SUCCESS STORY

Quantifying and Managing Cyber Risk Across a Multinational Portfolio of Power Generation Facilities

Client: Anonymized Global Power Generation Firm
Technology Deployed: DeNexus DeRISK™ Platform
Scope: 16 power generation facilities across EMEA, LATAM, and APAC

Introduction

As the energy sector embraces digital transformation, the systems controlling critical infrastructure—such as turbines, substations, and solar inverters—are increasingly vulnerable to cyber threats. Known as operational technology (OT), these environments differ significantly from traditional IT systems and are often not fully visible or protected by conventional cybersecurity tools. 

One global power-generation company, operating 16 facilities across three continents, realized this risk firsthand. With assets ranging from wind farms to combined-cycle and solar plants, the company needed a way to understand and manage its cyber risk—not in technical terms, but in financial ones that could inform business decisions across the C-suite. 

To meet this challenge, the company implemented DeNexus’s DeRISK™ Cyber Risk Quantification & Management (CRQM) platform, a data-driven modeling solution that translates OT cyber threats into clear financial risk metrics. The result? A transformed cybersecurity posture, grounded in measurable business value. 

Business Challenge

Despite having basic cybersecurity controls in place, the leadership team was struggling with four major limitations: 

  1. Lack of Financial Clarity 
    Executives and board members often asked: "If a cyberattack hit one of our plants, how much would it cost us?"—but the security team couldn’t provide an answer grounded in real data. Leadership didn’t have a critical question—how much could a cyber-attack cost the business? 

  2. Difficulty Justifying Cybersecurity Budgets 
    Security leaders lacked hard financial figures to justify investment requests. As a result, budget decisions stalled, or teams struggled to argue for needed investments. 

  3. Blind Spots in OT Visibility 
    Traditional tools provided a partial picture, making it hard to pinpoint where real risk lived. 

  4. Challenges communicating with non-technical stakeholders  
    Board members and auditors needed clear, business-focused insight—not technical jargon. 

The Solution: DeRISK™ CRQM for Power Generation

The company selected DeRISK™ CRQM, a platform specifically designed to model cyber risk in industrial control system (ICS) and operations technology (OT) environments. DeRISK™ CRQM ingests real-time telemetry, asset data, and threat intelligence to perform advanced cyber risk quantification and data-driven risk modelling calculating: 

  • Annual Expected Loss (AEL): the average yearly financial loss from cyber incidents. 
  • Value at Risk (VaR): the maximum expected loss over a certain time period at given confidence levels (e.g., 1-in-100-year events). 
  • Scenario Impact & ROI: how much loss could be avoided with a specific control or mitigation project. 

With these outputs, risk teams, CISOs, CFOs, and insurers can all speak the same language—dollars at risk. 

Success_Story_Manufacturing

Objectives of the Deployment

The organization’s leadership team established four goals for the DeRISK™ CRQM rollout: 

  1. Quantify cyber risk at each facility and for the full portfolio in dollars. 

  2. Benchmark risk exposure by region and type of energy generation. 

  3. Measure the added value of deploying live OT telemetry—especially at facilities lacking tools like Nozomi Guardian, Claroty CTD, or ForeScout eyeInspect. 

  4. Prioritize the best cybersecurity mitigation projects based on cost-effectiveness and risk reduction. 

Execution: Data-Driven Risk Modeling 

Step 1: Baseline Risk Assessment 
DeRISK™ CRQM was provided cybersecurity data from all 16 facilities, including asset inventories, known vulnerabilities, implemented security controls, and each site’s annual financial revenue. This established a “risk baseline.” 

Step 2: Telemetry Integration at Key Sites 
To enhance accuracy, real-time OT telemetry from four LATAM sites was integrated into the model results. These facilities already used network monitoring and vulnerability discovery tools to feed more accurate cybersecurity data into DeRISK™ CRQM. 

Step 3: Risk Simulation 
Using millions of Monte Carlo simulations of attack paths, DeRISK™ CRQM calculated the probability and financial impact of potential cyber incidents, both at individual facilities and across the global portfolio. 

Step 4: “What-If” Scenario Modeling 
Using the Cyber Risk Mitigation Project Simulator tool in DeRISK™ CRQM, multiple proposed cybersecurity projects—ranging from improved disaster recovery to network segmentation—were evaluated for how much it could reduce financial risk if implemented. 

 

Portfolio-Wide Insights 

Once modeling was complete, the DeRISK™ CRQM platform revealed risk trends that challenged existing assumptions:

By Region: 

Region   Annual Expected Loss (AEL) Contribution
LATAM 63.5% 
EMEA  18.8% 
APAC  17.7%  

Despite being only a quarter of the total site quantity, LATAM facilities accounted for nearly two-thirds of the Annual Expected Loss, due in part to hidden risks revealed by data-driven telemetry and their vulnerabilities. 

 By Power Generation Technology Type: 

Generation Type  Annual Expected Loss (AEL) Contribution
Wind 48%  
Combined-Cycle  45.9% 
Solar   6.1%

Combined-cycle plants, although fewer in number, carried a disproportionate share of risk due to their complexity and criticality. 

 

Case Study 1: LATAM Sites – The Power of Visibility 

Four combined-cycle facilities in LATAM were selected for deeper telemetry integration. The results demonstrated the importance of accurate and complete vulnerability data. 

Metric  Pre-Telemetry  Post-Telemetry  Change 
Annual Expected Loss (AEL)  $7.8M $8.7M 
▲ $0.9M 
1-in-20 Year Event (VaR)  $30.7M  $33.5M  ▲ $2.8M
1-in-100 Year Event (VaR)  $59.3M
$62.7M ▲ $3.4M 

Visibility proved essential: unmanaged risk cannot be reduced.

Case Study 2: Disaster Recovery at a Combined-Cycle Facility 

At a LATAM plant with annual revenues of $112M, leadership considered enhancing backup systems and disaster recovery planning. DeRISK™ CRQM modeled the impact of these upgrades. 

Metric  Before Upgrade 
After Upgrade Risk Reduction  
Annual Expected Loss (AEL)  $2.31M [2% of annual revenue] $1.26M
▼ $1.05M (45%)  
1-in-20 Year (VaR)  $11.7M [10% of annual revenue]  $5.69M  ▼ $6.02M (51%) 
1-in-100 Year (VaR)  $44.6M [40% of annual revenue] 
$27.7M  ▼ $17.3M (39%) 

The data revealed a strong return on investment, guiding decision-makers to greenlight the project based on quantifiable value—not just compliance. 

Key Business Outcomes 

The DeRISK™ CRQM deployment delivered measurable value across multiple business functions: 

  • Cyber risk translated into financial terms: For the first time, executive leadership could see risk in dollars—not technical metrics—empowering them to make more informed business decisions. 
  • Unified Risk Language: Cybersecurity, finance, risk, and insurance leaders aligned around shared financial risk metrics. 
  • Smarter Budget Allocation: Resources were shifted to controls with the highest dollar-for-dollar risk-reduction impact. 
  • Insurance Optimization: Portfolio-wide VaR metrics helped calibrate coverage levels and empower discussions to negotiate better policy terms. 
  • Regulatory Compliance: Financially quantified risks supported emerging disclosure mandates (e.g., U.S. SEC cyber risk rules). 

Next Steps and Recommendations 

Following the success of the initial implementation, the company has the opportunity to take several steps to scale and sustain the benefits:
 

  1. Expand Telemetry Coverage globally across all continents to close visibility gaps. 

  2. Integrate Cyber Risk Quantification into Budget Cycles, refreshing risk metrics quarterly to adapt to changes in the threat landscape. 

  3. Track Mitigation and ROI with DeRISK™ CRQM, ensuring planned projects deliver measurable outcomes. Also, to model the ROI of future cybersecurity projects and multi-year strategic plans before committing capital. 

  4. Deepen cyber insurance integration: Partner with insurers to secure better premiums based on credible, data-driven risk models. 

Conclusion 

This case study demonstrates how industrial organizations can bridge the gap between cybersecurity operations and business leadership. Now, executives can see exactly where their greatest exposures lie, how much they could cost, and which actions will reduce those risks most effectively. By using DeNexus’ DeRISK™ CRQM platform, this company has moved from reactive defenses and technical guesswork to proactive, data-driven, financially grounded cyber risk management. 

This transformation not only safeguarded critical infrastructure but also gave every stakeholder—from engineers to board members—a common, business-aligned language for managing cybersecurity in a connected world. 

If you want to learn more, get in touch with our team, or understand how the above is put to use to quantify and manage cyber risks at 250+ industrial sites monitored by DeNexus, you can contact us at https://www.denexus.io/contact.