What is the OT asset risk score calculator for?

It ranks relative risk for a PLC, HMI, SCADA server, DCS node, historian, or other OT asset.

What information should I enter?

Use consistent scores for impact, exposure likelihood, and control weakness.

What does the result tell me?

The result helps decide which OT assets need protection or remediation first.

When is the result only an estimate?

It is only an estimate when scoring criteria are subjective or asset inventory and control data are incomplete.

Industrial Cybersecurity & OT Risk calculator

OT Asset Risk Score Calculator

Use this calculator to score relative risk for an OT asset or asset group. It helps security and operations teams compare critical systems using consistent impact, exposure, and control weakness scoring without describing technical attack steps.

What this calculator does

Rank risk for a critical OT asset using operational impact, exposure likelihood, and control or detection weakness.
Use it when prioritizing protection work for PLCs, HMIs, SCADA servers, DCS nodes, historians, or engineering workstations.
The result gives a relative OT asset risk score for prioritization.

Formula used

OT asset risk score = OT asset impact score × OT exposure likelihood score × control weakness score
Use the same scoring scale across comparable OT assets.

Inputs explained

OT asset impact score: Score the consequence of loss, manipulation, or downtime for the asset, including safety, production, quality, environmental, and recovery impact.
OT exposure likelihood score: Score exposure using factors such as network connectivity, remote access dependence, vulnerability backlog, vendor access, and patch constraints.
Control weakness score: Score how weak existing visibility, backup, segmentation, access control, monitoring, and recovery controls are for the asset.

How to use the result

Use it to rank mitigation work, monitoring coverage, access reviews, backup validation, and patch planning.
It is not a vulnerability scan, compliance assessment, or proof that a system is secure.

Common questions

What is the OT asset risk score calculator for? It ranks relative risk for a PLC, HMI, SCADA server, DCS node, historian, or other OT asset.
What information should I enter? Use consistent scores for impact, exposure likelihood, and control weakness.
What does the result tell me? The result helps decide which OT assets need protection or remediation first.
When is the result only an estimate? It is only an estimate when scoring criteria are subjective or asset inventory and control data are incomplete.

Last reviewed 2026-05-12.