DeNexus - Industrial Cyber Risk Modeling and Quantification
Friends and colleagues,
June has been an exciting month for DeNexus. After a year of hard and silent work, the rollout of DeRISK, our cyber security modeling product, has finally happened! DeRISK will disrupt the way industrial cybersecurity risk is managed.
Somehow, everything begun several years ago. I was then the CEO for an Independent Power Producer in North America operating renewable generation assets under the first wind-only balancing authorities in the US. That operating model resulted on a significant exposure to compliance and cybersecurity risk both in our industrial and enterprise networks. Risk that increased significantly in 2014-2016, due to the combination of some operating strategic decisions made, and new CIP reliability standards released and enforced by NERC. The team advised the implementation of some IT and OT network monitoring tools, which is what we did. When the time to renew our insurance program came, a third party cyber risk assessment report was required. The cyber risk was finally (partially) covered as an endorsement to the P&C policy. Many pages full of fine print! After that entire process it wasn't clear what was the return on cyber security-related investments made, what was the risk efficiently transferred and what was left in our balance sheet. Had we paid the right premium for the right coverage? Crazy right? Just the estate of the art! We were not different than our industry peers.
Years later, the situation has not improved that much. But that is about to change. At DeNexus we have developed the platform that it is going to change that landscape. DeNexus' platform DeRISK solves the data and modeling problem for an efficient industrial cyber risk management (i) deploying sensors in operator's facilities to continuously collect real-time artifacts, threats and incidents, (ii) analyzing device configurations, vulnerabilities and network topology, (iii) mapping the data to probabilistic attack patterns based on expert knowledge (ATT&CK framework, NIST CSF, C2M2, IEC 62443), and (iv) performing risk modeling and quantification contextualized to each client's controls, countermeasures, sector and bespoke geopolitical risk factors.
DeRISK was deployed in Q1 2020 at one of the National Laboratories at the US Department of Energy for intense testing covering several scenarios representing system faults and cyber attacks. The first real-world pilots are being deployed as I type these lines. DeNexus' development team, lead by co-founder and CTO Ming Zhao has worked around the clock to go from concept to first deployments in less than a year. Thanks for the hard work and congratulations! I am lucky, proud and honored to work with them. Thanks also to the amazing group of individuals in our Advisory Board. They collectively bring decades of experience in corporate financing, cybersecurity, and cyber insurance.
Just in critical infrastructure assets, cyberattacks can cause damage up to $1 trillion. Cyber risk also presents the first significant opportunity for several decades where the insurance industry can develop a brand-new product line with resultant increasing revenue growth and profits. However, the scope of cyber risks vastly exceeds available coverage with an estimated gap of $600 billion. Why? The insurance market cannot spread the risk beyond its own capital resources into alternative capital markets because there are no trusted cyber quantification models and historical data that they can rely on. Data and data analytics are key to unlock the cyber insurance market potential.
DeNexus serves risk/asset owners and risk insurers, providing both stakeholders and clients with evidence-based, quantitative and auditable data.
The rollout of the first product and pilots is just the first chapter of a long journey. There will be difficulties to overcome and days to celebrate. We are enjoying every step on the way!
Jose M. Seara
Professional Executive Assistant, Paralegal, Bookkeeper
4yCongratulations José María and team!
VP of Finance & Business Operations @ Ambi Robotics | Results-oriented finance leader
4yCongratulations!
Managing Director OTCatalyst
4yThis is something industrial companies truly need and should take note of!
Managing Director at Cantor Fitzgerald
4yCongrats, Jose! I’m really happy for you and your team at DeNexus!
Founder and CEO at CloudShare | Ph.D. in Cryptography | Cloud Technology Expert | Sales and Training Expert | Serial Entrepreneur & Mentor
4yBravo Jose M Seara, to Success!