London-based Cyb3r Operations has raised £4 million to provide organisations with continuous visibility into third-party cyber risk. The round was led by Octopus Ventures, with follow-on investment from Pi Labs, bringing total funding to £5 million.

As organisations increasingly depend on expanding networks of SaaS platforms, cloud services, AI tools and external suppliers, cyber risk is becoming more distributed and harder to control. More than a third of major cyber incidents now involve third parties, yet many companies continue to rely on periodic questionnaires, spreadsheets and static audits that fail to reflect how risk evolves in real time.

Cyb3r Operations was founded to address this challenge by replacing fragmented, manual processes with continuous, automated oversight integrated across an organisation’s technology environment. The company works with large enterprises to identify and monitor third-party cyber risks across their supply chains on an ongoing basis.

Rather than producing abstract risk metrics with limited operational value, the platform highlights the most critical external relationships, tracks how risk changes over time, prioritises response actions and supports organisational resilience. It also surfaces vulnerabilities across third-party ecosystems, including compliance gaps, shadow IT, extended supply-chain exposures and other risks often missed by traditional point-in-time assessments.

Commenting on the company’s mission, Vincent Cook, founder and CEO of Cyb3r Operations, said many of today’s cybersecurity challenges stem not only from increasingly sophisticated threats, but also from internal processes that prevent organisations from clearly understanding where risk sits. He added that effective risk management requires continuous detection, assessment and response as relationships and dependencies evolve.

The funding will support platform expansion, further development of threat intelligence capabilities, and broader adoption by organisations managing third-party and supply-chain cyber risk.