More than half of large companies in Scandinavia have experienced cyberattacks in the past two years, and 20 percent of IT managers in the public sector rate their employees’ security knowledge as low. These are some of the findings in GlobalConnect’s new cybersecurity report, based on interviews with 225 IT leaders in Sweden, Norway and Denmark. The report highlights major challenges in security work, and points to an increased vulnerability in Sweden.
Cyber threats are growing – “almost more likely to be attacked than to avoid one”
The number of cyberattacks and threats against businesses and public agencies is steadily rising. According to Anna Granö, EVP B2B at GlobalConnect, the findings are unsurprising: “All statistics show that attacks increase every year. Today’s reality is that you are almost more likely to be targeted by an attack than to escape one. What really matters is how prepared you are and how quickly you can restore your systems if an attack occurs,” Granö says.
Global estimates underline the scale of the problem: Cybercrime costs are projected to reach trillions of dollars annually, which makes preparedness essential. The GlobalConnect survey also finds that 4 in 10 IT managers feel they need more resources to reach the desired security level, while 12 percent see significant shortcomings in their current security solutions.
Supplier security gaps can create large risks
One quarter of IT managers are worried that their external suppliers do not maintain a sufficiently high level of security, potentially jeopardizing their organization’s protection. In Sweden the uncertainty is greatest: one in three IT managers doubts their suppliers’ security competence. Søren Gjevert Petersen, Director Security Services at GlobalConnect, stresses the importance of visibility and control: “A chain is only as strong as its weakest link, and that is particularly true in security work. Full transparency and control over suppliers’ security measures are more important than ever to protect operations.”
High-profile incidents tied to supplier vulnerabilities illustrate the risk: attacks that exploited a supplier’s software have been used to infiltrate many organizations, showing how third-party weaknesses can cascade across industries.
Differences between countries in views on cybersecurity
The report highlights clear differences between the Nordic countries. In Sweden and Denmark roughly half of IT managers consider their organization’s cybersecurity competence satisfactory. In Norway, however, only about one-third believe employees’ security knowledge is up to standard.
Denmark stands out for placing a higher priority on security within its IT strategy. This emphasis often results in a more systematic and structured approach to security in Danish organizations, strengthening their readiness against potential threats. Strategic prioritization and cooperation between public and private actors are crucial for managing national-level threats.
“Overall, the security challenges are similar across the Nordics, but there are differences, especially in how security work is prioritized and structured,” says Anna Granö. “It is encouraging to see some countries, like Denmark, where leadership gives cybersecurity high priority. That focus makes a big difference when the threat landscape is constantly changing.”
Need for continuous security work and training
IT managers clearly see the need to raise security levels, not only through better technical solutions but also by strengthening employees’ security competence. The report emphasizes the role of staff: 20 percent of IT leaders in the public sector and 12 percent in the private sector rate employee security awareness as low or very low. Industry breach reports also identify lack of employee security awareness as a key cause of incidents.
Furthermore, 45 percent of IT managers believe executive IT competence is insufficient, which can hinder prioritization of necessary security resources. In Sweden nearly one in four IT managers say security problems are sometimes difficult to handle with the resources available.
Conclusion
The report’s conclusion is clear: IT leaders across Scandinavia face a complex challenge of meeting a growing threat landscape while engaging their organizations in effective security work. This requires ensuring employees have the right skills and that leadership gains a deeper understanding of the resources needed to protect the organization from cyberattacks.
About the survey
The survey was conducted by Demoskop on behalf of GlobalConnect. Data collection combined qualitative and quantitative methods and included telephone interviews. The target group consisted of IT managers and security officers operating at a Nordic and/or national level in companies with 150 or more employees active in the Swedish, Norwegian and Danish markets.