TIBER-EU Penetration Testing Providers
Threat Intelligence-Based Ethical Red Teaming (European Framework) · Published by European Central Bank
TIBER-EU is the European framework for threat intelligence-based ethical red teaming, developed by the European Central Bank (ECB) to test the cyber resilience of financial institutions and financial market infrastructures. Adopted in 2018, TIBER-EU provides a standardised approach across EU member states for conducting controlled, bespoke, intelligence-led red team tests that mimic the tactics, techniques, and procedures of genuine threat actors targeting the financial sector.
The framework defines three mandatory phases: a threat intelligence phase where a certified threat intelligence provider analyses the specific threats facing the target institution, a red team testing phase where a certified red team provider simulates attacks based on that intelligence, and a closure phase including replay workshops and remediation planning. TIBER-EU tests are designed to be realistic — testing live production systems with scenarios based on actual threat actor behaviour specific to the institution being tested.
National implementations of TIBER-EU exist across Europe, including TIBER-NL (Netherlands), TIBER-DE (Germany), TIBER-BE (Belgium), TIBER-FI (Finland), and TIBER-IT (Italy). The framework has been influential beyond Europe, with similar frameworks adopted in other regions. TIBER-EU tests are typically commissioned by financial regulators and require specialised providers with experience in both threat intelligence gathering and advanced red team operations. The framework represents the most demanding form of security testing for financial institutions, going far beyond traditional penetration testing to validate an organisation's ability to detect and respond to sophisticated, targeted attacks.
Key Features
- —ECB-developed financial sector framework
- —Three-phase intelligence-led approach
- —Tests live production environments
- —National implementations across EU
- —Mandatory threat intelligence phase
Best For
- —Financial services institutions
- —Central banks and payment systems
- —EU-regulated financial entities
- —Critical financial market infrastructure
- —Systemically important institutions
Providers using TIBER-EU (5)
NCC Group
Global cybersecurity consultancy with CREST, CHECK, and CBEST accreditation, renowned for deep technical research and comprehensive penetration testing services.
Nettitude
CREST, CHECK, and CBEST accredited UK consultancy within Lloyd's Register, delivering premium penetration testing for government and critical infrastructure.
Mandiant
World-renowned cybersecurity firm now part of Google Cloud, delivering threat intelligence-led penetration testing and red teaming informed by front-line incident response experience.
WithSecure
Leading European cybersecurity firm offering penetration testing with deep expertise in EU regulatory compliance including GDPR, NIS 2, and TIBER-EU.
SEC Consult
Leading European cybersecurity consultancy from Vienna with a prolific vulnerability research program and deep expertise in IoT and embedded systems security.
TIBER-EU FAQs
Who needs TIBER-EU testing?+
TIBER-EU is primarily aimed at systemically important financial institutions, central banks, financial market infrastructures, and other entities designated by national financial regulators. It is increasingly expected for major banks and payment systems across the EU.
How does TIBER-EU differ from standard penetration testing?+
TIBER-EU is threat intelligence-led, meaning attacks are based on real threat actor analysis specific to the target. It tests live production systems, covers the full attack lifecycle, and evaluates detection and response capabilities — far more comprehensive than standard pen testing.
How long does a TIBER-EU engagement take?+
A full TIBER-EU engagement typically takes 6-12 months from initiation to closure, including the threat intelligence phase (2-3 months), red team testing phase (2-3 months), and closure phase with replay workshops and remediation planning.