Best Cybersecurity Companies in Croatia (Updated 2026)
Croatia's cybersecurity industry has matured into a credible European hub. Here's a comprehensive guide to the best local firms for penetration testing, managed security, compliance, and more.
Croatia’s cybersecurity market has grown significantly over the past five years. Driven by EU NIS2 compliance requirements, a booming digital economy, and strong technical talent from universities in Zagreb, Split, and Rijeka, the country now supports several world-class security firms that compete on the international stage.
Whether you are a Croatian enterprise seeking local expertise and language support, or an international company looking for a cost-effective European security partner, this guide covers the top firms operating out of Croatia in 2026.
Why Croatia for Cybersecurity?
Croatia joined the EU in 2013 and is fully subject to GDPR, NIS2, and the EU Cybersecurity Act — meaning local providers are well-versed in European regulatory requirements. The country also benefits from:
- Strong technical universities — University of Zagreb’s Faculty of Electrical Engineering and Computing (FER) produces well-trained security engineers
- Competitive pricing — significantly lower day rates than Western Europe with no compromise on quality
- EU data residency — work stays within EU jurisdiction, critical for regulated industries
- Growing startup and fintech ecosystem — local security firms have sharpened their skills on demanding clients
The Best Cybersecurity Companies in Croatia
Infigo IS
Specialty: Penetration Testing & Red Team | Location: Zagreb
Founded in 2009, Infigo IS is widely regarded as Croatia’s premier offensive security firm. Their team focuses on penetration testing, red team operations, vulnerability research, and hardware security. They are well known in the European security community for high-quality technical work and have published notable security research.
Infigo IS works with clients in banking, telecommunications, and government across the Adriatic region and Central Europe. If you need rigorous, manual penetration testing with real technical depth, they are the go-to Croatian firm.
Best for: Technical penetration tests, red team engagements, hardware security reviews
Diverto
Specialty: Penetration Testing & Red Team | Location: Zagreb
Diverto is a cybersecurity consulting firm that covers penetration testing, security architecture reviews, compliance consulting, and incident response. They serve enterprise clients across Croatia, Slovenia, and the broader Adriatic region, with particular strength in the financial services sector.
Their team has strong expertise in both offensive security and governance frameworks, making them a solid choice for companies that need both testing and compliance guidance in a single engagement.
Best for: Combined pentesting and compliance projects, financial sector clients
Span
Specialty: Managed Security / SOC-as-a-Service | Location: Zagreb
One of Croatia’s largest IT services companies, Span has built a mature managed security practice alongside their broader IT infrastructure business. With over 500 employees and offices throughout Croatia, they operate a 24x7 Security Operations Centre and provide managed detection and response for enterprise and public sector clients.
Span is the right choice for organisations that want a stable, well-resourced Croatian partner for ongoing security operations rather than one-off engagements.
Best for: Managed security, SOC services, long-term security partnerships
KING ICT
Specialty: Managed Security / SOC-as-a-Service | Location: Zagreb
KING ICT is one of Croatia’s major IT services integrators with a dedicated cybersecurity division. They deliver network security architecture, identity and access management, compliance projects, and managed security operations for large enterprise and government clients throughout Southeast Europe.
Their scale and partnerships with major security vendors (Cisco, Fortinet, Microsoft) make them a strong choice for complex enterprise environments that need both product deployment and managed services.
Best for: Enterprise infrastructure security, government clients, Southeast Europe coverage
Trikoder
Specialty: AppSec & DevSecOps | Location: Zagreb
Trikoder is a software and security consultancy with deep expertise in application security, DevSecOps, and cloud-native security. They stand out for their ability to embed security into the software development lifecycle — running secure code reviews, threat modelling workshops, and CI/CD security integration.
They are particularly well suited to SaaS companies, fintechs, and tech startups that need security baked in from the start rather than bolted on at the end.
Best for: Application security, DevSecOps, tech companies and SaaS startups
CARNET / hr-CERT
Specialty: National CERT / Incident Coordination | Location: Zagreb
The Croatian Academic and Research Network (CARNET) operates hr-CERT, Croatia’s national Computer Emergency Response Team. While primarily serving academic institutions and coordinating national-level incident response, CARNET/hr-CERT also publishes security advisories, vulnerability information, and guidance relevant to all Croatian organisations.
NIS2-regulated entities in Croatia should stay closely connected with hr-CERT for mandatory incident reporting and national threat intelligence.
Best for: National incident coordination, public sector, NIS2 reporting obligations
How to Choose the Right Croatian Security Partner
When evaluating Croatian cybersecurity firms, consider these factors:
- Scope of engagement — Infigo IS and Diverto for one-time offensive testing; Span and KING ICT for ongoing managed services; Trikoder for application security
- Industry expertise — ask specifically about clients in your sector (banking, healthcare, energy) and relevant certifications
- Certifications — look for OSCP, CEH, CISA, ISO 27001 Lead Auditor credentials on the team
- Language and reporting — most Croatian firms produce reports in both Croatian and English
- NIS2 readiness — if you are a regulated entity, confirm the firm has helped clients through NIS2 compliance assessments
Not Sure Which One to Hire?
That’s exactly what we’re here for. We scope your security requirement, evaluate fit across our network of verified vendors — including all the Croatian firms above — and introduce you to the best match. The service is free for you. Book a scoping call and we’ll handle the rest.