What is CYRA?

What is CYRA?

CYRA is a Dutch national framework and certification method for cybersecurity maturity and information security. It provides organizations with a clear, step-by-step approach to assess, improve, and certify their cyber resilience. As of January 2025, CYRA is officially managed by the Centre for Crime Prevention and Safety (CCV) in the Netherlands.

The method is especially designed for SMEs and growing companies seeking a structured way to strengthen digital security.

Structure of the CYRA method

CYRA uses a maturity model that starts with an “Entry” level and supports growth across areas like IT security, privacy, supply chain responsibility, and – optionally – digital subversion.

Key features of CYRA:

  • Self-assessment with a standardized set of controls
  • Practical improvement tips tailored to each level
  • Certification available via independent third parties
  • Accessible for SMEs and larger companies alike
  • Alternative to inconsistent customer-specific questionnaires

With the integration of the Digital Subversion Framework (NDO), CYRA also supports certification for organizations working to counter digital criminal influence.

Not to be confused with RiskStudio’s Cyber Ratings

While the name is the same, CYRA is completely separate from the cyber ratings generated by RiskStudio. RiskStudio’s ratings are based on technical scanning, public data, and its own scoring model. CYRA, in contrast, is a manually assessed certification system that evaluates organizational maturity and preparedness.

CYRA and RiskStudio

For RiskStudio users, CYRA certificates can serve as an additional data point in evaluating suppliers. While RiskStudio provides dynamic and automated cyber ratings, CYRA offers insight into the structural and organizational cybersecurity readiness of a party.

RiskStudio helps you combine technical risk indicators with structural certification insights like CYRA, enabling more strategic decisions and targeted follow-up actions.

Tags :
Share This :

Investigate 


any Company

with ease

Get immediate insights into a company’s digital risks — and focus your efforts where it matters most. As easy as buying a credit check, just enter a name or domain to order any CompanyReport