OT Risk Management Firm DeNexus Secures $17.5 Million in Funding

Industrial cyber risk management firm DeNexus has raised $17.5 million in a Series A funding round led by Punja Global Ventures, with participation from AXA XL, Prosegur Tech Ventures, and HCS Capital.

As part of the funding round, Rimmo Jolly, co-founder of Punja, will join DeNexus’ board of directors, while Libby Benet, global chief underwriting officer at AXA XL, will serve as a board observer. The funds will be used to expand the company’s go-to-market team and enhance its product offerings.

With increasing cyber threats and stricter government regulations affecting critical industries, selecting the most cost-effective and secure resilience strategies is becoming more complex. DeNexus addresses this challenge with its risk management platform, DeRisk, which focuses on identifying and quantifying operational technology (OT) risks. This platform helps critical industry customers choose the most effective risk management strategy—whether to accept, avoid, mitigate, or transfer specific OT risks.

DeRisk is an AI- and ML-powered data analytics platform designed to manage cyber risks specifically targeting the often-overlooked operational technology (OT) networks in critical industries. DeNexus’ CEO, Jose Seara, outlines the platform’s core function: “DeRisk learns about threats, threat actors, and exploits from external sources like MITRE, which provide detailed threat intelligence. Internally, we analyze our customers’ OT networks, including individual components, to identify any known vulnerabilities, while also factoring in any existing security controls in place.”

These insights are combined to identify risk-bearing vulnerabilities. Seara explains, “Just because a device has a vulnerability that could be exploited doesn’t necessarily mean it poses a risk if there are controls isolating that vulnerability from attackers.” DeRisk runs simulations to assess how and at what cost an attacker might exploit vulnerabilities, threats, and insufficient controls to target a customer’s OT network.

The data gathered from this analysis informs risk management decisions, such as whether to accept, avoid, mitigate with additional security measures, or transfer the risk via cyber insurance. Seara highlighted the example of risk transfer: customers may choose to transfer risks, but without DeRisk’s detailed analysis, neither the customer nor the insurer fully understands the cost of the specific risk.

“For both parties,” Seara says, “the goal is to accurately price the transferred risk. A clear understanding of the risk could lead to a reduced premium or a more accurate, possibly higher, premium. Many insurers currently assume more risk than they realize and maybe mispricing that risk.”

Effective risk management isn’t about ignoring risk but understanding it, assessing its cost, and responding efficiently. Overpricing risk can drive away customers, while underpricing may endanger the insurance industry’s viability. The same principle applies to OT networks: firms need to understand their risk and their costs to avoid overspending on unnecessary security measures or remaining vulnerable to breaches.

Founded in 2019 and headquartered in Boston, Massachusetts, DeNexus has raised a total of $32.8 million, including $15.3 million in pre-seed and seed funding.