A source-backed monthly briefing covering OT/ICS cybersecurity developments, cyber insurance market signals, and industrial risk intelligence — built for practitioners, risk owners, and insurers who need signal, not noise.
May's issue centers on the OT cyber insurance gap — why recoverability is so often decided before an incident ever happens, where cyber-physical loss falls through the seams of traditional coverage, and what it takes to make a facility demonstrably insurable.
[Download the May Newsletter →]
What you'll get:
— What mattered this month: The OT cyber insurance gap as a structural problem — how wordings, triggers, exclusions, waiting periods, and restoration definitions fail to map cleanly onto OT loss mechanics, why standardized and current proof bundles reduce underwriting and claims surprises, and why insurability is earned when controls demonstrably change feasible outcomes.
— OT cyber attacks and incidents: Stryker's deliberate self-insurance decision colliding with a Handala wiper campaign that hit ~40,000 devices across 79 countries — a 5.0% quarterly revenue hit and roughly $375M in impact absorbed entirely on the balance sheet, with no policy to recover against; plus a CISA joint advisory on Iranian-linked actors pre-positioning in U.S. port, power-plant, and water-facility PLCs.
— Threat signals: The FIRESTARTER backdoor persisting on Cisco ASA/Firepower devices through patching at the IT/OT perimeter — quietly invalidating segmentation assumptions built on remediation timelines; and a Five Eyes advisory on China-nexus covert edge networks, an accumulation signal for insurers where the same concealed access can hit multiple policyholders with no visible common vector.
— Cyber insurance market: Resilience's latest claims analysis showing 90%+ of manufacturing ransomware losses concentrated in just 12% of claims — a short, severe tail that soft-market pricing is least equipped to handle; and Marsh's Q1 2026 index recording a seventh consecutive cyber rate decline, the most favorable pricing window industrial buyers have seen in three years.
— Industry events: Where to find DeNexus through mid-June — Fortinet, Gartner Risk Summit, SANS ICS Security Summit, Fortinet OT Summit, and OT ISA in Prague.
— CEO insights: José M. Seara on why OT cyber risk quantification matters more than ever — the question no one asked on the Stryker earnings call.
— Coming next month: Underwriting-grade evidence — small, structured, and defensible.
