacks, with over $6 Trillion dollars of estimated losses due to malware alone in 2021.
Yet industrial enterprise organizations are still largely uncovered from cyber risk. Only 1% of an estimated $1 Trillion dollars of cyber risk is covered by underwriters in North America.
We are experts in quantifying cyber risk in financial terms to
Solve cyber risk for the industrial enterprise, insurer and (re)insurer
With our cloud-based platform, we quantify, monitor and the mitigate the financial impact of cyber vulnerabilities and risk for the industrial world with evidence-based data leading to superior risk selection and path to profit
Evidence-based data and analytics for superior risk assessment and quantification to understand risk and to prioritize risk mitigation actions
DeNexus is the leading provider of cyber risk modeling for ICS/OT organizations and global (re)insurers.
DeRISK, our SaaS platform, empowers the industrial enterprise and risk underwriters to quantify cyber risk exposure on a continuous, self-adaptive basis using the world’s first evidence-based data analytics software and services.
Discover our solutions
Powered by trusted data, probabilistic inference and Machine Learning, DeRISK is a self-adaptive SaaS analytics platform that identifies exposures and dynamically models financial value at risk.
Fully compatible with the MITRE ATT&CK framework, FAIR, ISA IEC 62443-3-02 standards, NIST CSF and CIS CSC.
Review your security posture at a glance with the cloud-based DeRISK Platform
Asset
Location
Utility-scale wind & solar farms
Spain
the challenge
Understand their cyber security posture in more depth for a portfolio of industrial, renewable, wind and solar operating assets.
One of these critical infrastructures that is directly affected by the increase in cyber risk is the Renewable Energy sector. Our customer operates wind and solar PV generation facilities, and deployed DeRISK to better understand its exposure to cyber risks.
the solution
Provide a detailed risk assessment explaining their top cyber security risks
DeRISK’s cyber risk platform was able to provide the client a detailed risk assessment explaining their top cyber security risk, in this case based on two Loss Breakdown Types: Source/Initial Access Vector and Consequence Type.
the results
DeRISK was able to provide the client a detailed risk assessment explaining their overall cyber exposure and top risk components, finding that the client’s portfolio has a significantly lower risk exposure compared to other power-sector peers of similar generation capacity. We provided two suggested mitigations, with which the customer can further reduce the expected loss by 14%.
Currently the top source of probable loss is accident or carelessness, which is one of the few areas where controls are not at its strongest. In particular, a measure that would be very effective to reduce the impact of these accidents is to have routine backups on the OT side, to protect against accidental deletion or modification of key configuration files.
With these results from DeRISK, the client is aware of their cyber security posture and is able to prioritize their risk mitigation based on ROI, Risk Reduction, Upfront Cost, Yearly Cost, Payback Period, or NPV.
Expected Loss Breakdown
62.6%
Accident or carelessness
22.3%
Phishing
39%
Expected Loss compared to industry average
DeNexus’ technology enables us to manage our cybersecurity risks and compliance programs. With DeRISK, we understand our cybersecurity posture, and can prioritize risk reduction and mitigation actions for Apex Clean Energy, based on empirical and financial data.
We are impressed with the DeNexus team and their approach to assessing and prioritizing cyber risk. We are excited to work with DeNexus to further develop the DeRISK product to support and streamline our cyber risk program for our managed security service clients.
