TIBER-LU framework


TIBER-LU framework

Enhancing cyber resilience of the Luxembourgish financial ecosystem


In an evolving cyberthreat landscape, the financial services industry is one of the most targeted. Regulators and consumers alike expect financial institutions to adequately safeguard their critical assets and data. To meet these expectations, financial institutions must increasingly comply with various cybersecurity regulations and accordingly implement security standards and guidelines.

In particular, the Digital Operational Resilience Act (DORA), which will enter into force soon, will require financial institutions to regularly perform Threat-Led Penetration Tests in accordance with the TIBER-EU framework.

However, some organizations may be hesitant or unequipped to assess the effectiveness of their defenses and security measures against sophisticated and real-world cyberattacks.

The TIBER-LU framework

In 2018, the European Central Bank (ECB) published the TIBER-EU (Threat Intelligence-based Ethical Red Teaming) framework to give financial institutions, national authorities, regulators, and security providers the first European-wide framework to lay the foundation for testing the cyber resilience of the greater financial ecosystem.

TIBER-EU was introduced to address the rapidly growing security challenges faced by entities that are part of the core financial infrastructure, at a national or European level. This framework can also be used for any type or size of entity across other sectors.

TIBER-LU, the Luxembourg implementation and transposition of TIBER-EU, was adopted by the Banque Centrale du Luxembourg (BCL) and the Commission de Surveillance du Secteur Financier (CSSF) in October 2021.

The main goals of TIBER-LU are to:

  • Assist organizations in assessing their protection, detection, response and resilience against cyber-attacks.
  • Test the cyber resilience of the Luxembourg financial market.
  • Facilitate testing for cross-border organizations supervised by multiple European authorities.

How we can help?

You will be supported by our highly skilled specialists, who combine market-leading technologies with Deloitte's experience and knowledge of cybersecurity and broader risks to deliver contextual analysis to our clients. We can handle the scale and complexity of multi-stakeholder testing and provide you with comprehensive test results recognized across borders. Your local Deloitte Luxembourg team is supported by the capabilities and cutting-edge technology of Deloitte Cyber Intelligence Centers (CICs) around the world. This provides you with a holistic view of potential threat scenarios and resilience strategies.

Threat intelligence (TI) services

Our Threat intelligence analysts gather information about threat actors and their techniques tactics and procedures (TTPs) relevant to your organization. Combined with targeted intelligence regarding you (the targeted organization), plus your critical economic functions, systems, employees and infrastructure, a set of realistic scenarios will be provided to the Red Team.

As part of a TIBER-LU test compliant with the TIBER-EU framework , we provide threat intelligence to your organization in the form of a targeted threat intelligence report. We use multiple sources of intelligence to provide you with an assessment that is as accurate and up to date as possible.

Red teaming (RT) services

Deloitte’s Red Team mimics the threat actors and their TTPs. During the red teaming exercise, the scenarios are executed based on priority, attacking the human, physical and cyber elements of your organization’s information security – with the objective of gaining unauthorized access to sensitive data or critical systems.

Once the red teaming operations are completed, our red team will present you with results that include an executive summary of the engagement and its outcomes, a detailed breakdown of all findings, technical details and techniques used, root cause analysis, indicators of compromises, attack path flows, tactical and strategic recommendations for mitigations or lessons learned.

After completing TI or RT services, we can provide a signed TIBER-EU Attestation to confirm that the test was conducted in accordance with framework requirements. We also support our clients in the following areas depending on their specific needs:

  • Designing TIBER-LU governance and program: We support you from the early stages of your journey to implementing TIBER-LU, including designing the program, shaping its governance, training your team, and setting up the necessary communication protocols and procedures.
  • Purple teaming: We help you conduct additional replay sessions or interactive lessons-learned sessions to follow up previously executed TIBER-LU exercises or on a specific threat simulation. This helps you enhance your detection and responsive capabilities, and your organization’s ability to detect and respond to sophisticated adversaries.
  • Mock TIBER-LU exercise: We support you by running a mock TIBER-LU exercise in anticipation of an actual mandated TIBER-LU that will be executed by another threat intelligence and/or red teaming provider.


Stéphane Hurtaud

Stéphane Hurtaud

Partner | Cyber Security Leader

Stéphane is a partner within our Risk Advisory practice. He has over 25 years of experience in the IT risk, Information Security and IT audit fields, with a strong focus on the financial services indu... More

Yasser Aboukir

Yasser Aboukir

Director | Cyber Risk Services

Yasser joined Deloitte in 2015, and currently serves as Director in Risk Advisory, specialized in Cyber Risk. Since 2011, Yasser built an extensive experience in security assessments, incident respons... More

Insert CSS fragment. Do not delete! This box/component contains code needed on this page. This message will not be visible when page is activated.