CBN ATLAS SECURITY
No System
Access Required
GDPR-Compliant
Monitoring
Trusted by
DACH SMBs
First Report
Within 48 Hours
ABOUT CBN GROUP
207 days
Median time before a breach is internally detected — nearly seven months of undetected access
Sources: IBM Cost of a Data Breach Report 2024
8B+
Business credentials actively circulating on dark web markets from known breach databases
Sources: Verizon DBIR 2024
82%
Median time before a breach is internally detected — nearly seven months of undetected access
Sources: ENISA Threat Landscape for SMEs.
Two cases. Neither made headlines.
A mid-sized accounting firm in Germany discovered — through a routine supplier call — that invoices had been redirected over a three-month period. The entry point was a finance manager’s email password, leaked in a breach at a third-party payroll platform eight months earlier. The firm had no way of knowing the credential was circulating. Total exposure: over €90,000 before the redirection was identified.
A Swiss legal practice learned of a client data breach only when the regulator contacted them. A partner’s credentials had appeared in a leak months earlier and were used to access a shared document repository. The firm had appropriate internal IT support. What they lacked was any visibility into what had already been exposed outside their systems. The regulatory process that followed took eleven months to resolve.
HOW IT WORKS
Every finding is:
verified
assessed for real-world risk
translated into specific actions
01
Monitor
We register your company domain and business email addresses against continuously updated dark web sources, credential databases, and criminal marketplaces. Scanning runs around the clock.
02
Detect
When a match is found, we verify the finding before alerting you. We assess severity, confirm the data is current, and contextualise the risk. You receive signal, not noise.
03
Report & Advise
You receive a structured written report in plain business language — findings, risk classification, and specific next steps. Not a technical summary. A clear action plan.
No technical interpretation required.
No delay between discovery & action.
What’s iNCLUDED
Everything you need to stay informed. Nothing you do not.
Your subscription includes the full monitoring, reporting, and advisory service — on an ongoing basis, with no technical requirements on your side.
Continuous domain and email monitoring
Scanned around the clock against live breach databases
and dark web sources
Immediate alerts for significant findings
Delivered directly by email with context, risk level, and
recommended actions
Monthly written reports
Structured PDF covering monitoring activity, any findings, risk classification, and a plain-language action plan
No installation or system access
The entire service runs externally; there is nothing to set up or maintain on your infrastructure
GDPR compliance documentation
On request, we provide records suitable for data processing registers and audit trails
ABOUT CBN GROUP
Dark web monitoring tells you what has already leaked. But in many of the most damaging incidents, the entry point was not a technical vulnerability — it was a staff member who did not recognise an attack.
A convincing invoice request. A spoofed login page. A supplier impersonation by email. These succeed because the person receiving them had no frame of reference to question them.
Simulated Phishing Campaigns
Realistic test emails using current attack patterns. Results show — privately — who clicked, who reported, and who entered data. The goal is education, not exposure.
SMS Phishing (Smishing)
Mobile-targeted scenarios where vigilance is typically lower. Mirrors real-world attacks on personal and work devices.
Spear Phishing Simulations
Targeted scenarios built using publicly available information about your company or staff — the most realistic and revealing simulation type.
Debriefs & Awareness Sessions
After each simulation, staff receive clear feedback on what the test was, what the red flags were, and how to respond correctly in future. No blame. No public results.
Written Security Awareness Guide
A plain-language reference document covering the most common attack types and how to recognise them. Designed to be kept and used, not filed and forgotten.
Quarterly Re-Testing
Awareness built in a single session fades within weeks. Quarterly re-testing keeps the topic present and the response instinctive — without becoming disruptive.
WHO IT'S FOR
Law Firms & Legal Practices
Client confidentiality is both a professional obligation and a legal one. A data breach can trigger bar association proceedings, civil claims, and loss of client trust that is difficult to recover.
Accounting & Tax Advisory Firms
Financial records and tax data are among the most targeted categories in credential theft. Exposure creates direct compliance risk with supervisory authorities — and liability to clients.
Healthcare Practices & Clinics
Patient data is subject to some of the strictest protection requirements in law. Any breach must be reported, and GDPR fines in this category are consistently among the highest issued.
Logistics & Trade Companies
Exposed business email accounts are the primary entry point for invoice fraud and supplier impersonation. In logistics, a single intercepted payment instruction can mean tens of thousands of euros lost.
Financial Services & Insurance Brokers
Additional divisions are in development — each passing the same test: a real B2B problem, a recurring revenue model, & a market where trust is the competitive advantage.
Professional Service SMBs
Any firm that handles client data, runs sensitive communications over email, or holds confidential information has an exposure it may not have measured. That is the starting point.
PLANS & PRICING
All plans include continuous dark web monitoring, monthly written reporting, and direct alert notifications. The differences lie in coverage depth, monitoring frequency, and the inclusion of employee awareness services.
Starter
Billed monhtly
CHF 299
Professional
Billed monhtly
CHF 549
Enterprise
Billed monhtly
CHF 899
1
Upto 3
Upto 10
Up to 25
Upto 100
Unlimited
Weekly
Daily
Real-Time
✔️
✔️
✔️ Priority
-
1x per quarter
Monthly, customised
-
Basic Guide
Employee Training
On Request
Included
Included + tailored
-
-
✔️
Self-service
Assisted call
Full session
Monthly
Monthly / Annual
Annual (custom)
All prices are monthly, excluding VAT where applicable. Annual billing on Professional and Enterprise plans at a 10% discount. Enterprise pricing is negotiated individually for organisations with complex requirements or multiple entities.
WHY TRUST THIS SERVICE
No software installation
Nothing to configure, maintain, or update on your infrastructure
No credentials required
We do not ask for passwords, admin access, or VPN connections at any point
GDPR-compliant by design
We process only your domain name and business email addresses, provided explicitly for monitoring
Onboarding in 30 minutes
A single video call is all that is needed to activate the service
Methodology you can examine
We explain what we monitor, how we verify findings, & how we classify risk. Nothing is a black box.
Swiss-based management
Egistered and managed in Switzerland, subject to Swiss data protection law
GETTING STARTED
1
Request your free domain check
No commitment, no invoice, nothing to install.
2
Receive a written report within 48 hours
Showing whether any data linked to your domain has appeared in known breach sources. You will have the information whether or not you proceed further.
3
If findings warrant a conversation
Or you simply want to understand the results — we schedule a 30-minute call. You ask the questions. We give direct answers.
4
If you decide to proceed
You receive a clean service agreement and a payment link. Monitoring begins on signature. No lengthy onboarding. No delay.
FREQUENTLY ASKED QUESTIONS
Do you need access to our systems?
How does dark web monitoring actually work?
What happens if you find something?
Is this GDPR-compliant?
How long does onboarding take?
What are phishing simulations and are they disruptive?
We already have IT support. Do we still need this?
Can we cancel at any time?
The free domain check requires nothing except your company domain name. No commitment, no invoice, no technical knowledge. Within 48 hours, you have a written report.
If the report is clear — you have verified something most businesses leave unchecked. If it shows findings — you have the information you need, while you still have time to act on it. Every week a leaked credential goes unmonitored is another week someone else may be acting on it.