ECP vs Cynomi: Which Fits Your Belgian MSP?
Cynomi is a vCISO platform built for MSPs and MSSPs. Easy Cyber Protection is a CyFun audit-readiness platform for Belgian MSPs. Both help you sell compliance services. The right one depends on what you actually deliver.
At a glance
| Cynomi | Easy Cyber Protection | |
|---|---|---|
| Target customer | MSPs / MSSPs running vCISO practices | Belgian MSPs serving SMEs |
| Geography | Global (HQ Israel) | Belgium-first (NL / FR / EN) |
| Pricing | Contact sales (not public) | Per-client by site size (XS €25 / S €75 / M €250 / L €825 / XL €2,750 / XXL €9,075) + one-time €400 MSP onboarding; billed annually |
| Framework focus | Multi-framework vCISO library | CyFun-native (CCB-aligned) |
| White-label branding | Yes | Yes |
| Integrations | Broad library (50+ per public coverage) | Microsoft Graph (planned), Sophos next |
| AI assistance | AI co-worker agents (launched Apr 2026) | TARS agent + AI document assistant |
| Belgian specifics | Not CyFun-native, no VLAIO guidance | CyFun tiers built-in, VLAIO-ready templates |
Sources: cynomi.com, public press coverage Apr 2026. Last verified 2026-04-22.
Where Cynomi fits better
- You run a formal vCISO practice with board reports, risk registers, and quarterly reviews
- Your clients span multiple frameworks (ISO 27001, SOC 2, HIPAA, NIST) and you want one tool across them
- Your portfolio is global or mid-market — not specifically Belgian SMEs
- Your pricing model absorbs higher platform costs — you charge €500+/month per client for vCISO work
- You want AI-driven advisory agents that propose prioritized controls at the strategy layer
Where Easy Cyber Protection fits better
- CyFun / NIS2 is the primary framework your clients need — Belgian CCB-native, not mapped on top of generic controls
- You serve Belgian SMEs and need NL / FR / EN materials with VLAIO kmo-portefeuille guidance built in
- You want predictable economics — one per-client fee by size (XS €25 / S €75 / M €250 / L €825 / XL €2,750 / XXL €9,075), no monthly base, billed annually upfront
- You prepare clients for a CAB audit without being (or hiring) a vCISO — the platform does the compliance heavy-lifting
- You want structured audit deliverables: signed CAB bundle (`.ecpbundle.zip`), branded PDF reports, SoA, register templates
The pricing math
Pricing shape matters. Cynomi's platform cost is not public — engagements typically fit the vCISO service economics of €500-2,000/month retainers per client. ECP charges the MSP on two axes (your scale × client size) plus a fixed base; the MSP sets their own client price on top.
Cynomi — indicative
- • Platform pricing: contact sales (not public)
- • Typical vCISO engagement: €500-2,000/month per client retainer
- • Usually bundled with MSP vCISO advisory services
- • Forecasting requires a quote per deal
Figures reflect general vCISO service pricing patterns reported in public coverage, not a confirmed Cynomi price list.
ECP — worked example (50-client portfolio, S-size avg)
- • One-time MSP onboarding: €400 (per partner, once)
- • Per-client (S-size, < 1k entities): 50 × €75 = €3,750 / month
- • Total recurring platform cost to MSP: €3,750 / month (billed annually upfront)
- • MSP charges client €200 / month (suggested range €100-400)
- • MSP revenue: 50 × €200 = €10,000 / month — gross margin ~€6,250 / month (~€75K / year)
- • Client's net cost after VLAIO kmo-portefeuille (MSP leverage): ~€110 / month
VLAIO kmo-portefeuille is the MSP's sales lever — the end client claims up to 45% back on the MSP's qualifying cybersecurity advisory invoice (35% for medium enterprises, up to €7,500 / year). It requires the MSP to be a VLAIO-approved cybersecurity advisor. ECP's platform fee itself is not subsidizable; the benefit flows through the MSP's service. All clients get the full feature set including AI and integrations from day one. Evaluate via the live demo (shared sandbox, no signup).
Where CyFun is recognized
ECP is built around the Belgian CCB's CyberFundamentals framework. That framing is valuable where CyFun is an official NIS2 compliance path — and less so where another framework is the norm. Public status, April 2026:
| Country / region | CyFun status |
|---|---|
| Belgium | Origin — CCB-issued national framework, official NIS2 compliance path |
| Ireland | Adopting CyFun as national assessment and certification scheme; joint owners with CCB (per NCSC.ie) |
| Other EU member states | Not an official NIS2 compliance path; compliance typically demonstrated via ISO 27001 or the national equivalent (BSI IT-Grundschutz, BIO, ANSSI, etc.). CyFun may still be used voluntarily as evidence of readiness. |
Sources: ccb.belgium.be, ncsc.gov.ie. Let us know if status has changed — we keep this table updated.
Common questions
Can I migrate from Cynomi to ECP, or the other way?
Both directions are workable but not one-click. From ECP: the signed CAB bundle (`.ecpbundle.zip`) exports every wiki page, evidence artifact, assessment, and register row in a structured ZIP you can hand to any successor tool. Into ECP from Cynomi: bring your policies and evidence as files; the wiki import accepts Markdown and common document formats. Budget a few hours of mapping work per client either way.
Can I use both — Cynomi for vCISO, ECP for CyFun delivery?
Yes, if the scopes are different. A common pattern: use Cynomi for vCISO advisory (strategic reviews, multi-framework risk posture) on larger clients, and ECP for CyFun audit-readiness delivery on Belgian SMEs where flat per-client economics make vCISO pricing impractical. The tools do not integrate today; you would run them side by side.
What about ISO 27001 and other frameworks?
ECP today is CyFun-native (Small and Basic YAML-implemented; Important and Essential awaiting official CCB verification). ISO 27001 is planned but not yet shipped. If your clients need ISO 27001 or SOC 2 certification today, Cynomi's broader framework library is the better fit. If your clients need CyFun for NIS2 readiness, ECP is purpose-built for it.
Get CyFun audit-readiness to your clients
If you are a Belgian MSP serving SMEs under NIS2, see how ECP fits your portfolio. Evaluate via the live demo (shared sandbox, no signup), then start per-client when you are ready.