What Is CyFun?
CyFun, short for CyberFundamentals Framework, is an initiative developed by the Centre for Cybersecurity Belgium (CCB).
It helps organizations of all sizes — from SMEs to large enterprises — strengthen their cybersecurity posture through clear, practical, and risk-based measures.
With CyFun, companies can better protect digital assets, reduce exposure to common threats like phishing, ransomware, and data breaches, and improve overall resilience.
The framework provides a simple yet structured way to make cybersecurity tangible, measurable, and scalable — without requiring complex tools or large budgets.
The Core of the CyFun Framework
At its heart, CyFun is built around five internationally recognized cybersecurity functions, inspired by the NIST Cybersecurity Framework:
-
Identify – Understand your assets, risks, and threat landscape.
-
Protect – Implement safeguards to ensure service continuity.
-
Detect – Establish monitoring to identify security events promptly.
-
Respond – Define clear procedures for handling incidents.
-
Recover – Maintain resilience and restore operations after disruptions.
These five functions form a structured methodology that organizations can use to evaluate and strengthen their digital risk management capabilities.
By focusing on gradual maturity improvement, CyFun bridges the gap between high-level security principles and everyday business operations.
A Risk-Based Maturity Model
A key strength of CyFun is its three-tier assurance model, which allows organizations to scale their cybersecurity maturity step by step.
Each level builds on the previous one, aligning expectations with the organization’s size, impact, and exposure:
-
Basic – The foundational level of protection, recommended for all organizations.
-
Important – For companies facing increased exposure to cyber threats or handling sensitive data.
-
Essential – For operators of critical infrastructure or organizations delivering essential societal services.
This modular design makes cybersecurity improvement accessible and achievable, even for organizations without extensive security resources.
By progressing through the levels, companies can demonstrate accountability, align with best practices, and benchmark their maturity against peers.
Practical Tools and Self-Assessment
To ensure adoption is simple, CyFun provides a set of free implementation tools developed by the Centre for Cybersecurity Belgium (CCB).
CyFun Selection Tool
This tool helps organizations determine the appropriate assurance level based on factors like business context, sector, threat profile, and potential societal impact.
CyFun Self-Assessment Tool
This questionnaire enables organizations to evaluate their current cybersecurity posture, identify maturity gaps, and prioritize improvement actions.
Both tools are freely available via Safeonweb@Work, a digital platform launched by the CCB to promote cybersecurity awareness and readiness across the Belgian business community.
CyFun and Regulatory Alignment
CyFun is closely aligned with the European NIS2 Directive, which came into effect in October 2024.
NIS2 imposes stricter cybersecurity requirements on vital sectors and large organizations throughout the EU.
By adopting the CyFun framework, organizations:
-
Strengthen their cybersecurity maturity through structured improvement.
-
Address risk management, governance, and incident response requirements of NIS2.
-
Create a foundation for future compliance and certification initiatives.
In short, CyFun prepares businesses for NIS2 readiness while enhancing their resilience to modern cyber threats.
How RiskStudio Complements CyFun
While CyFun focuses on internal maturity and structured self-assessment, RiskStudio extends its impact across the digital supply chain.
In today’s interconnected environment, an organization’s cybersecurity posture is only as strong as that of its suppliers and partners.
That’s where RiskStudio adds value.
RiskStudio turns CyFun principles into action by providing:
-
Automated supplier assessments – Evaluate vendors’ cybersecurity posture against frameworks like CyFun and NIS2.
-
Continuous monitoring – Track vulnerabilities, data breaches, and ransomware incidents in real time.
-
Smart grouping and ownership – Organize suppliers by risk level, business unit, or critical process.
-
Actionable insights – Translate data into prioritized improvement actions and governance dashboards.
By combining CyFun’s structured methodology with RiskStudio’s data-driven intelligence, organizations can move from reactive to proactive supply chain cybersecurity management.
This partnership transforms CyFun from an internal security framework into a living, operational strategy that covers the entire ecosystem.
From Framework to Practice
CyFun and RiskStudio share a common goal:
To make cybersecurity practical, measurable, and sustainable.
Together, they help organizations:
-
Build cybersecurity maturity step by step.
-
Understand risks across the supply chain.
-
Achieve compliance readiness under NIS2.
-
Demonstrate digital responsibility to regulators and customers.
Whether you’re starting from the Basic level or aiming for Essential assurance, RiskStudio ensures you have the insights and tools to continuously improve.
Frequently Asked Questions (FAQ)
1. What is CyFun?
CyFun stands for CyberFundamentals Framework — a national initiative by the Centre for Cybersecurity Belgium (CCB) to help organizations improve cybersecurity maturity.
2. Who can use CyFun?
Any organization, regardless of size or sector, can use CyFun to assess and strengthen its cybersecurity posture.
3. How does CyFun relate to NIS2?
CyFun aligns closely with the NIS2 Directive and helps organizations prepare for compliance with upcoming cybersecurity regulations in the EU.
4. What tools are available to support CyFun?
The CyFun Selection Tool and Self-Assessment Tool — both available via Safeonweb@Work — help determine assurance levels and evaluate maturity.
5. How does RiskStudio complement CyFun?
RiskStudio expands CyFun’s principles into supply chain risk management by continuously monitoring suppliers, identifying weaknesses, and enabling data-driven decisions.
6. Is CyFun mandatory?
No, CyFun is voluntary, but it provides an excellent foundation for organizations that fall under NIS2 or wish to demonstrate cybersecurity governance.
Conclusion
The CyberFundamentals Framework (CyFun) empowers Belgian organizations to take control of their cybersecurity in a structured, practical way.
When combined with RiskStudio’s real-time monitoring and supply chain insights, it becomes a powerful strategy for resilience, compliance, and confidence.
Together, they represent a shift from awareness to action — and from static compliance to continuous improvement.