External Cyber Risk Transparency

YouhaveanITdepartment,
orevenaCISO.
Whyshouldn'tthatbeenough?

Because your employees aren't liable. You are!

Attacks on your company are prepared where your security has no visibility. Scematiq uncovers what attackers are actively preparing against you, and gives your teams the tools to take countermeasures in time.

Scroll

Learn more

>€0 M

Cumulative liability risk

NIS2 + DORA + CER + GDPR

Ø 0 Days

attackers remain undetected

despite existing IT security

€0

Insurance coverage

for regulatory violations

up to 0 Days

Early warning of attack

for timely countermeasures

Schedule a meeting Why this concerns you →

Fourassumptions. Allfourwrong.

Most executives have delegated cybersecurity internally. That makes sense. But it doesn't protect you from what happens outside.

"That's what my CISO is for."

Law: NIS2 § 20

Your CISO is responsible for implementation within your system boundary. Legal liability lies with the board and management, personally and directly. Your CISO doesn't see what's being prepared against you in hacker forums, darknet markets, and at your suppliers. Scematiq makes exactly that visible.

"That's what we have cyber insurance for."

Law: Insurance Law

Fines and sanctions under NIS2, DORA and CER are explicitly not insurable. Regulatory violations remain with you personally, regardless of any policy.

"We have firewall, EDR, a SOC contract."

Law: CER / RKEG

These tools see what happens internally. Ransomware, malware and data breaches are prepared externally: in hacker forums, in your supply chain, via compromised service providers. No internal tool has visibility there. Scematiq operates exactly there.

"We don't fall under NIS2."

Law: Corporate Law

The duty of care for managing directors applies always – regardless of NIS2 or DORA. Negligent omission of adequate IT security establishes personal liability. Additionally: Affected third parties (customers, partners) can claim damages directly against you under GDPR Art. 82.

Your IT protects what's inside .
Attacks are prepared outside .

In closed forums, on your suppliers' infrastructure, in compromised supply chains. No internal tool sees there. Scematiq operates exactly there and delivers curated insights, not raw data.

What you see

Your security zone

Firewall & Network Monitoring
Endpoint Detection & Response
SIEM / SOC Alerts
Vulnerability Scanning
Patch Management
Internal Access Controls

← Your visibility ends here

What you don't see

Where attacks originate →

Active Ransomware Groups & APTs
Hacker Forums & Darknet Markets
Your compromised suppliers
Leaked credentials of your employees
Phishing infrastructure targeting your brand
C2 servers targeting your IP

Scematiq operates right here →

"Security reacts. External intelligence prevents. The limit of your internal visibility is not the limit of your risk."

No one is too small. No one too unimportant.

Sample excerpts of documented incidents in Austria 2022–2026. The dark figure is approximately 1:5 (according to industry experts).

OrganizationIndustryType

Marktgemeinde LangenzersdorfPublic AdministrationRansomware

holluIndustry / SMERansomware

CS Caritas SocialisSocial ServicesData Leak

TU WienUniversity / ResearchRansomware

KREISEL ElectricTechnology / AutomotiveRansomware

Wasserverband WulkatalCritical InfrastructureRansomware

Woom GmbHConsumer Goods / ExportRansomware

BiogenaPharma / SupplementsData Leak

PEZ InternationalFMCG / InternationalRansomware

Bank99Financial ServicesData Leak

Land KärntenState AdministrationRansomware

Hitzinger GmbHEnergy / IndustryRansomware

Marktgemeinde LangenzersdorfRansomware

Public Administration

holluRansomware

Industry / SME

CS Caritas SocialisData Leak

Social Services

TU WienRansomware

University / Research

KREISEL ElectricRansomware

Technology / Automotive

Wasserverband WulkatalRansomware

Critical Infrastructure

Woom GmbHRansomware

Consumer Goods / Export

BiogenaData Leak

Pharma / Supplements

+4 more documented incidents

All incidents publicly documented. Sources: Media reports, BSI, CERT.at.

You are personally liable. Not delegable.

Four laws. All in force or imminent. All with explicit personal liability for executives.

NIS2

€10 M

or 2% of annual revenue

Professional ban for executives possible.

Austria: Fall 2026

DORA

€5 M

or 1% of daily revenue

Professional ban possible.

Financial sector. Already in force.

CER / RKEG

Personal

CEO & Board directly liable

Critical infrastructure.

Austria: from April 2026

Insurance

Doesn't apply

Legal sanctions excluded

Regulatory fines explicitly not insurable.

Cumulative liability risk

>€0 Million

Externalvisibility. Auditableevidence.
Operationaldefense.

We make externally visible what's happening against you, so you can decide based on real data.

Traditional IT Securityscematiq

Reacts after the impactEarly warning up to 30 days before the attack

Questionnaires & self-assessmentTechnical real-time verification by analysts

Trust through certificationReal infection data from your suppliers

Alert flood without contextCurated decision recommendations, actionable

Only sees your system boundaryOperates in hacker forums, darknet, supply chains

◎

Ransomware Early Detection

>80% detection rate, at least 1 week – often 30 days – before impact.

⊗

Phishing & Brand Takedown

Contractual takedown 48h – actual average 2–4 hours.

◈

Supply Chain Security

Technical validation based on real infection data.

◇

NIS2 / DORA Compliance

Continuously updated, audit-proof.

○

Credential Intelligence

>5 million compromised credentials analyzed per year.

◉

Executive Protection

Monitoring for exposed individuals.

0 B+

Prevented Damage

HUMINT Analysts, 24/7

Monitored APT Groups

Made in EU

Trusted by

What's happening externally against your company right now?

In an initial conversation, we'll explain how the product works and can go into technical depth if desired.

Schedule a meeting

YouhaveanITdepartment,orevenaCISO.Whyshouldn'tthatbeenough?