A source-backed monthly briefing covering OT/ICS cybersecurity developments, cyber insurance market signals, and industrial risk intelligence — built for practitioners, risk owners, and insurers who need signal, not noise.
June's issue centers on underwriting-grade OT evidence — why traceability is becoming the standard for cyber insurance readiness, how a five-artifact minimum evidence bundle replaces volume with structure, and why frontier AI can now find OT vulnerabilities faster than industrial teams can safely fix them.
Download the June Newsletter →
What you'll get:
— What mattered this month: Underwriting-grade OT evidence, defined precisely. With DeRISK UWA Agentic now in early-adopter deployment — Chaucer Group as the named reference — the underwriting workflow that produces traceable evidence has reached the market. The discipline this month is a five-artifact minimum evidence bundle any industrial operator can build, govern, and refresh: network boundaries, access logs, restore test results, segmentation validation, and response drill outcomes. The takeaway: traceability is the standard, small and structured beats large and inconsistent, and controls earn confidence when tested — not attested.
— Industry news, AI & vulnerabilities: Anthropic has expanded Project Glasswing to critical infrastructure — roughly 150 organizations across more than 15 countries, spanning power, water, healthcare, communications, and hardware — alongside OpenAI's Trusted Access for Cyber programme and GPT-5.5-Cyber. Glasswing partners have already identified more than 10,000 high- and critical-severity flaws using Claude Mythos Preview. Discovery is no longer the bottleneck.
— The final mile problem: OT vulnerability management is a waterfall, and AI accelerates only the front half. Outage windows, vendor accountability, and plant-specific verification — the back half — don't scale with discovery; in real OT telemetry, patches more than 2,000 days old are still outstanding. DeRISK QVM ranks vulnerabilities by expected loss reduction, not severity score, surfacing the 1–2% of CVEs that drive roughly 90% of real risk across 300+ deployments.
— Industry events: Where to find DeNexus this month — the Fortinet OT Summit (virtual, June 8–10) and SANS ICS Security Summit (Orlando, June 9–11) with Donovan Tindill, and OT ISA in Prague (June 16) with José Seara.
— Live webinars: Two July sessions, each 60 minutes with a live demo, Q&A, and a recorded replay — "Industrial OT Cyber Underwriting: From Submission to Binding Decision" (July 2) and "Quantified OT Cyber Risk: From Exposure to Reduction" (July 7), presented by Neil Arklie, Donovan Tindill, and Kevin Hamman.
— DeRISK Platform: The operating model behind the issue — DeRISK CRQ (Quantify) and DeRISK QVM (Reduce) on one simulation core, with DeRISK UWA Agentic (Transfer) completing the loop from OT exposure to actuarial output.
— Coming next month: A practical operating model — Quantify, Reduce, Transfer.
