More than seven out of ten IT leaders across the Nordics see a growing need to strengthen their cybersecurity strategies, yet many are not prepared for the next step. A new report from GlobalConnect shows that four out of ten lack the necessary resources to meet future challenges—where new regulations like NIS2 and emerging technologies demand greater structure, skills and leadership.
The report is based on interviews with 225 IT and security leaders in Sweden, Norway and Denmark and focuses on how organizations are practically preparing for a more complex security landscape—where technology, regulation and internal capabilities all play decisive roles.
Five key findings highlighted in the report:
- 71% of IT leaders in the Nordics believe their cybersecurity efforts need to be strengthened
- 40% report they lack the resources to meet the needs they themselves have identified
- 53% see NIS2 and other regulatory changes as one of the main drivers for action
- Only 21% have a strategy to manage security risks related to quantum technology
- One in three report gaps in their organization’s cybersecurity skills
Need for both technology and leadership
“It’s clear that more organizations recognize the importance of investing in security, but the report also shows many still struggle to turn that awareness into concrete actions. We need both technology and leadership to prepare for an increasingly complex threat environment,” says Anna Granö, EVP B2B at GlobalConnect.
More than one in four IT leaders say they do not know whether their organization falls under the NIS2 directive. This indicates that regulations are not always fully understood or implemented within organizations, which can affect preparedness for future requirements.
“Many organizations still lack a complete overview of which rules apply and how they impact the business. NIS2 imposes strict demands on both structure and accountability—and meeting those demands requires the right skills and long-term planning. Few realize that suppliers to NIS2-classified organizations are also covered by the directive,” says Søren Gjevert Petersen, Senior Director Security Services at GlobalConnect.
Sweden stands out in the Nordic comparison
The report shows Swedish IT leaders face particularly significant challenges. Only 7% state they have sufficient resources to future-proof their cybersecurity—the lowest figure in the Nordics. Swedish respondents also express the greatest uncertainty about whether their organization is covered by NIS2, and confidence in senior leadership’s understanding of cybersecurity is notably lower than in Denmark and Norway.
At the same time, responses indicate that Swedish organizations are highly aware of the changes required, but the path to achieving them is perceived as uncertain and resource-intensive.
About GlobalConnect’s IT-Insights report series
This sub-report is the third installment in GlobalConnect’s ongoing series on IT in the Nordics and focuses this time on future-proofing—how IT leaders are working not only to handle today’s threats but to be resilient against tomorrow’s demands. Cybersecurity is a central theme, and the report also addresses leadership, skills needs and regulatory challenges.
Read more and download the report from GlobalConnect’s site.