Press Release

DeNexus Streamlines Compliance to SEC Cybersecurity Regulation with Executive Cyber Risk Report

New DeRISK executive report automatically maps cyber risk metrics to SEC requirements for annual reporting of cyber risk management and governance

[BOSTON, MA], February 27, 2024: DeNexus, a leader in end-to-end cyber risk quantification and management for operational technology (OT) and industrial control systems (ICS), today launched a turnkey solution for DeNexus users to report annually to the SEC on their cyber risk management and governance processes.

The Executive Report and the cyber risk analyses detail an estimation of Annual Expected Losses and Value at Risk for compliance with SEC reporting. Utilizing ROI-based cybersecurity risk mitigation programs and both external (threats, firmographics) and internal data (network topology, devices, vulnerabilities, cybersecurity controls) with DeNexus’ proprietary models, the calculations include potential expected losses and their probabilities. The Annual Loss curve provided by DeRisk aids in understanding the likelihood and financial impact of cyber threats, guiding effective risk management decisions, whether through mitigation, acceptance, or third-party transfer.

"In today's landscape, effective cyber risk management is no longer just a suggestion but a necessity," said Jose Seara, Founder and Chief Executive Officer of DeNexus. “With this new SEC regulation emphasizing the need for detailed risk assessment and management, there is no better time for DeNexus to help our customers navigate the complexities of OT Cyber Risk Quantification and Management through unparalleled insights, enabling effective cyber risk management and strategic decision-making.”

In addition to reporting cybersecurity incidents promptly, Article 106 of the new SEC cybersecurity regulation mandate U.S.-listed firms to disclose cybersecurity risk management and governance details in their annual 10-K filings. While the rules primarily target publicly listed companies, the interconnected nature of supply chains means that smaller third-party companies, whether public or private, can have a significant impact on public companies. This emphasizes the importance of cyber risk management for all organizations, not just those directly affected by the current regulations.

The new SEC report from DeRISK addresses the comprehensive oversight of cybersecurity risks by committees, focusing on prevention (control maturity), detection (telemetry, vulnerability identification), and mitigation/remediation (risk management projects simulator). Periodic sharing of these risk insights by management ensures the necessary support from relevant committees.

To learn more about DeNexus SEC executive report, download our SEC brief here.