Cybersol B.V.

Cybersol operates at a critical junction in the security sector: the gap between operational defense and legal accountability. The cybersecurity industry has historically separated these into distinct silos — technical security teams handle detection and response, while legal and compliance teams manage contractual obligations and regulatory requirements. When an incident occurs, these two worlds collide under extreme time pressure, and organisations discover they have no operational infrastructure connecting them. Cybersol exists to close that gap.

Our specific contribution to the sector is in Third-Party Risk Management. As digital supply chains grow more complex, the third-party attack surface has become one of the most significant threat vectors — the Verizon DBIR 2025 confirms that third-party involvement in breaches has doubled to 30%. Traditional security tools protect internal infrastructure, but they do not address the contractual and regulatory obligations that are triggered when a breach crosses organisational boundaries. This is where Cybersol focuses: making the external obligation landscape as visible

and manageable as the internal security posture.

To achieve these goals, Cybersol is developing OBLIGO. OBLIGO is designed to answer the question that every organization faces during a cyber incident but few can answer quickly: what are we obligated to do, for whom, and by when? It bridges the operational disconnect between security teams and legal functions, providing a single governance layer that works alongside existing security infrastructure.

This work directly supports the sector's adaptation to the new European regulatory framework. NIS2, DORA, and related directives impose strict notification and accountability requirements on thousands of organisations — obligations that vary per contract and per regulation. Cybersol provides the governance infrastructure that enables organisations to meet these requirements operationally, not just on paper. In doing so, we help the security sector shift from reactive compliance toward defensible, embedded resilience — ensuring that technical security investments are backed by the governance architecture they need to be legally robust.