- Success Story -

Utility and Renewables Operator 


Understand the cyber security posture in more depth for a portfolio of renewable operating assets, wind and solar in Spain.

The Challenge

Understand their cyber security posture in more depth for a portfolio of renewable operating assets, wind and solar

The Renewable Energy sector has become a prime target for malicious cyber actors, and therefor elevated cyber risk. 

In this case, our customer operates wind and solar PV generation facilities across North America and needed to better quantify cyber risk and identify primary contributing sources of cyber risk that could effect their exposure and bottom line. Our customer deployed DeRISK Industrial. 

 

The Solution

Provide a detailed risk assessment explaining their top cyber security risks

DeRISK’s cyber risk platform was able to provide the client a detailed risk assessment explaining their top cyber security risks for their renewable portfolio, broken down by source initial access vector and consequence type.

Ontwerp zonder titel-1-1-1

The Results

DeRISK was able to provide the client a detailed risk assessment explaining their overall cyber exposure and top risk components, finding that the client’s portfolio has a significantly lower risk exposure compared to other power-sector peers of similar generation capacity. We provided two suggested mitigations, with which the Customer can further reduce the expected loss by 14%.

DeRISK was able to provide the client a detailed risk assessment explaining their overall cyber exposure and top risk components

Currently the top source of probable loss is accident or carelessness, which is one of the few areas where controls are not at its strongest. In particular, a measure that would be very effective to reduce the impact of these accidents is to have routine backups on the OT side, to protect against accidental deletion or modification of key configuration files.

With these results from DeRISK, the client is aware of their cyber security posture and is able to prioritize their risk mitigation based on ROI, Risk Reduction, Upfront Cost, Yearly Cost, Payback Period, or NPV.

Expected Loss Breakdown

0%

Accident or carelessness

0%

Equipment Damage

0%

Phising

0%

Downtime

Expected Losses vs Revenue

0%

Customer

0%

Compared to industry average

Because of the nature of the customer’s operations as a renewable energy producer, an overwhelming majority of total risk comes from these top two cyber event types: (1) equipment damage and (2) business disruption / downtime makes up 99.7%.

Do you also want to quantify cyber risk?