New
Discover our new features page
The solution

Cyber risk is an existential threat— until you measure it.

A managed cyber risk service for small and mid-sized companies, powered by certified cyber risk experts and the C-Trust assessment platform.

Talk to an expertSee princing
In progress Completed edit Not started In progress
80
%
SMEs are the target of 80% of reported cyberattacks in Germany.
BSI, 2025
96
%
System intrusion, social engineering and basic web application attacks account for 96% of breaches on businesses with fewer than 1,000 employees.
Verizon DBIR, 2025
65
%
In the UK, over 65% of all mid-market companies and 46% of small firms experienced a cyber breach or attack in the last 12 months.
UK Cyber security breaches survey, 2025
Feature

Cyber Risk Assessment

A documented cyber risk profile and control maturity rating, produced with a certified cyber risk expert.

Organizational profile covering your business drivers of risk, digital assets, data profile, and regulatory exposure

Cyber maturity assessed across 12 control domains and 60+ controls, including governance, prevention, and resilience

Strengths, gaps, and prioritized improvement actions for every domain

CONTROL MATURITY A 90–100% efficacy A B C D E Optimized · continuous improvement
Loss exceedance curve 100 50 0 P50 · 28.7k €9k €62.6k Probability annual loss exceeds X
Feature

Financial Risk Quantification

Your cyber exposure measured in financial terms, using FAIR — the international standard for the financial quantification of cyber and technology risk.

Monte Carlo simulations model thousands of scenarios to produce most likely cost, worst-case loss, and annualized exposure

Loss exceedance curve shows the probability of losses at every threshold

Financial impact broken down by category — business interruption, incident response, regulatory costs, and reputational damage

Feature

Threat Landscape Analysis

Your organization's threat profile, defined through cyber risk intelligence analysis.

Industry threat intelligence based on real cyber incidents in your sector and revenue bracket

Attack vector analysis across your digital systems, your people, and your third parties

Likelihood of a cyber incident calibrated to your preventive security controls and threat profile

P1 MFA on privileged access 4 wks · 54 k€ × 8,3 P2 Immutable backups 3-2-1 6 wks · 38 k€ × 4,7 P3 EDR on endpoints 8 wks · 120 k€ × 3,1 P4 Anti-phishing training Ongoing · 22 k€ × 2,4 P1 Active Directory hardening 3 wks · 42 k€ × 6,1 P2 Network segmentation (VLAN) 5 wks · 65 k€ × 5,2 P3 Sensitive data encryption 4 wks · 31 k€ × 2,8 P4 Third-party access rights review 2 wks · 18 k€ × 3,4 P1 MFA on privileged access 4 wks · 54 k€ × 8,3 P2 Immutable backups 3-2-1 6 wks · 38 k€ × 4,7 P3 EDR on endpoints 8 wks · 120 k€ × 3,1 P4 Anti-phishing training Ongoing · 22 k€ × 2,4 P1 Active Directory hardening 3 wks · 42 k€ × 6,1 P2 Network segmentation (VLAN) 5 wks · 65 k€ × 5,2 P3 Sensitive data encryption 4 wks · 31 k€ × 2,8 P4 Third-party access rights review 2 wks · 18 k€ × 3,4
Feature

Prioritized Action Plan

Prioritized recommendations you can actually implement, ranked by financial risk reduction.

A roadmap covering technology improvements, governance and training, and cyber insurance

Actions ranked by risk reduction impact, feasibility, and return on investment

Workshops with a cyber risk expert to review your action plan and track progress over time

A board-ready cyber risk report in two weeks

Most companies find out after an incident. C-Trust gives you the answer before.

Get your cyber risk report
Pricing

Choose a plan that matches your needs

All plans include a FAIR-based risk assessment, vendor neutral recommendations, and a multi-use cyber risk report.

Foundation
€4,950
/ year

Perfect for starting your cyber risk journey

1 workspace — a company, a site, or a key system

Resilience assessment

Control assessment

Prioritized action plan to build resilience

Board-ready executive report - twice a year

Book a demo →
Strategic
€9,750
/ year

Comprehensive coverage with regular updates and cyber insurance analysis

2 workspaces — e.g. your HQ + your online platform

Everything in Foundation, plus:

Insurance-ready cyber risk report — get the policy which actually protects your business

Access to a cyber risk advisor

Book a demo →
Most popular
Adaptive
€19,350
/ year

Enhanced monitoring for regulated industries

Up to 4 workspaces — multi-site, OT or complex setups

Everything in Strategic, plus:

Threat intelligence report — threats to watch in your sector

e-learning course “ICT Risk & Digital Resilience for Executives”

Priority access to an advisor

Responsive re-assessment as you evolve

Book a demo →

A workspace = a company, subsidiary, factory/OT system, e-commerce platform or cloud environment.Every edition: cyber risk measured & managed in euros · certified FAIR methodology · vendor-neutral · reports for board, insurer & auditor

Why Choose C-Trust

The only subscription service that helps SMEs and mid-market companies measure cyber risk in financial terms.

Business-First

Financial and operational impact of cyber risk translated into terms your business understands.

Actionable

Concrete, prioritized recommendations your team can act on.

Independent

Vendor-neutral advice for your board, regulators, customers, and insurers.

How It Works

Two weeks to a more resilient business

A structured process, expert-led from start to finish, in two weeks

Discovery
1-hour workshop with your CEO, CFO or business executive

We map your revenue model, digital assets, regulatory obligations, and business priorities into the C-Trust platform.

Evaluation
2–3 hours with your IT admin or service provider

Your C-Trust expert leads workshops to assess your control maturity, resilience capabilities, and gather technical documentation.

Analysis
No time required from you

Your C-Trust analyst builds your financial risk model on the platform, drafts your report, and turns the findings into a prioritized action plan.

Monitor
Results, action plan, progress tracking & risk monitoring

A C-Trust analyst walks you through the report and action plan, with time for Q&A. For the duration of your plan, we monitor risk and track progress.

Talk to a cyber risk expert.

Book your 30-minute demo with a C-Trust expert and learn how to build a roadmap for cyber resilience and growth.

Book a demo →
No commitment
30 minutes
Dedicated expert
We've got answers

Frequently Asked Questions

Answers on timing, how it works, and the methodology behind C-Trust.

Book a demo →

How long does the initial C-Trust assessment take?

Two weeks from kickoff to your final presentation. Your team contributes around four hours of workshops — a 1-hour business discovery and 2–3 hours of IT workshops. Our experts use the data-driven C-Trust platform to do the rest: modeling, report drafting, and action plan prioritization, before delivering the report and answering any questions.

How often is my assessment updated?

Depending on your subscription plan, your assessment is updated up to 4 times a year. Your risk profile evolves with your business, new vendors, new tools, new regulations, so the assessment and action plan is updated on a regular cadence, not as a one-off audit.

Who delivers the C-Trust assessment?

A certified C-Trust expert leads every workshop and presents your report and recommendations. The C-Trust platform is used for the modeling and report generation, but the analysis, recommendations, and prioritization of your action plan are finalized by a senior risk consultant. You're never alone with a dashboard.

What does my team need to prepare?

No technical preparation is required. You'll be asked questions about your business — your revenue model, digital assets, regulatory obligations, and IT environment. Your CEO or CFO covers the business side; your IT admin or IT service provider will provide the technical details.

What methodology does C-Trust use?

The C-Trust platform is built on FAIR — the international standard for the financial quantification of cyber and technology risk. Our risk mgmt. approach is ISO31000 and 27005 compliant and our control model aligns to industry and national cybersecurity authorities. C-Risk, the company behind C-Trust, sits on the FAIR Institute Advisory Board, and our consultants hold OpenFAIR, CISSP, CISA, and CISM certifications.