Cyber risk clarity, at every scale

One platform that quantifies, governs, and operationalizes cyber risk - priced to match your organization's size.

A middle-aged man with a beard, wearing a black suit and tie, standing indoors while looking to the side and holding a smartphone in both hands.

Three concentric gold rings on a black background.

Watch demo

The full Derive platform, included.

Every plan comes with the complete Risk, Governance, and Operations functionality - no modules to unlock.

Derive platform subscription

Scalable SaaS with unlimited assessments and seats.

Peer Risk Benchmarks

100k+ real incidents embedded directly in the platform, providing market context instantly.

Built-in security and trust

Architected for enterprise governance, privacy, and auditability.

Real-time risk scoring

Dynamic models update as your team acts - or misses a deadline.

Risk, Governance & Operations modules

All three modules - Risk, Governance, and Operations - in a single platform.

Third-party & AI risk workflows

Built-in TPRM and AIRM workflows tied directly to your risk model.

Simple, transparent pricing.

Priced by headcount - no hidden per-user fees, no module upsells.

Startup

Under 250 employees

$1,000/mo

$12,000 billed annually

Get started

Includes

Full Derive platform
Peer Risk Benchmarks
Unlimited seats & assessments
Standard onboarding

Need hands-on support?

Add expert-led services to any plan - accelerate your program, fill gaps, or augment your team on demand.

Add-on

Risk Support

Our team builds your quantified risk program from the ground up - conducting assessments, establishing controls, and making sure Derive is fully operational for your organization.

Expert-led risk assessments
Control framework setup
Ongoing program advisory
Board & exec reporting support

Talk to us about Risk Support

Add-on

Operations Augmentation

Extend your security team with Derive experts who work directly inside the platform - executing day-to-day cyber operations so you can focus on strategy.

Embedded cyber operations staff
TPRM, UAR, and IR execution
Flexible T&M engagement model
Scales up or down as needed

Talk to us about Ops Augmentation

Frequently Asked Questions

Have other questions? →Reach out any time

Yes. Every plan includes unlimited seats and unlimited assessments. We believe your entire team should be in Derive - not just a handful of licensed users.
We go by total full-time equivalent (FTE) headcount, typically verified at contract signing. If you're right on a boundary, reach out - we'll find the right fit - it’s not a perfect science.
Absolutely. Risk Support and Operations Augmentation can be added to any plan at any time - whether you need a one-time program build or ongoing embedded support.
Annual billing is standard. For enterprise organizations with specific procurement requirements, multi-year or custom arrangements are available - contact us to discuss.
All plans include guided onboarding. Mid-market and above get a dedicated Customer Success Manager. If you want a fully managed setup and onboarding, that's what the Risk Support add-on is for.

See how Derive turns cyber risk into clear action

Get a firsthand look at how Derive helps teams prioritize, track, and reduce cyber risk in real time - all backed by real data and measurable results.

See Derive in action

“CRQ is about managing risk, not just quantifying it…intelligence and integrations lower CRQ’s level of effort.”

- Forrester, Q2 2025 CRQ Report

“Advanced cyber-risk quantification platforms consolidate telemetry signals and continuously update your risk posture through data science-based algorithms.”