We are experts in quantifying cyber risk in financial terms to
Enable industrial enterprises to measure and mitigate financial impact from cyber vulnerabilities based on their own data footprint
Provide Insurers and Reinsurers with evidence-based data leading to superior risk selection and path to profit
How we do it
Evidence-based data and data analytics for superior risk assessment and quantification to understand cyber risk, and to prioritize risk mitigation actions
- Inside-out data lake includes assets, vulnerabilities, configurations, anomalies and intrusions.
- Outside-in data lake includes customized threat intelligence, supply chain and contextual information
Powered by trusted data, probabilistic inference and Machine Learning, DeRISK is a self-adaptive SaaS analytics platform that identifies exposures and dynamically models financial value at risk.
Fully compatible with the MITRE ATT&CK framework and ISA IEC 62443-3-02 standards, NIST CSF and CIS CSC.
- Continuous data collection and integration
- Topology, vulnerability and attack path mapping
- Likelihood of exploitation
- Estimation of business financial impact
- ROI-based mitigation
- Prioritization of response
Request a Demo
Review your security posture at a glance with our cloud-based security monitoring dashboard
Services & Solutions
We provide solutions to Industrial Enterprises and Cyber Insurers to help them run their business with confidence.
Predictive analytics provide early warnings
Enable insurance based on “what you need” and no size fits all
Discover our solutions
Understand their cyber security posture in more depth for a portfolio of renewable operating assets, wind and solar
The Operational Technology (OT) cyber landscape is undergoing radical change, putting operators of critical infrastructure in constant financial uncertainty about their risk of cyber loss. 2019 witnessed a 2,000% year-over-year increase in industrial control system cyberattacks, with the average cost of an industrial cyber breach stacking up at $13.0m vs $11.7m in 2017.
One of these critical infrastructures that is directly affected by the increase in cyber risk is the Renewable Energy sector. Our customer operates wind and solar PV generation facilities, and deployed DeRISK to better understand its exposure to cyber risks.
Provide a detailed risk assessment explaining their top cyber security risks
DeRISK’s cyber risk platform was able to provide the client a detailed risk assessment explaining their top cyber security risk, in this case based on two Loss Breakdown Types: Source/Initial Access Vector and Consequence Type.
DeRISK was able to provide the client a detailed risk assessment explaining their overall cyber exposure and top risk components, finding that the client’s portfolio has a significantly lower risk exposure compared to other power-sector peers of similar generation capacity. We provided two suggested mitigations, with which the customer can further reduce the expected loss by 14%.
Currently the top source of probable loss is accident or carelessness, which is one of the few areas where controls are not at its strongest. In particular, a measure that would be very effective to reduce the impact of these accidents is to have routine backups on the OT side, to protect against accidental deletion or modification of key configuration files.
With these results from DeRISK, the client is aware of their cyber security posture and is able to prioritize their risk mitigation based on ROI, Risk Reduction, Upfront Cost, Yearly Cost, Payback Period, or NPV.
Expected Loss Breakdown
Accident or carelessness
Expected Loss compared to industry average
DeNexus’ technology enables us to manage our cybersecurity risks and compliance programs. With DeRISK, we understand our cybersecurity posture, and can prioritize risk reduction and mitigation actions for Apex Clean Energy, based on empirical and financial data.
Ken Young,COO Apex Clean Energy
We are impressed with the DeNexus team and their approach to assessing and prioritizing cyber risk. We are excited to work with DeNexus to further develop the DeRISK product to support and streamline our cyber risk program for our managed security service clients.