- Success Story -
Utility and Renewables Operator
Understand the cyber security posture in more depth for a portfolio of renewable operating assets, wind and solar in Spain.
Understand their cyber security posture in more depth for a portfolio of renewable operating assets, wind and solar
The Renewable Energy sector has become a prime target for malicious cyber actors, and therefor elevated cyber risk.
In this case, our customer operates wind and solar PV generation facilities across North America and needed to better quantify cyber risk and identify primary contributing sources of cyber risk that could effect their exposure and bottom line. Our customer deployed DeRISK Industrial.
Provide a detailed risk assessment explaining their top cyber security risks
DeRISK’s cyber risk platform was able to provide the client a detailed risk assessment explaining their top cyber security risks for their renewable portfolio, broken down by source initial access vector and consequence type.
DeRISK was able to provide the client a detailed risk assessment explaining their overall cyber exposure and top risk components, finding that the client’s portfolio has a significantly lower risk exposure compared to other power-sector peers of similar generation capacity. We provided two suggested mitigations, with which the Customer can further reduce the expected loss by 14%.
DeRISK was able to provide the client a detailed risk assessment explaining their overall cyber exposure and top risk components
Currently the top source of probable loss is accident or carelessness, which is one of the few areas where controls are not at its strongest. In particular, a measure that would be very effective to reduce the impact of these accidents is to have routine backups on the OT side, to protect against accidental deletion or modification of key configuration files.
With these results from DeRISK, the client is aware of their cyber security posture and is able to prioritize their risk mitigation based on ROI, Risk Reduction, Upfront Cost, Yearly Cost, Payback Period, or NPV.
Expected Loss Breakdown
Accident or carelessness
Expected Losses vs Revenue
Compared to industry average
Because of the nature of the customer’s operations as a renewable energy producer, an overwhelming majority of total risk comes from these top two cyber event types: (1) equipment damage and (2) business disruption / downtime makes up 99.7%.