The IEC 62443 standard states that the method for cyber risk analysis consists of two phases: a first high-level analysis, and a subsequent detailed analysis of the most critical assets.
Request the Cyber Security Risk Assessment with the IEC 62443 method
The protection of critical infrastructures and key resources is essential for security and productivity, which is why our Cyber Security Risk Assessment service is based on the pillars of the IEC 62443 standard, which sets down a systematic method for managing cyber risks at industrial plants.
The ICS Risk Assessment service provides a two-step path of modular analysis:
- High Level Risk Assessment. Development of high-level risk assessment according to the process described in IEC 62443-3-2, including business logic.
- Low Level Risk Assessment. Detailed development of the risk assessment according to the process described in IEC 62443-3-2, following the high-level risk assessment, i.e. carried out on basis of the high-level only on the most critical assets.
The purpose of high-level analysis is to macroscopically establish the risks and consequences of a cyber attack to set priorities for intervention and break down future analyses according to the criticalities of the device or production process.
The following detailed analysis covers the threats to which the systems in use are exposed. Several factors are considered during this second phase, such as the vulnerabilities already known, their complexity, what countermeasures and procedures have been adopted previously and whether there are operational practices already in place for the correct management of the human factor, often the main vehicle of cyber attacks.
This information is then used for the correct drafting of the Cyber Security Specifications for the protection of the most critical corporate assets.
We prepare the Cyber Security Risk Assessment report for both levels with specific analyses for each type of plant or machine, to document the real threats and the most appropriate countermeasures.
The ICS Risk Assessment supports the Cyber Security managers of large manufacturing companies in the implementation and maintenance of countermeasures, with a consequent advantage also in terms of expenditure.

FAQ
The most common and most perceivable consequences for a company struck by a cyber attack are related, for instance, to business continuity due to interrupted production after stopping the attacked systems. Threats can also entail altering or inhibiting safety functions on machinery and systems; for example, when automation is implemented by safety PLCs connected online. There is also the environmental risk, where dangerous emissions from systems under attack can cause, similarly to business continuity or safety of machinery issues, serious damage financially and to the company’s reputation.
The legislative references in the IEC 62443 standard directed at OT device users are found in IEC 62443-2-1 and IEC 62443-2-4 regarding maintenance requirements of systems in conformity with the standard by introducing cyber security policies and procedures.
The cost for a Cyber Security Risk Assessment project varies based on the complexity of the network infrastructure, the company processes, and the OT devices in use, on which the risk assessment is performed according to the IEC 62443 standards. We invite you to contact us for a customized estimate.
Related Services

Recommended Posts

The IEC 62443 Standard, the international reference for Industrial Cyber Security
Considering the impact of Industry 4.0 on Industrial Cyber Security, the only way to apply […]
Read more
High Level Risk Assessment according to Industrial Cyber Security standards
The High Level Risk Assessment is the starting point of an Industrial Cyber Security Risk […]
Read more
Low Level Risk Assessment according to Industrial Cyber Security standards
The Low Level Risk Assessment is the analysis following the High Level Risk Assessment, in […]
Read moreWhy Choose us
- Experience in the OT Cyber Security field since 2014
- In-house OT Cyber Security laboratory
- In-house IEC 62443/ISA 99-certified personnel (Fundamentals Specialist and Cyber Security Risk Assessment Specialist)
- Automation and OT network specialists
- Wide network of collaborations with the main international OT solution suppliers