SUCCESS STORY

Global 500 Manufacturer Unveils Hidden Cyber Risks

This international manufacturer operates a diverse portfolio of manufacturing divisions worldwide. The company approached DeNexus to quantify its cyber risks in financial terms, at key facilities.

The Challenge

Develop a risk-based strategy for cybersecurity worldwide by first developing a comprehensive inventory of cyber risks and their financial impact.

Create a framework to gain a thorough understanding of cyber risk at production facilities across Europe and North America.

 

Develop a standard framework to compare the level of cyber risk across sites with the ability to compare sites, countries, divisions, and sectors.

Refine cyber risk quantification models built in-house by incorporating internal telemetry from cybersecurity vendor Claroty and compare results before and after ingestion of internal sensor data.

The Solution

DeRISKTM was deployed at key sites in Europe and the U.S. to test the robustness of DeNexus’  cyber risk quantification process, gather risk data, and learn from pilot facilities.

  • DeRISK used data and telemetry in two runs: a baseline one with industry data and a more exhaustive one using internal telemetry collected from Claroty.
  • Firmographic data was collected through the DeNexus templatized onboarding process to support the delivery of financial outputs.
  • Risk mitigation simulations and cyber risk quantification models were run using a combination of internal telemetry, industry, and outside-in data to build reports for the executive team.
MfgWorker-withAccent

The Results

The DeRISK platform revealed vulnerabilities and loss drivers that the manufacturer was unaware of. It also provided eye-opening data on the scope of damages if a cyber incident were to occur.  

Specifically, using internal telemetry from Claroty brought significant refinement to the risk quantification outputs.

An important output was the ability to compare facilities and their respective maturity levels for cybersecurity controls, which provided clear direction on how and where to allocate cybersecurity funding.

An unexpected conclusion is that the facilities generating the greatest revenue are not necessarily the ones that would trigger the greatest loss in the advent of a cyber incident.

Expected Loss Breakdown

DeNexus’ robust cyber risk modeling approach validates the importance of using internal telemetry to quantify risk

0 k

Value at Risk at 95th percentile(without internal telemetry)

0 M

Value at Risk at 95th percentile(with internal telemetry from Claroty)

 0 %

of Risks Driven by Phishing

The organization justified the need to deploy an Internet Detection System like Claroty globally to not only understand cyber risk but also map out a data-driven, evidence-based risk mitigation strategy.