Cyb3r Operations lands €4.6 million to confront third‑party cyber threats
London-based cybersecurity startup Cyb3r Operations has raised €4.6 million in fresh funding, in a round led by leading European investor Octopus Ventures. The capital will be used to expand its platform for managing third‑party cyber risk, as enterprises grapple with increasingly complex digital supply chains and a rising wave of attacks originating from partners, vendors and service providers.
The investment underscores how critical supply chain security and vendor risk management have become for organizations that rely on cloud services, outsourced IT, and interconnected software ecosystems. Rather than focusing solely on defending their own networks, companies are now under pressure to understand and continuously monitor the security posture of every third party that touches their data.
Why third‑party cyber risk is becoming unmanageable
High‑profile incidents such as the SolarWinds breach and widespread exploitation of software dependencies have shown that attackers increasingly prefer to compromise a single trusted provider and use that access as a gateway into hundreds or thousands of downstream customers. This shift has turned third‑party risk from a compliance checkbox into a board‑level concern.
Many enterprises maintain sprawling ecosystems of suppliers, cloud platforms, managed service providers and niche software vendors. Traditional approaches to assessing these partners — questionnaires, point‑in‑time audits and manual reviews — have proven too slow and shallow to keep pace with today’s cyber threats. Security teams are often left with incomplete visibility into who has access to what, which vendors are most critical, and where the real exposure lies.
Cyb3r Operations is positioning itself as a specialized solution to this problem, offering continuous oversight of third‑party security posture and actionable insights that can be integrated into enterprise risk and procurement processes.
How Cyb3r Operations tackles vendor and supply chain exposure
The Cyb3r Operations platform is designed to give organizations a living map of their external digital ecosystem. Rather than relying solely on static questionnaires, the company combines external attack‑surface assessment, data enrichment and workflow automation to build a dynamic picture of risk.
Continuous monitoring instead of static questionnaires
Where many legacy tools focus on one‑off assessments, Cyb3r Operations emphasizes continuous monitoring. The platform tracks changes in a vendor’s exposed infrastructure, configuration and known vulnerabilities, allowing security teams to detect new weaknesses as they emerge rather than months later.
This approach aligns with the growing adoption of continuous controls monitoring and zero‑trust security principles, where trust is not granted permanently but must be re‑evaluated as conditions change.
Prioritization based on business impact
Not every vendor presents the same level of danger. The platform helps organizations classify suppliers by criticality, data access and connectivity, then correlates that information with technical findings. This enables risk and security leaders to focus first on third parties whose compromise would have the greatest operational, financial or regulatory impact.
By tying technical signals to business context, Cyb3r Operations aims to bridge the long‑standing gap between security operations and enterprise risk management.
Integrated workflows for security, procurement and compliance
Another area of focus is integration with existing enterprise workflows. Cyb3r Operations is built to feed its risk insights into tools used by procurement, legal and compliance teams, supporting decisions on contract terms, onboarding, offboarding and ongoing vendor oversight.
As regulations such as the EU’s NIS2 Directive, DORA (Digital Operational Resilience Act) in financial services, and sector‑specific cyber rules tighten expectations around third‑party risk management, companies are under mounting pressure to demonstrate that they have systematic processes in place. Platforms like Cyb3r Operations are increasingly seen as enablers of both compliance and operational resilience.
Octopus Ventures backs a growing cybersecurity niche
Octopus Ventures, one of Europe’s most active early‑stage investors, led the €4.6 million round, signaling strong conviction in the growth of the third‑party risk category within the broader cybersecurity market. The firm has previously backed a range of security and infrastructure startups, and its participation is likely to give Cyb3r Operations both capital and strategic support as it scales.
The funding will be directed toward product development, expanding the company’s engineering and threat research teams, and deepening integrations with enterprise tooling. A portion of the capital is also expected to support go‑to‑market efforts in Europe and potentially North America, where regulatory and customer pressure around vendor risk is particularly intense.
Rising demand from boards, regulators and insurers
Multiple forces are converging to make third‑party cyber risk a priority for large organizations:
- Board oversight: Corporate boards are increasingly requesting clear reporting on supply chain exposure, asking security leaders to quantify risk linked to vendors and partners.
- Regulatory pressure: Financial services, healthcare, critical infrastructure and public sector organizations face explicit obligations to manage and document third‑party security controls.
- Cyber insurance: Insurers are tightening underwriting standards, often probing how well clients understand and manage their vendor ecosystem before issuing or renewing policies.
These trends create a favorable environment for platforms like Cyb3r Operations, which promise to turn fragmented, spreadsheet‑driven processes into structured, continuously updated risk programs.
Positioning within the competitive cybersecurity landscape
The market for third‑party risk management tools is becoming more crowded, with established GRC platforms, external attack surface management vendors and specialized TPRM startups all vying for enterprise budgets. Cyb3r Operations is betting that a sharp focus on cyber‑specific supply chain risk, paired with deep automation and business‑aware prioritization, will differentiate it from generic compliance software.
As organizations continue to digitize operations and extend their reliance on cloud and SaaS providers, the number of external connections will only grow. Investors are increasingly convinced that dedicated tooling will be required to keep that expanding ecosystem secure.
With fresh backing from Octopus Ventures and a clear focus on one of the most pressing challenges in modern cybersecurity, Cyb3r Operations is positioning itself as a key player in how enterprises understand, quantify and reduce the risk that comes not from their own networks, but from everyone they do business with.