- Success Story -

Utility and Renewables Operator 

Understand the cyber security posture in more depth for a portfolio of renewable operating assets, wind and solar in Spain.

The Challenge

Understanding a portfolio-level view of cyber risk exposure for renewable operating assets in wind and solar.

The Renewable Energy sector has become a prime target for malicious cyber actors, and therefore poses elevated cyber risks. 

IBM reports that the average cost of a data breach in the United States has gone up to $9.44M and the Global average total cost of a data breach has gone up to $4.35M

In this case, our customer operates wind and solar PV generation facilities across North America and needed to better quantify cyber risk and identify primary contributing sources of cyber risk that could effect their exposure and bottom line. Our customer deployed DeRISK Industrial. 


The Solution

Provide a detailed risk assessment explaining their top cyber security risks and mitigation options to reduce risk.

DeRISK’s cyber risk platform was able to provide the client a detailed risk assessment explaining their top cyber security risks for their renewable portfolio, broken down by source initial access vector and consequence type.

Ontwerp zonder titel-1-1-1

The Results

DeRISK was able to provide the client a detailed risk assessment explaining their overall cyber exposure and top risk components, helping to prove that the client’s portfolio has a significantly lower risk exposure compared to other power-sector peers of similar generation capacity.

The DeRISK Mitigation module, helped identify low-cost projects that could reduce expected loss by an additional 14%.

Currently the top source of probable loss is accident or carelessness, which is one of the few areas where controls are not at its strongest. In particular, a measure that would be very effective to reduce the impact of these accidents is to have routine backups on the OT side, to protect against accidental deletion or modification of key configuration files.

With these results from DeRISK, the client is aware of their cyber security posture and is able to prioritize their risk mitigation based on ROI, Risk Reduction, Upfront Cost, Yearly Cost, Payback Period, or NPV.

Expected Loss Breakdown

Probability and Expected Loss $'s


Probability of Loss


Expected Loss


Probability of Loss


Value at Risk

Expected Losses vs Revenue




Compared to industry average

Because of the nature of the customer’s operations as a renewable energy producer, an overwhelming majority of total risk comes from these top two cyber event types: (1) equipment damage and (2) business disruption / downtime makes up 99.7%.

Do you also want to quantify cyber risk?