CyFun stands for CyberFundamentals Framework, an initiative by the Centre for Cybersecurity Belgium (CCB). It is designed to help organizations—regardless of size or sector—build a stronger cybersecurity posture. With clear, actionable measures and a risk-based approach, CyFun enables companies to better protect their digital assets, reduce exposure to common cyber threats such as phishing, ransomware, and data breaches, and improve overall cyber resilience.

The Core of CyFun

The CyFun framework is based on five internationally recognized cybersecurity functions: identify, protect, detect, respond, and recover. These pillars form a structured methodology to assess and improve an organization’s digital risk management. CyFun makes cybersecurity tangible and achievable with practical controls tied to a defined maturity model.

Each measure in CyFun is linked to one of three assurance levels, which represent the expected level of cybersecurity maturity based on the organization’s profile and potential societal impact:

• Basic: the minimum level of protection required for all organizations
• Important: for organizations with increased cyber exposure
• Essential: for operators of critical infrastructure or essential societal services

Each level builds on the previous one, allowing companies to scale their cybersecurity capabilities in manageable steps—without requiring major upfront investment or complex tooling.

Tools and Self-Assessment

To support implementation, CyFun provides helpful tools:

• The CyFun Selection Tool assists in determining the correct assurance level based on business context, threat profile, and potential impact.
• The CyFun Self-Assessment Tool allows organizations to evaluate their current cybersecurity posture and identify areas for improvement.

These tools are freely available on Safeonweb@work, a cybersecurity platform developed by the CCB to strengthen digital security across the Belgian business landscape.

CyFun and Regulatory Compliance

CyFun is aligned with the European NIS2 directive, which will come into effect in October 2024 and imposes stricter cybersecurity obligations for vital sectors and large companies. By adopting CyFun, organizations not only boost their resilience but also move closer to compliance with upcoming regulations.

RiskStudio and CyFun

RiskStudio helps organizations gain real-time insight into digital risks across their supply chain—an area closely aligned with CyFun’s objectives. With RiskStudio, you can automatically assess the cybersecurity posture of suppliers and benchmark them against frameworks like CyFun.

RiskStudio allows you to organize suppliers by risk level or criticality, assign internal ownership, and receive real-time alerts on breaches, vulnerabilities, or ransomware threats. This turns CyFun from an internal security guideline into a practical strategy for managing third-party risk across your ecosystem.

By combining CyFun’s structured approach with RiskStudio’s actionable platform, companies can transition from reactive to proactive supply chain cybersecurity—fast, efficient, and fully aligned with business risk.