Applied Risk: An established leader in Industrial Control Systems security

Applied Risk is focussed on critical infrastructure security and combating security breaches that pose a significant threat. Operating on a global scale, we work with a wealth of large organisations that rely on our expertise to safeguard their critical assets. Our proven experience of identifying vulnerabilities and security risks is based on methodologies honed over years of conducting assessments in industrial environments.

Our engineering experience and cyber security knowledge proves invaluable in securing the critical infrastructures and industrial assets of companies across the globe. We understand the need to maintain secure and reliable control environments, working across a range of industries we deliver solutions tailored to asset owners’ and manufacturers’ security requirements.

Industrial Control Systems (ICS) security is an engineering-based problem that requires an engineering-focused solution. Our offerings includes a wealth of engineering and technical assurance services, combined with comprehensive security assessments that cover the full spectrum of our client’s critical asset requirements while meeting industry standards.



Guarding mission-critical industrial systems from the threat of cyber attacks requires a specific and focused security skill set that only comes with deep industry knowledge and associated experience.

Applied Risk helps clients to address and maintain defences against the ever-increasing threats targeting Industrial Automation and Control Systems environments. We enable asset owners, operators, government agencies and suppliers to stay up-to-date and identify appropriate mitigating controls for protecting Process Control and Industrial Automation systems against the latest threats.

Select a product or service below:

  • Products

    ICS Cyber Security Awareness Training
  • Services

    Industrial Automation and Control Systems (IACS) Security
  • ICS/SCADA Security Assessment & Penetration Testing
  • Risk and Vulnerability Assessment (RVA)
  • Embedded Security Assessment
  • Medical Devices Security Assessment
  • IoT Security Assurance Services


  • Power
  • Pharmaceutical
  • Oil & gas
  • Water
  • Manufacturing
  • Chemicals

Heightened levels of interconnectivity, driven by business requirements, are now leaving Industrial environments increasingly exposed to costly and dangerous cyber attacks, including Denial of Control (DoC); Loss of Control (LoC); Loss of View (LoV); and Manipulation of View (MoV).

> Read more


Applied Risk maintains a significant leadership in the IACS community through its interactions with end users and manufacturers as well as its advanced research initiatives. It is through this work that we can provide unmatched service delivery to its customers and partners.

This section outlines our dedicated research, with a focus on advisories and white papers for ICS/SCADA environments.

  • Advisories

    Our security advisories are the results of research activities conducted by our in-house research team. These focus exclusively on ICS/SCADA devices and technologies.

    Read more

  • Vulnerability Disclosure Policy

    It is the policy of the company to exercise the responsible disclosure of security vulnerabilities in a manner that is of maximum value to all affected parties.

    Read more

About us

  • Safety
  • Integrity
  • Customer focused
  • Innovation

Applied Risk was founded with one core mission: to secure critical assets in the industrial domain against emergent cyber threats. As a major cyber security player within the Industrial Automation and Process Control field, our primary objective is to offer the most advanced Industrial Control Systems (ICS) security technology solutions.

> Read more


The Industrial Automation and Control Systems (IACS) security field is growing rapidly and Applied Risk continues to grow to meet current and future customers’ needs. As a global IACS leader, we maintain very high levels of cyber security skills, engineering experience, and business confidentiality. If you have a solid background in Control Systems security or industrial automation engineering and are looking for the next level of challenge and commitment, we would like to hear from you.

> Read more

Advisory board

Auke Huistra

Auke Huistra
International Cyber Security Expert

> Read more

Auke Huistra

Christian Martorella

> Read more


Seven steps to implementing a successful incident response plan

Industrial facilities are beginning to take heed that, as operational technology (OT) becomes increasingly connected, cybersecurity must be a priority. This has led many to re-prioritise their cybersecurity investments and, while that is a good starting point, there is no such thing as 100% cybersecure. What if an attacker were able to bypass the security measures in place and gain access to critical security systems?

Having a robust incident response plan is just as important as having procedures in place to keep attackers out. There are, however, unique challenges in industrial domains. A successful attack on OT could impact numerous different systems from different vendors and understanding the appropriate response in the face of this complexity requires highly specialised skills and involvement from various parties, including engineers, vendors, system integrators and more.

Furthermore, OT environments are at risk of very sophisticated, specific threats – and failure to take appropriate action could lead to devastating results that impact physical processes. In the event of a cybersecurity incident, best practice incident response guidelines follow a well-established seven step process: Prepare; Identify; Contain; Eradicate; Restore; Learn; Test and Repeat:


Preparation matters: The key word in an incident plan is not ‘incident’; preparation is everything. This means a thorough risk assessment which addresses all points, from staff training to developing contact lists in the event of an incident. Contingencies for an incident which impacts communications, creates a hazardous environment or takes place in a remote site – such as an oil rig – must be in place and regularly updated.

Identifying events: It is here that many organisations struggle. The ability to spot unusual behaviours and classify them are critical to taking appropriate action. Many of the penetration tests we conduct are successful, indicating that work needs to be done in this area. Once an issue is confirmed, it’s important to understand the nature of an event and its potential to cause damage. Filtering out false positives requires experience and technical skills.

Containment: This again requires protocols which lay out appropriate courses of action. Over-reaction could be just as damaging to operations as under-reaction. Can the threat be contained simply by disconnecting one network host, or isolating a section of the production line? Is there a plan in place for segregating the OT network if malware is discovered on the corporate network? The right strategy will prevent unnecessary downtime and make forensic investigation simpler.

Eradication and restoration: Steps four and five involve eradicating the threat and bringing the environment back online using a well-documented process for restoring it from trustworthy ‘golden image’ backups. One of the challenges in this step is regularly testing the ability and the backups themselves. Stopping a production line for comprehensive drills is difficult, while maintaining a replica environment for testing is prohibitively expensive for most. Technologies like virtualisation can provide the required flexibility and assurance.

Learning and reiterating: Steps six and seven emphasise the need to document and learn from every event in order to identify weaknesses and prevent recurrence. Then fine tune and test your processes and train your staff with attack simulation, drills and games. This process should be constantly repeated.

What these seven steps highlight is that ensuring effective cybersecurity provisions are in place within industrial environments is not just about alleviating the potential threat of a cyberattack. What is just as important is that firms are also prepared for the aftermath of a breach. Being able to effectively prepare for an attack, identify a breach, make sure it doesn’t escalate any further, restore systems and then fine tune the process requires specific ICS cybersecurity experience.

It is true that an incident response plan can only be as effective as the people who create it and put it into action. Applied Risk has the required knowledge to help firms deploy a tailored incident response plan that will minimise potential damages caused in the aftermath of a breach.

If your industrial facility needs support in developing and implementing an effective incident response plan, contact us below.