Cyber security is often boring for employees. We can make it exciting.
In an era defined by innovation and interconnectivity, one truth persists: people, not systems, remain the primary vector of attack.
From phishing emails that bypass firewalls to insider threats and social engineering attacks that exploit trust instead of code, cybersecurity is not only about machines. It’s about people too.
At Cyber Risk GmbH, we recognize this reality, and we act on it. While many focus on tools and automation, we empower organizations to understand, manage, and reduce human-centered risk through targeted training, strategic insight, and deep regulatory expertise.
Cybersecurity is not a product, it’s a process of trust, discipline, and continuous learning. That’s why we move beyond industry jargon to deliver measurable results. We listen to your needs, analyze your environment, and deliver customized solutions that align with your regulatory, operational, and cultural context. Whether you’re preparing your Board for NIS 2, protecting your employees against social engineering, or building resilience under multiple regulations, we meet you where you are, with precision and integrity.
What sets us apart is straightforward, and built on principles that are too often overlooked today:
1. We deliver what we promise, on time, every time.
2. We respect your needs, and we tailor every solution to fit your specific needs, never offering one-size-fits-all approaches.
3. We honor every detail of the agreement, because true trust is earned through actions that align with our commitments.
You don’t need a vendor who just meets the minimum. You need a partner that helps you navigate complexity, anticipate threats, and achieve real resilience. We’re here to support you, today and tomorrow.
Welcome to Cyber Risk GmbH, delivering clarity in complexity across the global risk and compliance management landscape.
World-Class Social Engineering Defense: Expertise and Training You Can Trust
Social engineering remains one of the most effective and dangerous attack methods used by threat actors. At Cyber Risk GmbH, we bring world-class expertise in understanding and combating these deceptive techniques.
We offer unique training programs specifically tailored to empower executives and employees with practical skills to identify and neutralize social engineering threats. These programs are based on real-world current threat intelligence.
Christina Lekati, psychologist and social engineering training expert can lead these training programs. To learn about her you may visit: https://www.cyber-risk-gmbh.com/About_Christina_Lekati.html
Whether it’s spear phishing, pretexting, or intelligence collection, Christina will help you build resilience against manipulation-based attacks. You can find our training programs at: https://www.cyber-risk-gmbh.com/Training.html
Advanced Cyber Security Training for High-Value Targets
High-value targets, like senior executives, board members, diplomats, critical infrastructure personnel, and individuals with privileged access, face a unique and elevated threat landscape. Their roles and access make them prime targets for advanced persistent threats, social engineering, and espionage.
For high-value targets, attackers do not rely on broad, indiscriminate tactics. Instead, they deploy highly tailored techniques designed to bypass conventional defenses. These techniques go far beyond basic social engineering. They involve deep psychological manipulation, surveillance, and intelligence-gathering aimed at understanding the habits, preferences, and weaknesses of the individual.
At Cyber Risk GmbH, we specialize in protecting these individuals and the sensitive data and operations they manage. Our approach is customized, discreet, and grounded in real-world threat intelligence and adversary behavior. Our training programs include targeted risk assessments, behavioral training, and defensive protocols tailored to the unique profile of each individual. We incorporate elements of operational security, social engineering defense, travel security, digital hygiene, and insider threat mitigation. We also provide one-on-one briefings, confidential simulations, and ongoing advisory.
To learn more you may visit: https://www.cyber-risk-gmbh.com/High_Value_Targets.html
Cybersecurity and Hybrid Threat Training for the Board of Directors
Hybrid threats often blend cyberattacks with political, economic, psychological, and other tactics to achieve strategic objectives without triggering conventional conflict. Unlike isolated cyber incidents, hybrid threats are coordinated, persistent, and state-sponsored.
Reputation attacks are another hallmark of hybrid campaigns, involving disinformation, data leaks, or manipulated content aimed at damaging public confidence, investor trust, or stakeholder relationships. The goal is often to weaken institutions, destabilize markets, or gain geopolitical advantage, without direct confrontation.
Recognizing and responding to such threats requires a multidisciplinary approach, combining cybersecurity, intelligence analysis, and executive-level awareness. Boards of Directors face increasing pressure to provide effective oversight of hybrid and cybersecurity risks. They must understand the modus operandi and the broader landscape of hybrid threats, including disinformation, economic coercion, and cyber-enabled espionage.
At Cyber Risk GmbH, we provide tailored training programs designed specifically for board members. Our sessions help directors gain situational awareness, oversight capabilities, and a strategic understanding of how cyber and hybrid threats impact their organization. Our training includes real-world scenarios, case studies, and intelligence-informed insights, delivered in non-technical language that empowers decision-making.
To learn more you may visit: https://www.cyber-risk-gmbh.com/Board.html
Online Compliance Training, Exam, Certificate of Completion
Compliance is no longer static or narrowly focused. The regulatory landscape, particularly in the European Union, is evolving rapidly, driven by geopolitical challenges, technological innovation, cybersecurity concerns, and the demand for digital sovereignty. Organizations are now expected to demonstrate operational resilience, data stewardship, and ethical use of artificial intelligence.
To meet these challenges, we provide compliance intelligence and specialized online training programs tailored to significant EU directives and regulations. Participants who complete the online program and pass the online exam receive a Certificate of Completion, an independent validation of their knowledge and skills that offers a competitive edge in today’s compliance-driven market.
We offer the following online training programs:
1. NIS 2 Directive Trained Professional (NIS2DTP) Program. The NIS 2 Directive gives the opportunity to risk and compliance managers to implement new and more stringent cybersecurity rules, and to dramatically improve risk prevention, detection, response, incident handling, business continuity, supply chain security, vulnerability handling and disclosures.
According to Article 20 (Governance), the management bodies of essential and important entities must approve the cybersecurity risk-management measures taken by those entities, oversee its implementation, and can be held liable for infringements.
According to Article 20, Member States shall ensure that the members of the management bodies of essential and important entities are required to follow training, and shall encourage essential and important entities to offer similar training to their employees on a regular basis, in order that they gain sufficient knowledge and skills to enable them to identify risks and assess cybersecurity risk-management practices and their impact on the services provided by the entity.
According to Article 21 (Cybersecurity risk-management measures), essential and important entities must take appropriate and proportionate technical, operational and organisational measures to manage the risks posed to the security of network and information systems which those entities use for their operations or for the provision of their services, and to prevent or minimise the impact of incidents on recipients of their services and on other services. You may visit:
https://www.nis-2-directive.com/NIS_2_Directive_Trained_Professional_(NIS2DTP).html
2. Artificial Intelligence Act Trained Professional (AIActTPro) Program. The EU AI Act sets harmonised rules for the development, placement on the market and use of AI systems in the European Union, following a proportionate risk-based approach.
The Act lays down a solid risk methodology to define “high-risk” AI systems that pose significant risks to the health, safety or fundamental rights of persons. Those AI systems will have to comply with a set of horizontal mandatory requirements for trustworthy AI, and follow conformity assessment procedures before those systems can be placed on the EU market.
Clear obligations are placed on providers of AI systems, to ensure safety and respect of existing legislation protecting fundamental rights throughout the whole AI systems’ lifecycle.
A very important development: The placing on the market, putting into service or use of certain AI systems intended to distort human behaviour, whereby physical or psychological harms are likely to occur, is forbidden. Such AI systems deploy subliminal components that individuals cannot perceive, or exploit vulnerabilities of children and people due to their age, physical or mental incapacities. They do so with the intention to materially distort the behaviour of a person and in a manner that causes or is likely to cause harm to that or another person. You may visit:
3. Digital Operational Resilience Act Trained Professional (DORATPro) Program. According to preamble 45 of the Digital Operational Resilience Act (DORA), to ensure full alignment and overall consistency between financial entities’ business strategies, on the one hand, and the conduct of ICT risk management, on the other hand, the financial entities’ management bodies should be required to maintain a pivotal and active role in steering and adapting the ICT risk management framework and the overall digital operational resilience strategy.
The approach to be taken by management bodies should not only focus on the means of ensuring the resilience of the ICT systems, but should also cover people and processes through a set of policies which cultivate, at each corporate layer, and for all staff, a strong sense of awareness about cyber risks and a commitment to observe a strict cyber hygiene at all levels.
The ultimate responsibility of the management body in managing a financial entity’s ICT risk should be an overarching principle of that comprehensive approach, further translated into the continuous engagement of the management body in the control of the monitoring of the ICT risk management. You may visit:
4. Critical Entities Resilience Directive Trained Professional (CERDTPro) Program. The Critical Entities Resilience Directive lays down obligations on EU Member States to take specific measures, to ensure that essential services for the maintenance of vital societal functions or economic activities are provided in an unobstructed manner in the internal market.
While certain sectors of the economy, such as the energy and transport sectors, were already regulated by sector-specific Union legal acts, those legal acts contained provisions which related only to certain aspects of resilience of entities operating in those sectors.
In order to address in a comprehensive manner the resilience of those entities that are critical for the proper functioning of the internal market, the Critical Entities Resilience Directive creates an overarching framework that addresses the resilience of critical entities in respect of all hazards, whether natural or man-made, accidental or intentional.
Critical entities must have a comprehensive understanding of the relevant risks to which they are exposed, and a duty to analyse those risks. To that end, they must carry out risk assessments in view of their particular circumstances and the evolution of those risks and, in any event, every four years, in order to assess all relevant risks that could disrupt the provision of their essential services (‘critical entity risk assessment’). You may visit:
5. Digital Services Act Trained Professional (DiSeActTPro) Program. The Digital Services Act is the most important and most ambitious regulation in the world in the field of the protection of the digital space against the spread of illegal content, and the protection of users’ fundamental rights. It is a comprehensive set of new rules that regulate the responsibilities of intermediaries that connect consumers with goods, services and content. The regulation covers online marketplaces, social networks, content-sharing platforms, app stores, online travel and accommodation platforms, etc.
Very large platforms are now obliged to assess the risks their systems pose, regarding not only illegal content and products, but also systemic risks to the public interests, fundamental rights, public health and security. They must develop appropriate risk management tools and measures to protect the integrity of their services against the use of manipulative techniques. You may visit:
https://www.eu-digital-services-act.com/DiSeActTPro_Training.html
6. Digital Markets Act Trained Professional (DiMaActTPro) Program. The Digital Markets Act (DMA) affects “gatekeeper platforms” like Google, Amazon and Meta, and covers the need for user consent before processing personal data for targeted advertising. It is interesting that most of the companies that are affected by the EU Digital Markets Act and the EU Digital Services Act are based in the United States of America.
The DMA builds a digital level playing field with clear rights and rules for large online platforms (‘gatekeepers’), and ensures that gatekeepers do not abuse their position. Regulating the digital market at EU level creates a fair and competitive digital environment, allowing companies and consumers to benefit from digital opportunities. You may visit:
https://www.eu-digital-markets-act.com/DiMaActTPro_Training.html
7. Data Governance Act Trained Professional (DatGovActTP) Program. The European Data Governance Act is a key pillar of the "European strategy for data". The aim is to create a single European data space, a single market for data, where personal as well as non-personal data, including sensitive business data, are secure, and businesses also have easy access to an almost infinite amount of high-quality industrial data, boosting growth and creating value, while minimising the human carbon and environmental footprint.
The Data Governance Act regulates the re-use of data, boosts data sharing, and encourages the sharing of data for altruistic purposes. Both personal and non-personal data are in scope of the Act, and wherever personal data is concerned, the General Data Protection Regulation (GDPR) also applies. You may visit:
https://www.european-data-governance-act.com/DatGovActTP_Training.html
8. European Chips Act Trained Professional (EChipsActTPro) Program. The European Chips Act is a Regulation that establishes a framework for strengthening the semiconductor ecosystem in the EU, in particular through:
(a) the establishment of the Chips for Europe Initiative (the ‘Initiative’);
(b) setting the criteria to recognise and to support integrated production facilities and open EU foundries that are first-of-a-kind facilities and that foster the security of supply and the resilience of the Union’s semiconductor ecosystem;
(c) setting up a coordination mechanism between the Member States and the Commission for mapping and monitoring the Union’s semiconductor sector as well as crisis prevention and response to semiconductor shortages and, where relevant, consulting stakeholders from the semiconductor sector. You may visit:
https://www.european-chips-act.com/European_Chips_Act_Trained_Professional_(EChipsActTPro).html
9. Data Act Trained Professional (DataActTPro) Program. The European Data Act makes more data available for use, and sets up rules on who can use and access what data for which purposes across all economic sectors in the EU.
According to Article 1, Subject matter and scope, this Regulation lays down harmonised rules, inter alia, on:
(a) the making available of product data and related service data to the user of the connected product or related service;
(b) the making available of data by data holders to data recipients;
(c) the making available of data by data holders to public sector bodies, the Commission, the European Central Bank and Union bodies, where there is an exceptional need for those data for the performance of a specific task carried out in the public interest;
(d) facilitating switching between data processing services;
(e) introducing safeguards against unlawful third-party access to non-personal data; and
(f) the development of interoperability standards for data to be accessed, transferred and used. You may visit:
https://www.eu-data-act.com/Data_Act_Trained_Professional_(DataActTPro).html
Cyber Risk GmbH | Cyber Security Training
Cyber security is ofter boring for employees. We can make it exciting.
