DNV, the independent assurance and risk management provider, will acquire industrial cyber security specialist Applied Risk. The two companies will join forces with the aim to build the world’s largest industrial cyber security practice, defending critical infrastructure in energy and other industrial sectors against emergent cyber threats.
Threats to industrial cyber security are becoming more common, complex and creative. The energy sector now appears among the top three most attacked industries according to insurance firm Hiscox1. Recovery from an attack can cost organizations hundreds of millions of dollars and companies in the sector face new pressures to comply with tighter regulation.
The energy industry is under increasing pressure to bolster their cyber security following a series of high-profile attacks causing disruption to energy supply in recent years. These include an attack on the Colonial Pipeline company in April 2021, which led to a temporary shutdown of the largest fuel pipeline in the US and caused temporary shortages of gasoline and other petroleum products. An attack on a series of Ukraine’s power grid substations left a quarter of a million people without power in 2015 and set a precedent for the vulnerabilities facing the world’s grids.
The security of the renewables sector has also come under greater scrutiny after researchers from the University of Tulsa demonstrated how easy it can be to hack a wind farm. In 2017, the team accessed an unsupervised wind turbine and exposed several vulnerabilities that could give them full remote control of the mechanics of an entire wind farm and the potential to destroy all turbines within it. Gartner forecasts that cyber criminals will go beyond making attacks for financial gain this decade, and progressively weaponize industrial control systems to cause harm to human life2.
“Energy assets, equipment and components are now at higher risk of new forms of cyber-attacks, as their control systems become increasingly connected. Life, property and the environment are at stake. DNV is investing significantly in helping our customers build a powerful force of defence. By joining forces with Applied Risk, we aim to build an industrial cyber security powerhouse to support governments, regulators, operators and their supply chains in managing these emerging risks,” said Remi Eriksen, Group President and CEO, DNV.
A combined force of defence
Established in 2012, Applied Risk is a thought leader in next generation cyber security solutions for the energy industry and other industrial sectors. The company’s team of engineering and cyber security professionals headquartered in Amsterdam, the Netherlands, have contributed to a wealth of industry standards and led the development of security strategies for national governments. Applied Risk works with a broad client portfolio, including Fortune 500 companies across Europe, the Middle East and Asia.
Applied Risk’s experts will join forces with DNV’s cyber security specialists, who work with governments, corporations, and industrial operators to keep projects and operations secure. DNV provides real-world cyber security expertise to some of the world’s most complex infrastructure projects, helping customers identify their cyber risks, build a powerful force of defence against threats, recover from attacks and win stakeholder trust and support.
“DNV and Applied Risk share a common vision of safeguarding critical industrial assets from the growing volume and complexity of cyber-attacks. This partnership brings together two highly respected organizations in industrial assurance and cyber security solutions. We will combine the strengths of Applied Risk and DNV with significant investments in security research and innovation to build and grow a cutting-edge industrial cyber security business that helps our customers outpace new threats posed by cyber criminals,” said Jalal Bouhdada, CEO, Applied Risk.
Applied Risk and DNV will operate together under the DNV brand. A combined leadership team from both companies will be tasked with scaling a merged cyber security business with ambitions for significant growth by the end of 2025.
“Cyber security will play an important role in DNV’s growth story in the coming years,” said Liv A. Hovem, CEO of DNV’s Accelerator, a new business area dedicated to rapidly growing new DNV businesses, services and solutions.
“Bringing together Applied Risk and DNV’s impressive teams of industrial cyber security experts is the first step in our plan to build a cyber security powerhouse through acquisitions and partnerships with top-tier cyber security firms around the world. We will also welcome more talent into the business as we grow, offering the opportunity to work on some of the world’s most advanced and complex cyber security projects alongside DNV’s global team of nearly 12,000 industrial domain experts,” Hovem added.