Cyber risk clarity, at every scale

One platform that quantifies, governs, and operationalizes cyber risk - priced to match your organization's size.

A middle-aged man with a beard, wearing a black suit and tie, standing indoors while looking to the side and holding a smartphone in both hands.
Three concentric gold rings on a black background.

The full Derive platform, included.

Every plan comes with the complete Risk, Governance, and Operations functionality - no modules to unlock.

Derive platform subscription

Scalable SaaS with unlimited assessments and seats.

Peer Risk Benchmarks®

100k+ real incidents embedded directly in the platform, providing market context instantly.

Built-in security and trust

Architected for enterprise governance, privacy, and auditability.

Real-time risk scoring

Dynamic models update as your team acts - or misses a deadline.

Risk, Governance & Operations modules

All three modules - Risk, Governance, and Operations - in a single platform.

Third-party & AI risk workflows

Built-in TPRM and AIRM workflows tied directly to your risk model.

Simple, transparent pricing.

Priced by headcount - no hidden per-user fees, no module upsells.

Startup
Under 250 employees
$1,000/mo
$12,000 billed annually
Get started
Includes
  • Full Derive platform
  • Peer Risk Benchmarks®
  • Unlimited seats & assessments
  • Standard onboarding
Professional
1,001–3,999 employees
$7,400/mo
$88,800 billed annually
Get started
Includes
  • Full Derive platform
  • Peer Risk Benchmarks®
  • Unlimited seats & assessments
  • Dedicated CSM
Enterprise
4,000+ employees
$11,200/mo
$134,400 billed annually
Contact us
Includes
  • Full Derive platform
  • Peer Risk Benchmarks®
  • Unlimited seats & assessments
  • Dedicated CSM + exec support
  • Custom SLA

All prices in USD. Annual billing required.

Need hands-on support?

Add expert-led services to any plan - accelerate your program, fill gaps, or augment your team on demand.

Add-on

Risk Support

Our team builds your quantified risk program from the ground up - conducting assessments, establishing controls, and making sure Derive is fully operational for your organization.

  • Expert-led risk assessments
  • Control framework setup
  • Ongoing program advisory
  • Board & exec reporting support
Talk to us about Risk Support
Add-on

Operations Augmentation

Extend your security team with Derive experts who work directly inside the platform - executing day-to-day cyber operations so you can focus on strategy.

  • Embedded cyber operations staff
  • TPRM, UAR, and IR execution
  • Flexible T&M engagement model
  • Scales up or down as needed
Talk to us about Ops Augmentation

Frequently Asked Questions

Have other questions? →Reach out any time

See how Derive turns cyber risk into clear action

Get a firsthand look at how Derive helps teams prioritize, track, and reduce cyber risk in real time - all backed by real data and measurable results.

“CRQ is about managing risk, not just quantifying it…intelligence and integrations lower CRQ’s level of effort.”

- Forrester, Q2 2025 CRQ Report

“Advanced cyber-risk quantification platforms consolidate telemetry signals and continuously update your risk posture through data science-based algorithms.”

- TechCrunch