Cyber Security Risk Assessment IEC 62443

High Level and Detailed Risk Analysis
The IEC 62443 standard states that the method for cyber risk analysis consists of two phases: a first high-level analysis, and a subsequent detailed analysis of the most critical assets.

Request the Cyber Security Risk Assessment with the IEC 62443 method

The protection of critical infrastructures and key resources is essential for security and productivity, which is why our Cyber Security Risk Assessment service is based on the pillars of the IEC 62443 standard, which sets down a systematic method for managing cyber risks at industrial plants.

The Cyber Security Risk Assessment service provides a two-step path of modular analysis:

  • High Level Risk Assessment. Development of high-level risk assessment according to the process described in IEC 62443-3-2, including business logic.
  • Low Level Risk Assessment. Detailed development of the risk assessment according to the process described in IEC 62443-3-2, following the high-level risk assessment, i.e. carried out on basis of the high-level only on the most critical assets.


The purpose of high-level analysis is to macroscopically establish the risks and consequences of a cyber attack to set priorities for intervention and break down future analyses according to the criticalities of the device or production process.

The following detailed analysis covers the threats to which the systems in use are exposed. Several factors are considered during this second phase, such as the vulnerabilities already known, their complexity, what countermeasures and procedures have been adopted previously and whether there are operational practices already in place for the correct management of the human factor, often the main vehicle of cyber attacks.
This information is then used for the correct drafting of the Cyber Security Specifications for the protection of the most critical corporate assets.


We prepare the Cyber Security Risk Assessment report for both levels with specific analyses for each type of plant or machine, to document the real threats and the most appropriate countermeasures.

The Cyber Security Risk Assessment supports the Cyber Security managers of large manufacturing companies in the implementation and maintenance of countermeasures, with a consequent advantage also in terms of expenditure.


The most common and most perceivable consequences for a company struck by a cyber attack are related, for instance, to business continuity due to interrupted production after stopping the attacked systems. Threats can also entail altering or inhibiting safety functions on machinery and systems; for example, when automation is implemented by safety PLCs connected online. There is also the environmental risk, where dangerous emissions from systems under attack can cause, similarly to business continuity or safety of machinery issues, serious damage financially and to the company’s reputation.

The legislative references in the IEC 62443 standard directed at OT device users are found in IEC 62443-2-1 and IEC 62443-2-4 regarding maintenance requirements of systems in conformity with the standard by introducing cyber security policies and procedures.

The cost for a Cyber Security Risk Assessment project varies based on the complexity of the network infrastructure, the company processes, and the OT devices in use, on which the risk assessment is performed according to the IEC 62443 standards. We invite you to contact us for a customized estimate.

Recommended Posts

IEC 62443 industrial cyber security
Cyber Security Risk Assessment High Level
low level risk assessment iec 62443

Why Choose us

  • We have gained experience in the OT Cyber Security field since 2014
  • We test every solutions thanks to our in-house OT Cyber Security laboratory
  • Our specialists are IEC 62443/ISA 99-certified personnel (Fundamentals Specialist and Cyber Security Risk Assessment Specialist)
  • Automation and OT Network Security are some of our most performing competences
  • We have bulit a wide network of partnerships with the main international OT solution suppliers
  • Our BYHON internal division is the ISASecure® accredited certification body

For more information about this service or to request a quote