CyberTrust GmbH
Elite PartnerVerifiedEU-sovereign cybersecurity services for regulated financial institutions. Specialized in DORA, NIS2, and ISO 27001 programmes.
Sign up to request services
About
CyberTrust GmbH is a Frankfurt-based cybersecurity consultancy founded in 2018 by former BaFin examiners and Deutsche Bank red-teamers. We deliver end-to-end compliance services β from gap assessments to CREST-certified penetration tests and DORA Threat-Led Penetration Testing (TLPT). Our 24-person team operates exclusively from EU facilities with EU-resident data, making us a natural fit for financial services and critical infrastructure customers subject to DORA, NIS2, and BaFin BAIT/KAIT requirements.
Services Offered
NIS2 Gap Assessment & Remediation
Gap RemediationComprehensive NIS2 readiness assessment with detailed remediation roadmap and implementation support.
ISO 27001 Certification Support
Audit PreparationFull support for ISO 27001 certification including ISMS implementation, documentation, and audit preparation.
DORA Implementation Program
Managed ComplianceEnd-to-end DORA compliance implementation for financial entities including ICT risk management and third-party oversight.
ISO 27001:2022 Certification Support
Audit PreparationEnd-to-end ISO 27001:2022 certification path β ISMS build-out, internal audit, auditor liaison.
NIS2 Gap Assessment & Remediation Programme
Gap RemediationStructured NIS2 gap assessment against 10 security measures from Art. 21, with remediation roadmap.
DORA ICT Risk Management Framework
Risk AssessmentComplete ICT Risk Management Framework per DORA Art. 6-16 β policies, processes, and governance.
Incident Response Retainer
Incident Response24/7 incident response retainer with 1-hour response SLA, aligned to NIS2 and DORA reporting windows.
Threat-Led Penetration Testing (DORA TLPT)
Penetration TestingCREST-certified TLPT per DORA Art. 26-27 RTS, red-team exercise against critical functions.
Customer Reviews
DORA expertise that saved our BaFin audit
CyberTrust delivered a risk register and ICRMF policy pack that was audit-ready on day one. Their team understood BaFin expectations better than our own second line. Strongly recommended for any German-regulated financial entity.
Findings quality beyond expectations
The offensive security team found two critical business logic flaws that our SAST/DAST pipeline had missed for a year. Fast retest cycle, clean reporting, and the attack narratives were understandable for our developers. Will rebook annually.
Partner Details
- Headquarters
- π©πͺ Germany
- Operating In
- 9 EU countries
- Partner Tier
- Elite
- EU Cloud
- Certified
- Verified Since
- Feb 2026
Certifications
FortisEU Verified
- EU-based organization
- Credentials verified
- Insurance coverage confirmed
- Platform-integrated