Skip links

TIBER-EU Framework Revealed: Protecting Europe’s Financial World Landscape

Jump To Section

TIBER-EU Framework

Intro and Overview

TIBER-EU, which stands for Threat Intelligence-Based Ethical Red Teaming for the European Union, has become a crucial part of making online security stronger within the financial sector. Designed to address the unique challenges faced by financial institutions, TIBER-EU is a collaborative initiative that empowers organizations to proactively assess and enhance their cyber resilience. This blog covers the key components, objectives, and importance of the TIBER-EU framework, and helps understand its role in the ongoing fight against cyber threats across European financial institutions.

Why is TIBER-EU important for European financial institutions?

Financial entities across Europe are urged to integrate TIBER-EU into their cybersecurity strategies due to their specialized and thorough nature. This framework takes a focused and strategic approach, carefully checking the cyber strength of important business services. When companies go through a complete TIBER-EU assessment, they get valuable insights into potential problems, helping them fix issues early. Following TIBER-EU rules aligns them with regulations, meeting industry standards and boosting trust in the financial world. Using TIBER-EU makes cybersecurity stronger and makes stakeholders feel confident about the security and reliability of financial operations.

Who are the key stakeholders in the TIBER-EU process?

Several key stakeholders play crucial roles in the TIBER-EU process:

National Authority: The overseeing authority, typically the national financial supervisory body, guides and supervises the TIBER-EU assessment to ensure alignment with the framework.

Red Team: The external ethical hacking team responsible for conducting the TIBER-EU assessment, simulating real-world cyber-attacks to evaluate the organization’s defenses.

Critical Functions Owners: Representatives from within the organization who oversee and manage critical business services and systems being assessed.

TIBER-EU Coordinator: The coordinator ensures seamless communication and collaboration between all stakeholders, facilitating the efficient execution of the TIBER-EU assessment.

Accreditations Required

To participate in a TIBER-EU assessment, service providers must hold specific accreditations like the ethical hacking team must possess relevant certifications, demonstrating expertise in simulated attack scenarios and threat intelligence analysis.

Project Team Structure and Key Points

Effective collaboration is essential for a successful TIBER-EU assessment. Key points to consider are:

Communication: Open and transparent communication between the National Authority, Red Team, and Critical Functions Owners is vital throughout the assessment.

Information Sharing: Critical Functions Owners must share necessary information with the Red Team to ensure a thorough and realistic assessment of cybersecurity defenses.

Continuous Support: The organization should provide ongoing support to the Red Team during the assessment, addressing queries and facilitating a smooth evaluation process.

What are the five phases of the TIBER-EU framework?

Phase 1: Preparation

  • Identification of Critical Functions and Systems:

Organizations identify and define the critical functions and systems that are essential to their operations and require protection.

  • Selection of the Red Team:

A team of cybersecurity experts, known as the Red Team, is selected. This team is responsible for simulating cyber-attacks and assessing the security measures of the organization.

  • Coordination with the National Authority:

The organization coordinates with the National Authority, which is responsible for overseeing and facilitating the TIBER-EU assessment. This ensures compliance with regulatory requirements and standards.

Phase 2: Intelligence Gathering

  • Red Team Conducts Threat Intelligence Analysis:

The Red Team gathers information on the latest cyber threats, vulnerabilities, and attack techniques relevant to the organization.

  • Scenarios for Simulated Attacks Are Developed:

Based on threat intelligence, the Red Team creates realistic scenarios for simulated cyber-attacks that may pose a threat to critical functions and systems.

  • Communication with Critical Functions Owners for Insights:

The Red Team communicates with the owners of critical functions to gain insights into the organization’s specific processes, vulnerabilities, and potential weak points.

Phase 3: Execution

  • Simulated Cyber-Attacks Are Carried Out by the Red Team:

The Red Team executes simulated cyber-attacks according to the predefined scenarios, testing the organization’s security measures and response capabilities.

  • Response and Resilience of Critical Functions Are Evaluated:

The effectiveness of the organization’s response and resilience mechanisms in the face of simulated cyber-attacks is evaluated, providing insights into areas that need improvement.

  • Continuous Communication and Coordination Among Stakeholders:

Ongoing communication and coordination take place among stakeholders, including the Red Team, Critical Functions Owners, and the National Authority, to ensure a comprehensive assessment.

Phase 4: Reporting

  • Detailed Report on Vulnerabilities and Findings:

The Red Team compiles a detailed report outlining the vulnerabilities, weaknesses, and findings discovered during the assessment.

  • Recommendations for Remediation and Improvement:

Based on the assessment results, the Red Team provides recommendations for remediation and improvement of the organization’s cybersecurity posture.

  • Presentation to the National Authority and Critical Functions Owners:

The findings and recommendations are presented to both the National Authority and the owners of critical functions, ensuring transparency, and facilitating the implementation of necessary changes.

Phase 5: Remediation

  • Organization Addresses Identified Vulnerabilities:

The organization takes corrective actions to address the vulnerabilities and weaknesses identified during the assessment, implementing the recommended remediation measures.

  • Continuous Monitoring and Improvement of Cybersecurity Measures:

Continuous monitoring is established to track the effectiveness of implemented measures, and ongoing improvements are made to enhance the organization’s overall cybersecurity resilience.

  • Coordination with the National Authority for Compliance Verification:

The organization coordinates with the National Authority to verify compliance with cybersecurity standards and to ensure that the remediation efforts align with regulatory requirements. 


Adopting the TIBER-EU framework signals a commitment to enhancing cybersecurity resilience in the face of evolving threats. Through collaborative efforts and simulated attacks, TIBER-EU provides a comprehensive understanding of an organization’s vulnerabilities, guiding targeted remediation efforts. This framework not only ensures immediate cybersecurity improvements but also serves as a catalyst for continuous enhancement, elevating the overall cyber resilience of European financial institutions. TIBER-EU acts like a guiding light for being proactive in defense, making the financial world stronger against the increasing challenges of the digital age.

Picture of Nikhil Badsheshi

Nikhil Badsheshi

Latest Reads


Suggested Reading

Ready to Unlock Your Enterprise's Full Potential?

Vikas Krishan

Chief Digital Business Officer and Head of the EMEA region

Vikas (Vik) Krishan serves as the Chief Digital Business Officer and Head of the EMEA region for Altimetrik. He is responsible for leading and growing the company’s presence across new and existing client relationships within the region.

Vik is a seasoned executive and brings over 25 years of global experience in Financial Services, Digital, Management Consulting, Pre- and Post-deal services and large/ strategic transformational programmes, gained in a variety of senior global leadership roles at firms such as Globant, HCL, Wipro, Logica and EDS and started his career within Investment Banking. He has developed significant cross industry experience across a wide variety of verticals, with a particular focus on working with and advising the C-Suite of Financial Institutions, Private Equity firms and FinTech’s on strategy and growth, operational excellence, performance improvement and digital adoption.

He has served as the engagement lead on multiple global transactions to enable the orchestration of business, technology, and operational change to drive growth and client retention.

Vik, who is based in London, serves as a trustee for the Burma Star Memorial Fund, is a keen photographer and an avid sportsman.

Megan Farrell Herrmanns

Chief Digital Officer, US Central

Megan is a senior business executive with a passion for empowering customers to reach their highest potential. She has depth and breadth of experience working across large enterprise and commercial customers, and across technical and industry domains. With a track record of driving measurable results, she develops trusted relationships with client executives to drive organizational growth, unlock business value, and internalize the use of digital business as a differentiator.

At Altimetrik, Megan is responsible for expanding client relationships and developing new business opportunities in the US Central region. Her focus is on digital business and utilizing her experience to create high growth opportunities for clients. Moreover, she leads the company’s efforts in cultivating and enhancing our partnership with Salesforce, strategically positioning our business to capitalize on new business opportunities.

Prior to Altimetrik, Megan spent 10 years leading Customer Success at Salesforce, helping customers maximize the value of their investments across their technology stack. Prior to Salesforce, Megan spent over 15 years with Accenture, leading large transformational projects for enterprise customers.

Megan earned a Bachelor of Science in Mechanical Engineering from Marquette University. Beyond work, Megan enjoys playing sand volleyball, traveling, watching her kids soccer games, and is actively involved in a philanthropy (Advisory Council for Cradles to Crayons).

Adaptive Clinical Trial Designs: Modify trials based on interim results for faster identification of effective drugs.Identify effective drugs faster with data analytics and machine learning algorithms to analyze interim trial results and modify.
Real-World Evidence (RWE) Integration: Supplement trial data with real-world insights for drug effectiveness and safety.Supplement trial data with real-world insights for drug effectiveness and safety.
Biomarker Identification and Validation: Validate biomarkers predicting treatment response for targeted therapies.Utilize bioinformatics and computational biology to validate biomarkers predicting treatment response for targeted therapies.
Collaborative Clinical Research Networks: Establish networks for better patient recruitment and data sharing.Leverage cloud-based platforms and collaborative software to establish networks for better patient recruitment and data sharing.
Master Protocols and Basket Trials: Evaluate multiple drugs in one trial for efficient drug development.Implement electronic data capture systems and digital platforms to efficiently manage and evaluate multiple drugs or drug combinations within a single trial, enabling more streamlined drug development
Remote and Decentralized Trials: Embrace virtual trials for broader patient participation.Embrace telemedicine, virtual monitoring, and digital health tools to conduct remote and decentralized trials, allowing patients to participate from home and reducing the need for frequent in-person visits
Patient-Centric Trials: Design trials with patient needs in mind for better recruitment and retention.Develop patient-centric mobile apps and web portals that provide trial information, virtual support groups, and patient-reported outcome tracking to enhance patient engagement, recruitment, and retention
Regulatory Engagement and Expedited Review Pathways: Engage regulators early for faster approvals.Utilize digital communication tools to engage regulatory agencies early in the drug development process, enabling faster feedback and exploration of expedited review pathways for accelerated approvals
Companion Diagnostics Development: Develop diagnostics for targeted recruitment and personalized treatment.Implement bioinformatics and genomics technologies to develop companion diagnostics that can identify patient subpopulations likely to benefit from the drug, aiding in targeted recruitment and personalized treatment
Data Standardization and Interoperability: Ensure seamless data exchange among research sites.Utilize interoperable electronic health record systems and health data standards to ensure seamless data exchange among different research sites, promoting efficient data aggregation and analysis
Use of AI and Predictive Analytics: Apply AI for drug candidate identification and data analysis.Leverage AI algorithms and predictive analytics to analyze large datasets, identify potential drug candidates, optimize trial designs, and predict treatment outcomes, accelerating the drug development process
R&D Investments: Improve the drug or expand indicationsUtilize computational modelling and simulation techniques to accelerate drug discovery and optimize drug development processes