SUCCESS STORY

Quantifying and Managing Cyber Risk Across Manufacturing Facilities

Customer: Anonymized Global Industrial Manufacturer
Technology: DeNexus DeRISK™ Platform

Overview

Manufacturing facilities depend heavily on Operational Technology (OT) systems to keep machines running and production lines moving. But with increasing digital connectivity, these systems are more exposed to cyber threats than ever before. Unlike traditional IT systems, OT environments face unique risks—from physical equipment damage to prolonged production downtime. And yet, many manufacturers still struggle to understand how cyber risk in these environments could impact their bottom line. 

This case study highlights how a global industrial manufacturer used the DeNexus DeRISK™ platform to overcome that challenge. By quantifying cyber risk in clear financial terms, the organization was able to improve executive-level decision-making, prioritize cybersecurity investments, and enhance alignment with insurance and regulatory requirements. 

The Challenge

Despite investing in standard cybersecurity practices, the manufacturer’s leadership—including the CISO, Risk Manager, CFO, and Insurance Team—were grappling with several key concerns: 

  • Lack of financial risk quantification: Leadership couldn’t answer a critical question—how much could a cyber-attack cost the business? 
  • Difficulty justifying cybersecurity budgets: Without hard numbers, teams struggled to argue for needed investments or justify insurance coverage. 
  • Limited visibility into vulnerabilities and threats: Traditional tools provided a partial picture, making it hard to pinpoint where real risk lived. 
  • Challenges communicating with non-technical stakeholders: Board members and auditors needed clear, business-focused insight—not technical jargon. 

The Solution: DeRISKCRQM for Manufacturing 

To address these concerns, the manufacturer implemented DeNexus DeRISK™ Cyber Risk Quantification and Management (CRQM) for Manufacturing platform across two major manufacturing sites: 

  • Site 1 (United States): a manufacturing facility producing electronic components with annual revenues upwards of USD$ 400M/year 
  • Site 2 (Europe):  a facility focused on metal stamping, plastic molding, and final assembly with annual revenues near USD$ 200M/year 

The goal: baseline cyber risk financially and simulate the impact of various mitigation strategies using OT network telemetry. 

DeRISKcasestudy

Objectives of the Pilot

The manufacturer sought to accomplish the following: 

  • Quantify Annual Expected Loss (AEL) and Value at Risk (VaR): Establish a clear risk baseline in dollar terms 
  • Identify top loss drivers: Map risk back to the specific access vectors and events (e.g., phishing, ransomware) most likely to cause harm 
  • Measure the impact of telemetry tools: Evaluate how tools like Claroty CTD, Nozomi Guardian, ForeScout EyeInspect, and Tenable SecurityCenter enhanced risk quantification through OT network asset and vulnerability visibility 
  • Simulate financial impact of cybersecurity projects: Test how proposed initiatives would reduce risk and deliver ROI 
  • Support alignment with insurance and compliance requirements: Provide credible, data-driven insights for insurance discussions and regulatory filings (e.g., SEC 10-K) 

Approach: Data-Driven Risk Modeling 

The DeRISK platform enabled the team to: 

  • Ingest real-time telemetry data from OT asset visibility and vulnerability management tools 
  • Run simulations using DeRISK´s proprietary Bayesian networks and Monte Carlo analysis to assess risk scenarios 
  • Model initial access vectors (IAVs) such as phishing, remote access, and exploitation of vulnerabilities 
  • Quantify primary and secondary financial losses resulting from these attack paths 
  • Compare pre- and post-project mitigation to determine the effectiveness of cybersecurity initiatives 

Results: US Site 1 – Risk Visibility Through Telemetry 

Site 1, which manufactures high-value electronic components, initially ran its risk model using estimated system configurations and control assumptions. Once real OT asset telemetry and vulnerability data were integrated, the picture changed dramatically.

Metric  Pre-Telemetry  Post-Telemetry  Change 
Annual Expected Loss (AEL)  $609.5K (0.16% of revenue)  $1.4M (0.37%)  ▲ $791K (+130%) 
VaR (95%, 1-in-20 year) $8M (2.1%)  $29.5M (7.8%)  ▲ $21.5M (+370%) 
VaR (99%, 1-in-100 yr) $32.4M (8.5%)  $76.5M (20%)  ▲ $44.1M (+240%) 

Key Insight: 
With richer telemetry, the company uncovered significantly higher exposure, especially for low-probability, high-impact events. The key drivers were ransomware via remote access, phishing, and exploitation of vulnerabilities in OT systems. 

Conclusion: 
Better data = better decisions. Telemetry revealed cyber risks that had been underestimated, helping the team reassess its cybersecurity priorities. 

Results: EU Site 2 – Risk Reduction Through Control Enhancements 

Site 2 had already achieved moderate cybersecurity maturity. It launched a targeted project to enhance detection and incident response by deploying an OT Network Monitoring and OT-specific Incident Response capability. 

Metric  Pre-Telemetry  Post-Telemetry  Change 
Annual Expected Loss (AEL)  $460.1K (0.23%)   $421.6K (0.21%) 
▼ $38.5K (▼8.4%) 
VaR (95%, 1-in-20 year) $1M (0.5%)  $724.7K (0.36%)  ▼ $275K (▼27.5%) 
VaR (99%, 1-in-100 yr) $12.9M (6.4%) 
$12.6M (6.3%)  ▼ $263K (▼2.3%) 

Key Insight: 
The control project produced a 7% reduction in high-impact (1-in-20 year) cyber losses, proving the value of investment in OT-specific detection and response. 

Conclusion: 
Even small control upgrades, when well-targeted, can produce measurable financial benefits.

Comparative Insights 

  • Site 1 had a larger revenue base but greater risk exposure—primarily due to its incomplete control coverage and detailed telemetry revealing previously hidden vulnerabilities. 
  • Site 2 had a more mature posture and demonstrated that risk reduction is possible with relatively modest but strategic investments. 
  • Common loss vectors across both sites included ransomware, phishing, and exploitation of OT vulnerabilities —matching known patterns from the MITRE ATT&CK framework. 

Key Business Outcomes 

  • Cyber risk translated into financial terms: For the first time, executive leadership could see risk in dollars—not technical metrics—empowering them to make more informed business decisions. 
  • Clear visibility into loss drivers: The organization now knows which facilities and vulnerabilities are most likely to cost money and why. 
  • Prioritized mitigation strategies: By simulating different cybersecurity projects, the company could focus its efforts where they would yield the highest ROI. 
  • Better alignment with external stakeholders: The quantified models helped the organization align with insurance providers and regulatory frameworks (e.g., SEC 10-K), supporting premium negotiations and compliance efforts. 

Next Steps & Strategic Recommendations 

Following the success of the initial implementation, the company has the opportunity to take several steps to scale and sustain the benefits: 

  1. Roll out telemetry tools globally: To provide accurate risk data across all manufacturing locations. 

  2. Schedule monthly DeRISK updates: To reflect changes in the threat landscape and OT asset environment. 

  3. Use DeRISK’s Risk Mitigation Project Simulator: To model the ROI of future cybersecurity projects and multi-year strategic plans before committing capital. 

  4. Deepen insurance integration: Partner with insurers to secure better premiums based on credible, data-driven risk models. 

Conclusion 

This case study demonstrates how industrial organizations can bridge the gap between cybersecurity operations and business leadership. By using DeNexus’ DeRISK™ for Manufacturing platform, this manufacturer has moved from reactive defenses and technical guesswork to proactive, financially grounded cyber risk management. 

For companies with industrial control systems, the ability to quantify cyber risk isn’t just nice to have—it’s now essential for sound decision-making, regulatory compliance, and long-term resilience in the face of evolving digital threats. 

If you want to learn more, get in touch with our team, or understand how the above is put to use to quantify and manage cyber risks at 250+ industrial sites monitored by DeNexus, you can contact us at https://www.denexus.io/contact.