Mapping the Cybersecurity Landscape in Central & Eastern Europe

Our research includes companies operating in the cybersecurity software space, excluding those whose value proposition is heavily reliant on consultancy services, with headquarters or founding headquarters in Central & Eastern Europe, based on data from Dealroom queries. In the next section, we will provide an overview on each category identified and emerging trends for each use case. 

Given the recently growing number and complexity of cyber-attacks, the criticality of security operations has become more pronounced. Security Operations Centers (SOCs) and response teams are continually required to perform a multitude of operational tasks, making automation indispensable for improving efficiency and enabling teams to focus on actual breaches and significant issues. In this regard, we have identified three key areas for operational improvement: Threat detection and vulnerability management, cybersecurity compliance, and automated offensive cybersecurity.

Threat detection and vulnerability management platforms aim to solve the problem of the inability of Security Operations Center (SOC) teams to effectively use the vast amounts of data generated by threat detection software and act on it. These platforms address this issue by not only identifying potential threats and vulnerabilities but also by making the data around these vulnerabilities actionable. They provide SOC teams with clear, prioritized insights and remediation steps, enabling them to respond swiftly and effectively to security incidents. By integrating advanced analytics, real-time monitoring, and automated response capabilities, these platforms enhance the overall security posture of organizations, reduce the risk of breaches, and ensure a proactive approach to cybersecurity.

Selected companies: Binalyze, Blackshell, CBRX, Cryeye, Dashbird, Ellio Technology, ICSEC, Kikimora, Patchstack, RIFFSEC

Many organizations do not have a dedicated compliance department, leaving their security teams to manage compliance responsibilities. The conventional tools employed are becoming insufficient to meet the escalating compliance requirements. Automated cyber compliance platforms deliver both time and cost efficiencies, ensuring that the complexity of security compliance does not scale with business growth. These platforms offer real-time monitoring, emphasizing that security compliance is a continuous process rather than a one-time goal.

Selected companies: Cyber Upgrade, Sagenso, Sypher

Offensive cybersecurity, including practices like red teaming and penetration testing*, focused on prevention and vulnerability identification through simulated attacks on infrastructure, is undergoing a shift towards productization, also thanks to the latest advancements in AI. AI agents can now orchestrate and execute cybersecurity tests by simulating attacks on infrastructure. Additionally, AI can identify new types and vectors of attacks, which is crucial as the number and complexity of vulnerabilities and attack methods continue to evolve. 

Selected companies: 1strike, Cycommsec, Seif.ai, Splx.ai, Trickest

Startups in this field focus on ensuring that individuals or entities are who they claim to be in the digital realm and have the right to access that digital realm. New methods verify user-provided information through biometrics, document checks, multi-factor authentication, behavioral analytics and password less-authentication to confirm identities during access, thereby preventing unauthorized access and fraud. 

Selected companies: Alcatraz AI, Authologic, Blinking, Digital Fingerprints, Mark ID, Nethone, Secfense, Trustmatic, TypingDNA, Wultra

Network security is a broad term encompassing various measures and protocols designed to protect the integrity, confidentiality, and availability of computer networks and data.  The group includes technology securing cloud systems, mobile and in-app protection and IoT safety.  Within this extensive category, the region has produced some of the most widely used consumer VPNs globally, including Surfshark and Nord Security. Initially largely used by a subset of niche businesses from the 1990s onwards, nowadays VPNs are used more for personal use than business use, often adopted by individuals not only for security concerns but also to access streaming services and contents only available in certain areas. Given the increased awareness of cybersecurity among the B2C market too, solutions focused on mobile security and in-app protection are also experiencing a growth in demand. Covid-19 has been a major force that intensified the need for secure online activities as many organizations transitioned online, thus the demand for reliable and most importantly, network-optimized VPNs is growing. If you are interested in learning more about the development of VPNs, we recommend this reading.

Selected companies: Blindspot, BotGuard, Cyscale, GreyCortex, IP Fabric, Malloc, Scalarr, Spin.ai, Talsec, Whalebone

Operations in Fraud and Fincrime Prevention remains slow and laborious, leading to expensive business processes, lengthy customer onboarding delays, and increased financial crime compliance risk. There is a strong demand and implementation of AI-powered systems that prioritize alerts, allowing higher-risk alerts to rise to the top for review and thereby reducing the time wasted on false positives. Furthermore, an additional potential solution is a better coordination and data sharing among institutions, which could significantly enhance the detection and prevention of emerging financial crime methods. 

Slected companies: Resistant AI, Salv, Seon, SilentEigh

Highly relevant for the financial services and healthcare sectors, techniques such as encryption and federated learning enable safe data collaboration, secure communications, and data monetization. Following the open banking and open finance trends, open data—sharing information across different industries like healthcare and financial services—is expected to become increasingly common. Therefore, the urgent need for secure data exchange is paramount.

Selected companies: Axoflow, PrivMX Fusion, Trusted Twin

Just as generative AI has introduced a new wave of potential cybersecurity threats (e.g. AI generated fake identities), the advent of quantum computing will similarly bring significant security challenges. As quantum computing technology progresses, the imperative to transition to post-quantum cryptographic solutions becomes increasingly urgent. The shift to post-quantum cryptography solutions has been also pushed by government initiatives: in April of this year, the European Commission issued a recommendation on transitioning to post-quantum cryptography, followed by NIST in the United States releasing its first set of post-quantum cryptography standards. These actions provide organizations with a clear path forward to secure their systems using quantum-safe algorithms. But are organizations prepared for adoption?

Selected companies: RANDAEMON, Resquant

We firmly believe that the cybersecurity startup ecosystem in Central and Eastern Europe, brimming with talent and innovation, holds immense potential for further growth and development. Cybersecurity remains a critical area for the financial sector, aligning closely with the priorities of Elevator Ventures. While this overview highlights some of the key players, it is by no means exhaustive, and we are eager to uncover and support new companies emerging from this vibrant ecosystem. The journey ahead promises to be dynamic and impactful, and we are excited to see how the region continues to shape the future of cybersecurity.