C-Risk launches C-Trust, end-to-end cyber risk management for European SMEs and mid-market companies.
A financial measurement of cyber risk and a prioritised action plan — now within reach for SME’s.
C-Trust, a new service from C-Risk, is available on the European market from July 1, 2026. The first cyber risk management subscription service dedicated to small and medium-sized businesses, C-Trust unlocks the power of a financial measurement of cyber risk without the complexity or fees of large consulting firms. It provides a pragmatic solution for senior management to understand cyber risk exposure in business terms and put in place the governance process and action plan to protect their organisation.
45 to 60%¹ of SMEs fall victim to a cyberattack each year, at an average cost of between €50,000 and €60,000² per incident, rising to over €230,000³ for one in eight businesses. At the same time, NIS2 and DORA now extend regulatory obligations to the SME market, creating personal liability for executives. In response to these challenges, C-Trust offers a concrete and accessible solution, starting from €4,950 per year, for a market that existing offerings have failed to adequately serve.
The solution takes the form of an annual subscription to automated cyber risk management services, designed to answer the question that leadership teams are asking: “How much would a cyberattack cost us, and what should we do to protect ourselves?” Clients receive a risk exposure report and dashboard using business language and financial metrics. The assessment is updated throughout the year and includes access to a risk management consultant. The service tracks the financial impact of a cyber-attack as well as cyber and resilience maturity and provides concrete recommendations to reduce risk exposure. It is multi-purpose, aligned to national cybersecurity agencies best practice and can be presented to senior management, regulators, external partners and cyber insurance brokers.
C-Trust is distributed through a network of trusted partners — IT service providers, professional service providers and accounting practices — enabling SMEs to access cyber governance expertise through the advisors they already know. C-Trust is built on the deep experience of C-Risk, a highly specialised ICT risk management provider with a ten-year track record serving clients including Mastercard, Richemont and Heidelberg Materials. C-Risk’s global leadership in risk management is recognised in the 2026 Gartner Hype Cycle for Cyber Risk Management. The C-Trust risk management methodology is based on the FAIR standard and C-Risk is a sponsor and active member of the FAIR Institute.
“Cyber risk quantification is not reserved for large corporations. It is a capability that answers a universal question: what is the financial impact of cyber risk to the organisation, how should this shape our business strategy and our operational response? C-Trust uses a business-centric view of digital assets, cyber hygiene and IT resilience to advise senior management on how to best protect the business while maintaining compliance. The result is an answer that’s accessible to every business, regardless of size.”
Tom Callaghan, co-founder of C-Risk
“NIS2 and DORA now engage the personal liability of executives — but most SMEs have neither a CISO nor a structured cyber budget to address this. For years, I’ve seen them stuck between large consulting fees they can’t afford and a complete lack of visibility into their actual exposure. C-Trust is the third way: a serious answer, at an accessible price, delivered by trusted advisors they already know — their accountant, their auditor, or their IT service provider.”
Christophe Forêt, co-founder and chairman of C-Risk
About C-Risk and C-Trust
C-Risk helps organisations move towards a safer digital economy through data-driven risk management and cyber risk quantification using the FAIR standard. We have worked with companies across Europe since 2016 to translate complex cyber risks into clear, actionable business decisions. C-Trust is C-Risk’s offering for SMEs and mid-market companies — a comprehensive solution that provides a financial view of cyber risk, an assessment of security measures and their resilience, and a prioritised action plan, in compliance with NIS2, DORA, and the EU AI Act.
Visit c-risk.com and c-trust.ai — follow C-Trust on LinkedIn
