SUCCESS STORY

Global Energy Company Prioritizes Risk Mitigation Projects

The global company operates power generation sites on three continents and needed to identify which site(s) to prioritize for cybersecurity investments and measure the positive impact of deploying Nozomi Networks.

The Challenge

The cybersecurity team needed to justify investments in OT cybersecurity solutions and get financial metrics to prioritize risk mitigation projects.  

The organization wanted to measure OT cyber risk and the economic value of risk reduction projects across its global portfolio of different power generation technologies, such as wind, solar, and combined cycle plants.

 

There was also a need to develop a standard framework to compare the level of cyber risk across its numerous sites and run the analysis by geography, sub-industry sector, and administrative entity.

Finally, the company’s plan was to apply a more systematic prioritization of risk mitigation projects and investments by understanding how such projects could improve the global organization's risk posture.

The Solution

DeRISKTM was deployed to monitor a dozen of energy production sites—wind, solar, and combined cycle plants—spread across three continents.

  • DeRISK collected internal telemetry such as asset inventory, network topography, and vulnerabilities through API integration with Nozomi Networks.
  • Firmographic data from the global organization was collected through the DeNexus templatized onboarding process to support the delivery of financial outputs.
  • Risk mitigation simulations and cyber risk quantification models were run using the combination of internal telemetry, outside-in data available from the various sites, industry macro-level data, and threat intelligence to build reports for the executive team.
WindFarm-Overlay

The Results

The DeRISK platform delivered outputs that showed top loss drivers and initial access vectors leading to the greatest risks.

Analyses were made available at the site level and aggregated by type of power generation, country and other parameters, empowering the cybersecurity team to precisely identify where they should act first to reduce cyber risk for the global organization.

Most importantly, DeNexus worked with the client team to model six risk mitigation scenarios and calculate, in financial terms what would be their costs and benefits (risk reduction) for the company.

The above results from DeNexus deployed at only 7% of the facilities of the company were extrapolated to build a robust, evidence-based cybersecurity investment model for the global organization.

Quantified Cyber Risks

Prioritization of risk and investments in mitigation strategies are now justified with data-driven, evidence-based analysis. 

0 %

Contribution of wind farms to cyber risk

0 M

Expected Downtime and Loss of Productivity

0 %

of Risks Driven by Remote Services

The global organization was able to set a risk mitigation plan for its entire fleet of power generation sites, justify investments and track expected risk reduction results.

Do you also want to quantify cyber risk?

Request a demo of the world’s first cyber risk quantification and management SaaS platform.

Request A Demo