Best TIBER-EU Red Teaming Companies (2026)
TIBER-EU (Threat Intelligence-Based Ethical Red Teaming for the European Union) is the European Central Bank's framework for intelligence-led red teaming of financial entities, run with national central banks and adapted under national names such as TIBER-DE and TIBER-NL. Since early 2025 it is aligned with the Digital Operational Resilience Act (DORA), which mandates threat-led testing for critical financial entities. The list below opens with our Featured partner, clearly labelled, followed by the wider set of providers with documented TIBER-EU capability in our directory.
Related: Threat-led penetration testing (TLPT) · DORA threat-led testing · CBEST-accredited companies
What is TIBER-EU, and who can deliver it?
TIBER-EU is the European framework for threat intelligence-based ethical red teaming, run by the ECB and national central banks across the EU. It is designed to work the same way in every jurisdiction, with each country able to adapt it under its own name (TIBER-DE, TIBER-NL, TIBER-IT, and so on) and extend it beyond finance to sectors like telecoms or energy. In early 2025 it was updated to align with DORA.
A TIBER-EU engagement runs across three phases (Preparation, Testing, and Closure) and can take between 24 and 27 weeks, with the active red team testing phase lasting two to three weeks. It is delivered by separate threat intelligence and red team providers that meet national procurement requirements, and, like DORA TLPT, does not produce a pass or fail result.
The providers below have documented TIBER-EU capability in our directory. Because national implementations set their own provider requirements, confirm a supplier's eligibility for the specific national scheme (for example TIBER-DE or TIBER-NL) you need before appointing them.

SECFORCE
Our top recommendation on this page.
Canary Wharf-based adversary simulation and CBEST-aligned penetration testing consultancy, delivering CREST-accredited offensive security to UK financial services and other organisations with the most demanding requirements.
- CBEST-approved provider staffed by certified CCRTM and CCRTS consultants.
- Has delivered over 15 CBEST engagements for UK high street banks, major financial institutions, and other regulated entities.
- Works with a network of trusted, CBEST-approved threat intelligence partners, and can also work alongside any threat intelligence provider selected by the client or regulator.
- Independently audited against both ISO 27001 and SOC 2 for information security, data handling, and operational integrity.
Mandiant
World-renowned cybersecurity firm now part of Google Cloud, delivering threat intelligence-led penetration testing and red teaming informed by front-line incident response experience.
Thales Cyber Solutions
Cybersecurity division of the Thales Group, with ANSSI, CREST, FedRAMP 3PAO, and NATO-cleared personnel. Defence, government, and critical infrastructure penetration testing worldwide.
WithSecure
Helsinki-headquartered Finnish cybersecurity firm with roots dating to 1988, offering CREST-accredited penetration testing and deep expertise in EU regulatory compliance including GDPR, NIS 2, and TIBER-EU.
Kroll
Global risk advisory firm with a 400+ person cyber practice. IR-led penetration testing that feeds active breach intelligence straight into test scoping.
Airbus Protect
Airbus group cybersecurity consultancy with ANSSI PASSI qualification. Aerospace, defence, and critical infrastructure penetration testing across Europe.
Best TIBER-EU Red Teaming Companies (2026), FAQs
What is TIBER-EU?+
TIBER-EU (Threat Intelligence-Based Ethical Red Teaming for the European Union) is the European Central Bank's framework for intelligence-led red teaming of financial entities. It is run with national central banks, adapted under national names such as TIBER-DE and TIBER-NL, and since early 2025 is aligned with the Digital Operational Resilience Act (DORA).
How does TIBER-EU relate to DORA TLPT?+
DORA's threat-led penetration testing (TLPT) requirement is built directly on TIBER-EU. Competent authorities decide which critical financial entities must carry out TLPT, and those entities test at least every three years with a red teaming phase of at least 12 weeks. TIBER-EU provides the methodology.
Who can deliver a TIBER-EU engagement?+
TIBER-EU uses separate threat intelligence and red team providers that meet national procurement guidelines. Requirements vary by national implementation (for example TIBER-DE or TIBER-NL), so confirm a provider's eligibility for the specific scheme you need.
How long does a TIBER-EU engagement take?+
A TIBER-EU engagement runs across three phases (Preparation, Testing, Closure) and typically takes 24 to 27 weeks end to end, with the active red team testing phase lasting two to three weeks.