Skip to content
Security incident? Call: +48 732 059 711
Cydefen
pl en
Banking & fintech

Security that holds up in front of the regulator

DORA, PSD2, TLPT, NIS2 — the stack of obligations is long. We build a single coherent program that satisfies all of them without duplicating work.

Who is it for?

  • Commercial and retail banks
  • Payment and e-money institutions
  • Investment firms and asset managers
  • Crypto-asset service providers
  • Neobanks and fintech scale-ups
What we deliver

Outcomes for regulated finance

DORA program

Full coverage of all 5 DORA pillars — ICT risk framework, incident reporting, resilience testing, third-party risk, information sharing.

TLPT-compatible red team

Threat-Led Penetration Testing under TIBER-EU methodology. We help you pass the 3-year cycle.

BEC and payment fraud defence

Business Email Compromise is the single biggest loss vector for finance. We drill it through training, simulations and playbooks.

Board briefing

Management body accountability is a hard requirement under DORA. We prepare the board and document their oversight.

Supplier oversight

Register of contractual arrangements, concentration risk analysis, exit strategies, mandatory contract clauses for critical ICT suppliers.

Integrated reporting

One reporting layer that feeds the board, the regulator and the auditor — no more cut-and-paste between dashboards.

How we engage

From regulatory scoping to ongoing program

  1. 01

    Regulatory scoping

    DORA, NIS2, PSD2, KNF recommendations — we map every obligation that applies to you.

  2. 02

    Program design

    A single coherent program that deduplicates overlapping requirements. No separate teams for DORA and NIS2.

  3. 03

    Implementation

    Policies, controls, training, pentests, TLPT, tabletop exercises — delivered by our sector-experienced team.

  4. 04

    Ongoing support

    Annual review, regulator response, incident support, new regulation tracking.

FAQ

Frequently asked questions

Can you support an ongoing KNF inspection?
Yes. We support inspection responses, evidence preparation and regulator communication.
Have you run TLPT before?
Yes. Our red-team engineers hold CRTO, OSEP and OSCE3 — the right credentials for TIBER-EU engagements.
We are a fast-growing fintech without a dedicated CISO — can you help?
Yes. We offer CISO-as-a-Service alongside the project work — a senior CISO embedded part-time in your team.
Do you sign specific financial-sector NDAs?
Yes. We work with bank-grade NDAs and can adapt to your standard form.
How is this billed?
Typically a fixed-price per phase plus an annual retainer for ongoing support.

Start with a regulatory scoping call

30 minutes — we map your obligations and propose a single coherent program.

Book a consultation Back to industries