DeNexus US users are to benefit from the firm’s newly launched DeRISK Executive Report, a solution that will automatically map cyber risk metrics to SEC requirements for annual reporting of cyber risk management and governance.
The Executive Report and the cyber risk analyses detail an estimation of Annual Expected Losses and Value at Risk for compliance with SEC reporting, DeNexus, a provider in cyber risk modelling for industrial networks, explained.
By utilising ROI-based cybersecurity risk mitigation programs and both external (threats, firmographics) and internal data (network topology, devices, vulnerabilities, cybersecurity controls) with DeNexus’ proprietary models, the calculations include potential expected losses and their probabilities.
The Annual Loss curve provided by DeRisk aids in understanding the likelihood and financial impact of cyber threats, guiding effective risk management decisions, whether through mitigation, acceptance, or third-party transfer.
Jose Seara, Founder and Chief Executive Officer of DeNexus: “In today’s landscape, effective cyber risk management is no longer just a suggestion but a necessity. With this new SEC regulation emphasising the need for detailed risk assessment and management, there is no better time for DeNexus to help our customers navigate the complexities of OT Cyber Risk Quantification and Management through unparalleled insights, enabling effective cyber risk management and strategic decision-making.”
US-listed firms have to report any cybersecurity incidents promptly, as well as to disclose cybersecurity risk management and governance details in their annual 10-K filings, according to Article 106 of the new SEC cybersecurity regulation.
“While the rules primarily target publicly listed companies, the interconnected nature of supply chains means that smaller third-party companies, whether public or private, can have a significant impact on public companies. This emphasises the importance of cyber risk management for all organisations, not just those directly affected by the current regulations,” DeNexus highlighted.
The DeRISK SEC report will address the comprehensive oversight of cybersecurity risks by committees, focusing on prevention (control maturity), detection (telemetry, vulnerability identification), and mitigation/remediation (risk management projects simulator).
As the solution will provide periodic insights regarding these risks, management can ensure the necessary support from relevant committees, DeNexus noted.
