Cordaata makes cyber risk management a measurable business discipline. Business leaders deserve to know where they are exposed and what it would cost. Cordaata makes that possible.
Algemene beschrijving (incl. samenvatting van onderstaande vier punten, deze beschrijving wordt gepubliceerd)
Cordaata was designed to answer two questions that most organisations cannot. What are our most critical systems? And what would it cost if they failed?
Cyber risk is real and the consequences fall directly on the business. Operations stop, customers are affected, money is lost. Boards are being asked to govern risk they cannot see, in terms they cannot act on. Regulation raises the stakes further. NIS2, DORA, and the Cyber Resilience Act add legal and financial consequences on top of the operational ones.
Most organisations are trying. But they do not know which systems are critical, how long they could survive without them, or what a failure would cost. Without that, there is no way to prioritise. The default response is to buy more tools. But more tools do not solve a prioritisation problem. And leadership is left making decisions without the full picture.
Cordaata was founded in 2025 by a team that had already built and taken a cybersecurity product to market together. Their combined experience spans cybersecurity, enterprise risk management, and SaaS product development. It is built for the businesses where the people responsible for cyber risk are stretched. They work with tools that were not designed for the job. The outputs tick boxes without making the business more secure. They saw this gap repeat and built the platform they wished had existed.
The Cordaata platform starts from the business, not the technology. Structured questions are answered by the people who work in the organisation. Their responses connect assets to the tasks they support. Controls are assessed. Risk is quantified in euros using the FAIR methodology. The result is a risk profile built around how that specific organisation operates in practice. It stays current as the business changes. Leadership finally knows where they are exposed and where to focus. Cordaata is building the platform that makes that possible for organisations across Europe that need to take cyber risk seriously.
Beschrijf het product of dienst van uw start-up op basis van probleemoplossing, concurrentie, disruptie en/of technologie
Most organisations approach this through a combination of compliance frameworks, periodic risk assessments, and security tooling. Some invest in dedicated cyber risk quantification, though tools in that space typically require specialist knowledge to operate and a consulting engagement to get started. GRC platforms address compliance but do not produce financial risk figures. Neither approach is built to extract how the business actually works.
Cordaata does. It uses a structured interview model to capture how the organisation operates, who depends on what, and what the consequences of failure would be. The process is approachable. It does not require a risk analyst or a consulting engagement to get started. From those inputs the platform builds an asset map tied to real business tasks, assesses controls against those specific assets, and applies the FAIR methodology to produce risk figures in financial terms. Not just statistics and colour codes. Numbers that can be compared against the cost of a control, presented to a board, or used to justify an investment decision.
That single shift drives everything that follows. Cordaata turns risk management into a continuous practice rather than a periodic project. The model updates as the business changes. Compliance reporting for NIS2, DORA, or any other framework becomes a byproduct of that practice rather than a standalone exercise.
Beschrijf de markt op basis van omvang, onderscheidend vermogen, marketingplan, successen, marge en/of schaling
According to Market Data Forecast, the European cybersecurity market was worth $68 billion in 2024 and is growing at over 12% annually. Within that, the cyber risk quantification market is expanding faster still, with analysts at Mordor Intelligence projecting it to grow from around $4 billion today to nearly $10 billion by 2031. Regulation is accelerating demand. NIS2, DORA, and the Cyber Resilience Act are pulling organisations across sectors into scope and the majority expect a permanent increase in cybersecurity budgets as a result.
The gap in the market is specific. According to Mordor Intelligence, Europe faces a shortage of more than 299,000 qualified cybersecurity professionals. Organisations cannot hire their way out of the problem. The consultants, vCISOs, and managed service providers that fill this gap are in high demand but face their own capacity constraints. In a 2024 report by Cynomi, 93% of service providers reported feeling overwhelmed by cybersecurity frameworks, and nearly all MSPs and MSSPs that do not yet offer vCISO services plan to add them. The market is growing faster than the expertise available to serve it.
Cordaata is built to work alongside this ecosystem. The platform gives consultants, vCISOs, and managed service providers a faster and more structured way to deliver risk assessments and produce outputs that stay current between engagements. It reduces the time required to build a credible risk baseline and raises the quality of what they can deliver to clients. For organisations with internal security teams, it gives those teams a process and a platform they can own without needing to build the methodology from scratch.
We grow through intermediary channels across the EU, working with consultants, vCISOs, and managed service providers who serve organisations under regulatory pressure. For example, NIS2 enforcement is rolling out across member states now, creating immediate and specific demand. Each partner extends our reach across their existing client base. The SaaS model scales efficiently as the network grows. Margins improve as the partner base expands and delivery costs remain low. There is no professional services dependency built into the model. Revenue is recurring and tied to ongoing platform use rather than one-time engagements.
Beschrijf het team van uw start-up op basis van samenstelling, ontwikkeling, aansturing en/of competenties
Cordaata was built by four founders who have worked together before, each leading their own area of the business. Their previous experience spans a successful cybersecurity startup, giving them a shared foundation in building and taking security products to market. Together they bring four competencies that are directly relevant to the problem they are solving: cybersecurity domain expertise, enterprise risk management, SaaS platform engineering, and commercial go-to-market execution in the European market.
The cybersecurity and risk expertise comes from founders who have spent their careers inside organisations and alongside them. Managing risk programmes, advising on security strategy, and working directly with the leadership teams that have to make decisions without the right information. That experience shaped the product requirements before any technology decisions were made.
The platform is built and operated by a development team with deep experience scaling SaaS applications in regulated industries. Architecture, infrastructure, and security-by-design are informed by experience delivering production-grade software. Core development is owned internally.
On the commercial side, the team has direct experience taking cybersecurity products to market across Europe. Building channel partnerships, developing positioning for non-technical buyers, and validating the product against real customer needs. The team expands through specialist engagement and partner relationships as the business grows, rather than building large internal headcount.
Beschrijf de business van uw start-up op basis van visie, successen, tegenslagen, schaalbaarheid en/of plannen.
According to Market Data Forecast, the European cybersecurity market was worth $68 billion in 2024 and is growing at over 12% annually. Within that, the cyber risk quantification market is expanding faster still, with analysts at Mordor Intelligence projecting it to grow from around $4 billion today to nearly $10 billion by 2031. Regulation is accelerating demand. NIS2, DORA, and the Cyber Resilience Act are pulling organisations across sectors into scope and the majority expect a permanent increase in cybersecurity budgets as a result.
The gap in the market is specific. According to Mordor Intelligence, Europe faces a shortage of more than 299,000 qualified cybersecurity professionals. Organisations cannot hire their way out of the problem. The consultants, vCISOs, and managed service providers that fill this gap are in high demand but face their own capacity constraints. In a 2024 report by Cynomi, 93% of service providers reported feeling overwhelmed by cybersecurity frameworks, and nearly all MSPs and MSSPs that do not yet offer vCISO services plan to add them. The market is growing faster than the expertise available to serve it.
Cordaata is built to work alongside this ecosystem. The platform gives consultants, vCISOs, and managed service providers a faster and more structured way to deliver risk assessments and produce outputs that stay current between engagements. It reduces the time required to build a credible risk baseline and raises the quality of what they can deliver to clients. For organisations with internal security teams, it gives those teams a process and a platform they can own without needing to build the methodology from scratch.
We grow through intermediary channels across the EU, working with consultants, vCISOs, and managed service providers who serve organisations under regulatory pressure. For example, NIS2 enforcement is rolling out across member states now, creating immediate and specific demand. Each partner extends our reach across their existing client base. The SaaS model scales efficiently as the network grows, and margins improve with it. Revenue is recurring and tied to ongoing platform use.