Cybersol B.V. Joins Security Delta (HSD) as Premium Partner!

Cybersol B.V. recently joined Security Delta (HSD) as a Premium Partner! Cybersol B.V. is a European cybersecurity firm specialising in cyber governance and third-party risk. Their work sits at the intersection of three domains that are typically siloed: cybersecurity operations, legal and contractual obligations, and regulatory compliance.

CEO Murat Hüseyin Candan (CISSP since 2007, Executive MBA), founded a multinational cybersecurity group in 2008 and registered its Dutch entity, then operating under the Barikat brand, at the Chamber of Commerce in 2017. Over the following years, he built the group into a full cybersecurity ecosystem: from technology startups, to a distribution company accelerating emerging cyber ventures, an innovation-oriented R&D lab, and one of the region’s leading SOC and MDR operations.

Following a successful exit in September 2025, Candan committed to the Netherlands for the long term with a singular focus: building operational accountability infrastructure for cybersecurity. The Dutch entity was formally renamed to Cybersol B.V. in October 2025 via articles of amendment, marking a clean corporate separation. The name reflects the company’s new focus: solving (“sol”) cybersecurity governance challenges.

Cybersol’s activities are organised around three pillars:

1. Third-Party Cyber Due Diligence and Exposure Assessment; Cybersol B.V. helps organisations understand and manage the cybersecurity risks embedded in their supply chain relationships.
2. Obligation Governance and Liability Mapping: they operationalise the obligations, liability clauses, and compliance requirements buried in service agreements.
3. AI-Informed Early Warning and Incident Readiness: they use threat intelligence and AI to provide early warning when a supplier incident may trigger obligations. At the heart of their work is OBLIGO, which Cybersol describes as a Cyber Liability Operating System, currently in development. When a cybersecurity incident occurs, OBLIGO tells you exactly what to do.

Strategic positioning within the HSD ecosystem

Cybersol’s decision to establish in the Netherlands and settle permanently in The Hague was deliberate. The Hague is where NIS2 enforcement infrastructure is taking shape, where innovation in cybersecurity governance belongs, and where the institutional ecosystem exists to support it. Within that context, Security Delta (HSD) was a decisive factor. For a company building operational accountability infrastructure for cyberspace, this is the natural environment.

Becoming an HSD Premium Partner was driven by three considerations, Candan says:

1. Strategic alignment; OBLIGO does not develop detection or prevention tools; it builds governance infrastructure. While many cybersecurity companies focus on events before or during an incident, OBLIGO addresses what follows. This complementary capability strengthens the ecosystem, and HSD provides the appropriate platform to develop it.
2. Collaboration; Effective obligation governance requires access to real-world operational structures, legal and compliance expertise, and pilot partners willing to test with operational data. HSD offers the network density needed to establish these connections and build traction in the Dutch market.
3. Structured acceleration; The biannual strategic sessions with an Innovation Liaison, access to capital networks, and the integrated focus on market, knowledge, innovation, talent and funding align precisely with the needs of an early-stage cybersecurity company. The objective is not support for its own sake, but strategic acceleration.

Their engagement with HSD is therefore not symbolic, but a deliberate strategic anchoring within the ecosystem required to build and scale governance infrastructure for Europe’s cybersecurity landscape.

Murat Hüseyin Candan: “Cybersol needs to understand the market dynamics and specifics of the Netherlands, which is an area where we depend significantly on HSD and the resources accessible through Premium Partnership. This is a two-way relationship, and we are eager to contribute to the community as much as we draw from it.”

From detection to accountability in cybersecurity

Cybersol brings a specific capability: operational accountability infrastructure. Most companies build security tools for detection, monitoring, and response. Cybersol addresses what happens next: when a breach is detected, who must be notified, within what timeframes, and how organisations prove they met their obligations. Besides that, Cybersol also contributes regulatory expertise on NIS2, DORA, and GDPR notification frameworks, and specifically how regulatory requirements interact with the obligations embedded in service agreements.

A growing compliance gap

The scale of third-party cyber risk is growing at an alarming rate, Candan states. The 2025 Verizon Data Breach Investigations Report found that 30% of breaches now involve third-party relationships, doubled from 15% just a year ago. Organisations invest heavily in detection and prevention tools, but when an incident occurs, they discover a blind spot: they cannot quickly determine what they are required to do.

Consider both sides of a single incident. A Managed Service Provider managing 200 client networks suffers a breach. On their side, they must determine within hours what must be done per customer, per service, and per regulation, and through which specific channels. Today, this often means calling lawyers at 2 AM. Now consider their clients, NIS2-regulated organisations that outsource critical IT services to that same MSP. When the breach hits, the regulatory obligation does not transfer with the outsourcing. These organisations still own their notification duties, but they depend on a third party to understand what happened, assess the impact, and respond within compressed timelines. They need to know: what do our contracts require the MSP to do? Are they meeting those requirements? And what must we report independently to regulators? OBLIGO serves both sides of this equation.

This challenge is intensifying for three reasons. First, regulatory pressure: NIS2, DORA, and GDPR all mandate specific notification timelines with significant penalties for non-compliance, up to EUR 10 million or 2% of global turnover under NIS2. Second, supply chain complexity: every supply chain relationship is a potential liability injection point. Third, the capability gap: enterprise GRC platforms address this for large organisations but cost EUR 50,000+ annually, making them inaccessible to the 8,000 -10,000 Dutch SMEs entering NIS2 scope.

Collaborations

Cybersol B.V. is actively seeking collaborations in several specific areas:

1. Pilot partners for OBLIGO validation; Cybersol is looking for additional NIS2-regulated organizations, particularly MSPs and mid-market organizations, willing to test OBLIGO.
2. Legal and compliance domain expertise; Cybersol welcomes connections to legal professionals with experience in IT service agreements, SLA frameworks, and data processing agreements across multiple EU jurisdictions.
3. AI and development talent; they are looking for NL-based developers to strengthen their product team.
4. Complementary technology partnerships; OBLIGO is designed to integrate with existing security infrastructure rather than replace it. They are interested in collaborations with SIEM/SOAR providers, GRC platform developers, CLM system providers, and threat intelligence vendors.
5. Research and knowledge collaboration; they welcome collaboration with academic institutions and research groups working on regulatory technology and cybersecurity compliance.
6. Hardware partnerships; looking ahead to 2027, they anticipate demand from clients requiring on-premises deployment of OBLIGO due to the highest levels of privacy and data sovereignty requirements.

Ambitions

Cybersol’s ambitions are structured in phases that build on validated results rather than speculative growth projections. In 2026, their primary focus is developing and validating the OBLIGO proof-of-concept to reach Technology Readiness Level 4: validated with real obligations from pilot partners. Post-project, they plan to deploy OBLIGO as a SaaS platform and transition pilot partners to paid subscriptions.

Looking further ahead, Cybersol wants to expand OBLIGO’s capabilities beyond Dutch IT service obligations to cover cross-border EU obligations across multiple jurisdictions and regulatory frameworks. Cybersol has the vision to make OBLIGO the standard infrastructure for obligation governance during cybersecurity incidents. In a city that hosts the International Court of Justice, building accountability infrastructure for cyberspace is not just a product pitch; it is a governance mission aligned with what The Hague represents.

Also interested in becoming part of our ecosystem? Please contact @info@securitydelta.nl for more information as we are always excited to expand our community!