Derive, a leader in cybersecurity risk and operations, has unveiled a significant expansion with the introduction of two new integrated modules: Governance and Operations. This transition elevates Derive from a top-tier cyber risk quantification engine to a holistic risk oversight system, enabling organisations to manage cybersecurity decisions, controls, and workflows more effectively. The platform is now designed to model these elements in real-time, and their impact is measured in tangible financial terms.
The platform builds upon Derive’s proprietary Peer Risk Benchmarks, offering the most extensive real-world cyber loss dataset available today. By linking financial-grade risk modelling tools with the essential tasks and operations of daily cybersecurity, Derive provides users with a comprehensive overview of their cyber risk landscape in one unified dashboard. This advancement allows cyber teams to pinpoint priorities, benchmark against competitors, and monitor continuous improvements.
Alex Nette, CEO of Derive, explained the need for this shift, "We’ve seen firsthand how cyber teams are stuck managing risk through static reports and disconnected tools. This release closes that gap. We’ve connected quantified cyber risk directly to operations so teams can see, in real time, how every action, or inaction, changes their financial exposure."
Complementing this perspective, Corey Neskey, CTO of Derive, said, "By bringing Governance and Operations into the same platform as Risk, Derive delivers a live model of an organisation’s cybersecurity posture - one that updates automatically as activities happen, evidence changes, or controls degrade."
The enhanced Derive platform features:
- Risk Module: Quantifies and prioritises cyber risk using Peer Risk Benchmarks.
- Governance Module: Centralises controls, accountability, assets, and audit evidence with streamlined tracking.
- Operations Module: Facilitates built-in workflows, including user access reviews, third-party and AI risk assessments, and incident response, all prioritised by measurable loss reduction.
By replacing traditional static GRC platforms, Derive merges risk, governance, and operations into a dynamic system – offering cybersecurity teams a real-time, financially grounded platform for enhanced decision-making.
