After suffering the world’s first nationwide cyberattack in 2007, Estonia effectively said “never again” and turned cybersecurity into a national sport. Today, it hosts the NATO Cooperative Cyber Defence Centre of Excellence and has given rise to a generation of startups that view security not as a compliance checkbox, but as a prerequisite for sovereignty.
The ecosystem here is defined by deep cooperation between the state and the private sector. These startups are building the verification layers, cyber ranges, and autonomous defence systems that protect critical infrastructure globally. Here are the 10 Estonian cybersecurity startups you need to know in 2025.
Veriff
In a world where deepfakes can open bank accounts, Veriff is the ultimate bouncer. Founded by Kaarel Kotkas in 2015, the company has established itself as the global standard for identity verification (IDV). Unlike simple photo-matching tools, Veriff’s behavioural fraud engine analyses thousands of data points, from network latency to the user’s gyroscope movements, to ensure a real human is present. Valued at over $1.5 billion, they are now protecting everything from Metaverse avatars to cryptocurrency exchanges, ensuring that the digital world remains tethered to physical reality.
Salv
Financial crime is a team sport; criminals share tools and intelligence instantly. Banks, historically, have fought back in silos. Salv, founded by former Wise and Skype compliance leads (Taavi Tamkivi, Jeff McClelland, Sergei Rumjantsev), flips this dynamic. Their “Salv Bridge” platform enables financial institutions to share tactical intelligence in real-time legally. If a fraudster attempts to hit a bank in Tallinn, the signature is instantly flagged to a fintech in London. It’s a collaborative defence network that has reportedly helped partners recover up to 80% of stolen funds.
CybExer Technologies
How do you train for a cyberwar? You simulate it. CybExer Technologies builds Cyber Ranges, essentially massive, virtual battlefields where IT teams can practice defending against live-fire attacks. Their technology creates digital twins of critical infrastructure (like a power grid or a bank’s server), allowing teams to experience the stress of a ransomware attack without the real-world consequences. Having recently secured funding from SEB to expand, they are the go-to training ground for NATO allies and critical infrastructure providers.
RangeForce
While CybExer focuses on massive simulations, RangeForce focuses on the individual soldier. They offer a cloud-based cybersecurity gym for IT professionals. Their platform gamifies security training, enabling developers and SOC analysts to enhance their skills by defending against simulated attacks in a browser-based environment. It democratises elite training, ensuring that even mid-sized companies can have teams as sharp as a nation-state’s cyber unit.
Guardtime
If data is the new oil, Guardtime is the refinery that ensures it hasn’t been tampered with. They are the pioneers of Keyless Signature Infrastructure (KSI) blockchain technology. Unlike cryptocurrencies, their blockchain is used to verify the integrity of networks, systems, and data. They work with heavy hitters like the European Space Agency and the World Health Organisation (WHO), ensuring that vaccine certificates and satellite trajectories are mathematically proven to be authentic and unaltered.
DefSecIntel Solutions
The war in Ukraine changed the surveillance landscape overnight. DefSecIntel Solutions, led by Jaanus Tamm, operates at the bleeding edge of AI-driven surveillance. They build autonomous monitoring stations and drones equipped with AI that can detect and classify threats (like vehicles or drones) at the border. Their “SurveilSPIRE” system is essentially a robot sentry that can be deployed anywhere, providing a digital perimeter for nations and critical assets. They are rapidly scaling to meet defence needs across Europe.
Patchstack
The web runs on WordPress, and hackers are aware of it. Patchstack is the red team for the open-source web. Founded by Oliver Sild, they have built a community of ethical hackers who find vulnerabilities in WordPress plugins. Patchstack then virtual patches these holes for their users before the official developers even release a fix. It’s a proactive security layer that protects millions of websites from the supply-chain attacks that plague the open-source ecosystem.
Binalyze
When a cyberattack happens, speed is everything. Binalyze is the CSI unit for the digital age. Their AIR platform automates digital forensics and incident response (DFIR). Instead of an analyst spending days manually collecting evidence from a compromised laptop, Binalyze can remotely acquire a forensic image in under 10 minutes. This allows security teams to identify the patient zero of an attack almost instantly, drastically reducing the dwell time of attackers in a network.
RebelRoam
Public Wi-Fi on trains and buses is notoriously insecure and slow. RebelRoam fixes both problems. While primarily known for optimising Wi-Fi traffic to reduce data costs for transport operators, their technology significantly enhances security by filtering traffic and preventing passengers from accessing malicious sites. It’s a specialised, niche player that secures the digital experience for millions of commuters travelling across Europe every day.
Sentinel
Disinformation is a form of cyberattack targeting the cognitive domain. Sentinel, founded by Johannes Tammekänd, started with a mission to use AI to detect deepfakes and information warfare. While the company has pivoted and evolved, navigating the complex truth tech market, its core DNA represents Estonia’s forward-thinking approach to cognitive security, protecting the democratic process itself from digital manipulation and synthetic media.