DeNexus DeRISK CRQ is a cyber risk quantification and management platform designed for operational technology (OT) environments. The platform translates OT cyber risk exposures and vulnerabilities into business metrics, specifically focusing on the financial impact of potential cyber events. The platform combines inside-out data from internal OT telemetry (including devices, vulnerabilities, and controls) with outside-in data such as external threat intelligence and firmographics to evaluate organizational attractiveness to threat actors. This data aggregation enables the identification of likely attack paths and assessment of financial impact from potential cyber incidents. DeRISK provides risk analysis at both site and portfolio levels, utilizing dynamic attack-path mapping with actionable attack graphs. The platform generates expected loss metrics, identifies top risk drivers, categorizes types of loss, and ranks facilities by risk contribution. Risk mitigation simulations allow organizations to evaluate what-if scenarios for prioritizing risk reduction and optimizing cybersecurity controls. The platform includes industry peer benchmarking capabilities customized for specific sectors, enabling comparison of cyber risk posture at site and portfolio levels. Compliance evaluation is supported through frameworks including NIST CSF, ISO 27001, and DeNexus' proprietary framework. Executive reporting features provide on-demand, dynamic reports designed to communicate cyber risk in financial terms to board-level stakeholders.