Best TIBER-EU Red Teaming Companies (2026)

TIBER-EU (Threat Intelligence-Based Ethical Red Teaming for the European Union) is the European Central Bank's framework for intelligence-led red teaming of financial entities, run with national central banks and adapted under national names such as TIBER-DE and TIBER-NL. Since early 2025 it is aligned with the Digital Operational Resilience Act (DORA), which mandates threat-led testing for critical financial entities. The list below opens with our Featured partner, clearly labelled, followed by the wider set of providers with documented TIBER-EU capability in our directory.

Related: Threat-led penetration testing (TLPT) · DORA threat-led testing · CBEST-accredited companies

What is TIBER-EU, and who can deliver it?

TIBER-EU is the European framework for threat intelligence-based ethical red teaming, run by the ECB and national central banks across the EU. It is designed to work the same way in every jurisdiction, with each country able to adapt it under its own name (TIBER-DE, TIBER-NL, TIBER-IT, and so on) and extend it beyond finance to sectors like telecoms or energy. In early 2025 it was updated to align with DORA.

A TIBER-EU engagement runs across three phases (Preparation, Testing, and Closure) and can take between 24 and 27 weeks, with the active red team testing phase lasting two to three weeks. It is delivered by separate threat intelligence and red team providers that meet national procurement requirements, and, like DORA TLPT, does not produce a pass or fail result.

The providers below have documented TIBER-EU capability in our directory. Because national implementations set their own provider requirements, confirm a supplier's eligibility for the specific national scheme (for example TIBER-DE or TIBER-NL) you need before appointing them.

Top PickFeatured
SECFORCE logo

SECFORCE

Our top recommendation on this page.

Canary Wharf-based adversary simulation and CBEST-aligned penetration testing consultancy, delivering CREST-accredited offensive security to UK financial services and other organisations with the most demanding requirements.

CRESTCBESTSTARISO 27001SOC 2
  • CBEST-approved provider staffed by certified CCRTM and CCRTS consultants.
  • Has delivered over 15 CBEST engagements for UK high street banks, major financial institutions, and other regulated entities.
  • Works with a network of trusted, CBEST-approved threat intelligence partners, and can also work alongside any threat intelligence provider selected by the client or regulator.
  • Independently audited against both ISO 27001 and SOC 2 for information security, data handling, and operational integrity.
View SECFORCE
6 providers found
5 providers
APT Intelligence LeaderTIBER-EU Specialist
Mandiant logo

Mandiant

World-renowned cybersecurity firm now part of Google Cloud, delivering threat intelligence-led penetration testing and red teaming informed by front-line incident response experience.

Reston, Virginia, United StatesEnterprise
Red TeamingPurple TeamingNetwork+6
SOC 2ISO 27001FedRAMP 3PAO
Verified Apr 2026
Global Defence PlayerANSSI-Qualified
Thales Cyber Solutions logo

Thales Cyber Solutions

Cybersecurity division of the Thales Group, with ANSSI, CREST, FedRAMP 3PAO, and NATO-cleared personnel. Defence, government, and critical infrastructure penetration testing worldwide.

Paris, FranceEnterprise
Web ApplicationNetworkCloud+9
CRESTFedRAMP 3PAOISO 27001+1
Verified Apr 2026
WithSecure logo

WithSecure

Helsinki-headquartered Finnish cybersecurity firm with roots dating to 1988, offering CREST-accredited penetration testing and deep expertise in EU regulatory compliance including GDPR, NIS 2, and TIBER-EU.

Helsinki, FinlandEnterprise
Web ApplicationNetworkCloud+7
CRESTISO 27001
Verified May 2026
IR-Led PentestingGlobal Incident Responders
Kroll logo

Kroll

Global risk advisory firm with a 400+ person cyber practice. IR-led penetration testing that feeds active breach intelligence straight into test scoping.

New York, United StatesEnterprise
Web ApplicationNetworkCloud+9
PCI QSAISO 27001SOC 2
Verified Apr 2026
ANSSI-QualifiedAerospace & Defence
Airbus Protect logo

Airbus Protect

Airbus group cybersecurity consultancy with ANSSI PASSI qualification. Aerospace, defence, and critical infrastructure penetration testing across Europe.

Paris, FranceEnterprise
Web ApplicationNetworkCloud+8
ANSSI PASSIISO 27001Cyber Essentials
Verified May 2026

Best TIBER-EU Red Teaming Companies (2026), FAQs

What is TIBER-EU?+

TIBER-EU (Threat Intelligence-Based Ethical Red Teaming for the European Union) is the European Central Bank's framework for intelligence-led red teaming of financial entities. It is run with national central banks, adapted under national names such as TIBER-DE and TIBER-NL, and since early 2025 is aligned with the Digital Operational Resilience Act (DORA).

How does TIBER-EU relate to DORA TLPT?+

DORA's threat-led penetration testing (TLPT) requirement is built directly on TIBER-EU. Competent authorities decide which critical financial entities must carry out TLPT, and those entities test at least every three years with a red teaming phase of at least 12 weeks. TIBER-EU provides the methodology.

Who can deliver a TIBER-EU engagement?+

TIBER-EU uses separate threat intelligence and red team providers that meet national procurement guidelines. Requirements vary by national implementation (for example TIBER-DE or TIBER-NL), so confirm a provider's eligibility for the specific scheme you need.

How long does a TIBER-EU engagement take?+

A TIBER-EU engagement runs across three phases (Preparation, Testing, Closure) and typically takes 24 to 27 weeks end to end, with the active red team testing phase lasting two to three weeks.