Industrial cyber risk quantification vendor DeNexus has publicly launched DeRISK UWA Agentic, an agentic AI underwriting platform built specifically for industrial cyber insurance. The platform is the first product on the DeRISK Intelligence Platform, enabling acceleration of industrial cyber insurance underwriting with AI-powered actuarial and risk assessment capabilities.
DeRISK UWA Agentic uses five specialist AI agents coordinated by an Orchestration Agent to execute a complete underwriting assessment, from submission ingestion to actuarial output, in minutes. The platform produces expected loss, maximum foreseeable loss, full loss exceedance curves, premium indication, a structured insurance program, and mandatory binding conditions with deadlines. Every finding is traceable to its source document, pipeline step, and model version.
The platform is pre-trained on standard cyber insurance questionnaires and applications in the market, including specialized OT supplementals and ransomware supplementals, and ingests PDF, Excel, CSV, Word, and JSON formats.
“The insurance industry has tools for IT risk. It does not have tools for OT risk — not at the depth or speed that underwriting demands,” José María Seara, founder and CEO of DeNexus, said in a Monday media statement. “DeRISK UWA Agentic changes that. It delivers the capability of a specialist OT cyber underwriting team — without hiring one.”
The DeRISK UWA Agentic platform incorporates real-time OT threat intelligence through a proprietary cyber threat intelligence database that is continuously updated with MITRE ATT&CK for ICS techniques and injected into every assessment run.
It uses dual IT and OT specialist agents that independently score enterprise IT and operational technology environments in parallel against both industry-standard and industrial-specific cybersecurity frameworks, while identifying cross-domain dependencies that could influence risk exposure.
A feature described as ‘Sound of Silence’ treats unanswered OT-specific questions as structural risk indicators rather than simply categorizing them as missing information, allowing underwriters to identify potential visibility or governance gaps. The proprietary actuarial engine is based on insights derived from more than 300 real industrial OT deployments conducted since 2019. The system is modular in design, enabling insurers to replace the embedded actuarial model with their own if required.
The DeRISK UWA Agentic platform is designed for adaptability, allowing insurers to customize report structures, cybersecurity frameworks, questionnaire formats, deployment models, and workflow integrations to align with their existing underwriting and operational environments.
DeNexus outlined a standardized underwriting assessment framework through its DeRISK UWA report structure, designed to deliver consistent cyber risk evaluations for industrial and operational technology environments. The framework organizes every assessment into 12 sections and more than 30 subsections, structured across four analytical layers that move from preliminary underwriting decisions to detailed technical evidence.
The report begins with a preliminary executive summary that provides what the company describes as a ‘verdict-first triage,’ offering the underwriting decision and three highest-priority binding conditions before the reader reaches the full report body. This is followed by a broader executive summary containing the underwriting rationale, key risk indicators, applicant characterization, and premium adjustment considerations.
The company profile and risk posture sections are designed to consolidate both confirmed and inferred organizational data, including sector, revenue, geography, headcount, data types handled, and merger and acquisition activity. The framework also evaluates data sufficiency and identifies missing information that could affect underwriting decisions before policy binding.
A major component of the assessment focuses on OT cybersecurity maturity and benchmarking against frameworks such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework and IEC 62443 standards. The structure measures maturity across core functions, including Identify, Protect, Detect, Respond, and Recover, while also evaluating OT compliance levels, peer percentile positioning, and annual exposure probabilities for different threat vectors.
The quantification layer models cyber loss scenarios across optimistic, likely, and pessimistic conditions. The framework breaks down costs associated with breach response, regulatory fines, operational disruption, reputational impact, and business interruption. It also incorporates actuarial analysis using exceedance probability curves, expected annual loss calculations, and loss distributions mapped to different threat categories.
DeNexus also models economic impact across operational downtime, compliance penalties, and reputational damage. The report structure includes estimates for daily and total business interruption losses, regulatory exposure under regimes such as GDPR, CCPA, HIPAA, PCI DSS, and state breach notification laws, as well as projected customer churn and recovery timelines following cyber incidents.
The recommendation sections guide insurance program structuring, including recommended policy limits, retentions, estimated premiums, and underwriting rationale for each coverage line. The framework additionally outlines conditions precedent to binding, special endorsements, premium calculation methodologies, and prioritized mitigation measures such as incident response planning, endpoint detection and response, SIEM deployment, and data classification improvements.
The final sections consolidate industry-specific threat intelligence, regulatory trends, underwriting conclusions, and technical appendices. These appendices document control findings, actuarial assumptions, benchmark comparisons, questionnaire response analysis, and recommended next steps for underwriting teams from quote issuance through binding or formal decline decisions.
Boston Consulting Group’s Agentic AI Maturity Framework for Insurance (March 2026) positions most carriers at Horizon 0 to 1, reflecting rule-based automation or single-agent tools. DeRISK UWA Agentic deploys at Horizon 2–3 on day one, with orchestrated specialist agents executing end-to-end underwriting workflows. BCG’s research explicitly recommends that specialist insurers pursue buy-and-integrate strategies for agentic AI capability rather than attempting to build from scratch.
DeRISK UWA Agentic is available in three tiers – Standard for triage, Professional for peer review, and Enterprise for bind and API integration, with a phased approach designed for low-risk adoption. The platform is designed for regulatory compliance across four jurisdictions, including US/NAIC, UK/FCA, Lloyd’s, and EU/EIOPA requirements.
