Dealio Research Project

Cyberfort

From Compliance to Continuous Cyber Resilience

How Dealio used CYBERFORT to transform Cyber Resilience Act readiness, cybersecurity governance, and risk management into a continuous operational process in a fintech/finance sector environment.

About the project

The EU-funded CYBERFORT project strengthens the cybersecurity of small and medium-sized enterprises by helping them meet the requirements of the Cyber Resilience Act (CRA). It provides tailored tools, guidance, and training while fostering collaboration among cybersecurity firms, national authorities, and industry stakeholders. With an open platform for resources and a focus on knowledge exchange, CYBERFORT aims to build a more resilient and cyber-aware SME sector across Europe.

As a key member of the CYBERFORT consortium, Dealio actively contributed to developing the CYBERFORT platform and led the dedicated finance-sector pilot. Drawing on its longstanding expertise in risk management, Dealio focused on practical CRA readiness activities that connect assets, risks, controls, policies, assessments and evidence into a coherent operational workflow. A particular focus of the pilot was Transport Layer Security (TLS) as a foundational, horizontal requirement for securing data flows across Dealio’s fintech infrastructure, in direct alignment with the essential cybersecurity requirements set out in Annex I of the CRA.

The pilot demonstrated how CYBERFORT can support fintech SMEs in moving from periodic compliance preparation to continuous cyber resilience, structured risk governance, and greater visibility across security and compliance activities.

HARMONY is a Dealio-led research and innovation project developing an AI-driven hedging intelligence framework for financial risk management. The project moves beyond traditional risk models that rely on static assumptions and historical data, building instead a system that combines domain-specific machine learning with contextual financial, macroeconomic, and geopolitical signals. A core design principle of HARMONY is integrating human expertise into the AI workflow, ensuring algorithmic outputs are interpretable, trustworthy, and aligned with regulatory frameworks such as the EU AI Act.

Main objectives

  • Define and structure CRA obligations, requirements and compliance scope through a dedicated framework.

  • Maintain a complete inventory of assets, systems and third-party components with clear traceability.

  • Assess, prioritise and track risks with clear ownership and mitigation
    planning.
  • Implement and monitor controls to strengthen governance and security maturity.

  • Run structured assessments and measure CRA readiness across the organisation.

  • Establish central visibility across assessments, policies and compliance status through continuous monitoring.

  • Validate the CYBERFORT platform under real-world fintech conditions, collecting meaningful feedback on its practical utility and effectiveness in relation to the CRA.

Key achievements

  • CRA readiness assessment completed.

  • Centralised visibility across assets, risks and controls established.

  • Governance and compliance workflows fully operationalised.

  • Improved traceability and evidence management across the organisation.

  • Secure-by-design awareness strengthened across the team.

  • The platform demonstrated clear value across multiple roles, from risk analysts to software architects and developers, and proved effective as a training and awareness toolkit.

Looking ahead

  • Continuous monitoring and recurring assessments as standard practice.

  • Automated compliance evidence collection.

  • Integration of validation into development workflows.

  • Expanded use of technical analysis results to define new metrics and more advanced analytics.

  • Further evaluation of selected CYBERFORT capabilities.

Acknowledgement

This project was carried out as part of the CYBERFORT project, which has received funding from the European Union’s DIGITAL Europe Programme under grant agreement no. 101190281.