Cyb3r Operations lands $5.4M to modernise cyber risk oversight
London-based cybersecurity startup Cyb3r Operations has raised $5.4 million in funding to overhaul how organisations monitor their third-party and supply chain cyber exposure. The round is led by leading European investor Octopus Ventures, backing the company’s vision to replace slow, error-prone manual audits with continuous, automated cyber risk intelligence.
From static audits to real-time cyber risk visibility
Enterprises today rely on sprawling ecosystems of vendors, cloud providers, contractors and software suppliers. Each external partner can introduce new vulnerabilities, yet most organisations still assess those risks through annual questionnaires, spreadsheets and manual security reviews. This approach often leaves security teams blind to fast-moving threats.
Cyb3r Operations aims to close that gap by delivering real-time visibility into third-party and supply chain cyber risks. Instead of relying on static attestations, the platform continuously collects and analyses data to build a live, evidence-based picture of an organisation’s external attack surface.
The startup’s technology focuses on automating what has traditionally been a labour-intensive process. By consolidating signals from multiple sources and applying advanced cyber risk analytics, Cyb3r Operations enables security and risk leaders to see where their most critical exposures lie — and act before attackers exploit them.
Why third-party and supply chain cyber risk is surging
High-profile breaches over the last decade have repeatedly shown that attackers often target the weakest link in a company’s supply chain rather than the company itself. Compromised software updates, insecure vendors and poorly protected partners have all been used as entry points into otherwise well-defended networks.
Regulators and customers are responding with stricter expectations around third-party risk management. Frameworks such as NIST, ISO 27001 and various sector-specific standards increasingly emphasise the need for continuous oversight rather than one-off assessments. Boards and audit committees are also demanding more granular, real-time reporting on cyber resilience.
Yet many organisations remain stuck with legacy processes. Security teams can spend months chasing vendors for questionnaire responses, reconciling inconsistent data and attempting to prioritise findings. This often results in outdated risk views that fail to capture emerging threats such as zero-day vulnerabilities, exposed credentials or misconfigured cloud services.
Cyb3r Operations positions itself directly at this pain point. By replacing manual, survey-driven audits with automated intelligence, the company aims to give enterprises a dynamic, continuously updated understanding of their extended digital footprint.
How Cyb3r Operations’ platform works
While full technical details remain proprietary, the core concept behind Cyb3r Operations is to combine scalable data collection with intelligent analysis to map and monitor cyber risk across complex ecosystems.
Continuous external attack surface monitoring
The platform is designed to identify and track the assets, services and technologies associated with an organisation’s third parties. This can include exposed infrastructure, web applications, cloud resources and publicly visible configuration details. By treating each vendor and supplier as an extension of the organisation’s own attack surface, Cyb3r Operations helps security teams understand where attackers might gain a foothold.
Automated risk scoring and prioritisation
To help teams cut through noise, the platform assigns dynamic risk scores based on factors such as vulnerability exposure, security misconfigurations, leaked credentials, domain hygiene and other indicators of compromise. These scores can be used to prioritise remediation efforts, shape vendor onboarding decisions and inform security governance discussions at executive level.
Replacing manual audits with evidence-based intelligence
Traditional third-party security questionnaires rely heavily on self-reported data, which can be incomplete, outdated or overly optimistic. Cyb3r Operations instead focuses on observable, verifiable signals. By automating data collection and analysis, the platform reduces the administrative burden on both enterprises and vendors, while improving the accuracy of cyber risk assessments.
Octopus Ventures backs a new model for cyber governance
The $5.4 million round, led by Octopus Ventures, signals growing investor conviction that third-party and supply chain security is one of the most critical frontiers in modern cybersecurity. The firm, known for backing high-growth technology companies across Europe, is betting that automated, continuously updated intelligence will become the standard for enterprise risk oversight.
With this new capital, Cyb3r Operations is expected to accelerate product development, expand its engineering and go-to-market teams, and deepen integrations with existing security operations, GRC platforms and vendor management tools used by large organisations.
The funding also underscores London’s continued strength as a hub for cybersecurity innovation, drawing on a talent pool that spans financial services, defence, intelligence and cloud-native software engineering.
What this means for CISOs and risk leaders
For CISOs, Chief Risk Officers and compliance leaders, the emergence of platforms like Cyb3r Operations reflects a broader shift from reactive to proactive cyber risk management. Rather than relying on annual reviews and point-in-time audits, organisations are increasingly expected to demonstrate continuous oversight of their critical suppliers and partners.
Real-time third-party visibility can support multiple strategic goals: reducing the likelihood of supply chain breaches, improving regulatory alignment, strengthening customer trust and enabling more informed decisions about which vendors to onboard or retain. It can also help security teams communicate more effectively with boards by providing quantifiable, up-to-date metrics on external cyber exposure.
As digital ecosystems grow more interconnected, the boundary between internal and external infrastructure continues to blur. The funding round for Cyb3r Operations highlights how investors and enterprises alike are prioritising tools that can illuminate those grey areas, turning opaque supply chains into measurable, manageable sources of cyber risk.