Cyberattacks against Swedish organizations have surged sharply, according to new data from Check Point Research. In September, Swedish government agencies and public services faced an average of more than 2,700 attacks per week, making the public sector the most targeted industry in the country. At the same time, the threat landscape in healthcare is rapidly worsening, as cybercriminals exploit vulnerabilities created by digitalization and limited resources.
The Swedish public sector is in an increasingly exposed position. Authorities, municipalities and regions handle large volumes of sensitive information daily — from personal data to critical infrastructure and financial transactions. According to Check Point Research, cyberattacks against Swedish organizations are at the highest level since tracking began, and threats are becoming both more frequent and more sophisticated.
That the Swedish public sector is targeted more than any other industry is worrying, says Fredrik Sandström, security expert at Check Point Software. Cybercriminals focus on organizations that hold large amounts of personal and critical information. The public sector must therefore take a more preventive approach and detect threats before they strike.
Healthcare becomes an increasingly attractive target
Healthcare is the second-most affected sector, with nearly 2,500 attacks per week according to the report — a sharp rise from the previous month. Rapid digitalization in healthcare — including electronic health records, telemedicine and AI-assisted diagnostics — creates new attack surfaces that cybercriminals exploit.
Vulnerability is further heightened by legacy IT systems, inadequate security routines and a heavy reliance on uninterrupted operations. A single incident can have major consequences for patient safety and trust in healthcare. Check Point highlights that cybercriminals often view healthcare as an “easy target” because providers must restore systems quickly, increasing the likelihood of ransom payments in ransomware attacks.
Generative AI introduces new security risks
One of the most concerning trends in the report involves generative AI. Check Point analyzed how organizations worldwide use AI tools and found that roughly two percent of AI commands contain sensitive information, such as customer data, internal instructions or source code.
For Swedish authorities and regions — which handle vast amounts of personal data across healthcare, education and social services — this means protected information risks leaving the organization’s systems when entered into external AI services. Check Point reports that this affects over 90 percent of organizations that use generative AI regularly.
Risk increases particularly when employees lack clear guidelines for AI use. Many staff members input information into public AI services like ChatGPT, Copilot or Gemini without realizing that data may be stored outside their organization’s control. Therefore, addressing cyberattacks against Swedish organizations requires a broader cybersecurity strategy that includes responsible AI governance.
Need for national coordination and clear guidelines
Meeting the growing threat requires both technical protections and awareness efforts. Check Point recommends that Swedish organizations invest in layered security solutions, ongoing training and AI-specific policies.
The goal is not only to stop attacks but to build resilience — the ability to quickly detect, isolate and recover from incidents. A combination of proactive threat hunting, network segmentation and secure AI use will be essential going forward.
We are seeing a clear shift where AI is used both as a defensive tool and as a weapon by attackers, Sandström continues. Organizations need strategies that protect both their people and their data in this fast-changing digital environment.
Growing responsibility for Swedish policymakers
The rising frequency of cyberattacks against Swedish organizations underscores the need for national coordination and long-term investment in cybersecurity. In addition to government agencies and regions, schools, universities and state-owned companies that manage critical infrastructure are affected.
Cyber threats to Sweden are becoming increasingly sophisticated and require cooperation between government, industry and research. Check Point urges decision-makers to act quickly — not only to protect data but to preserve citizens’ trust in digital public services.
For more information, consult Check Point Software’s blog post on the global cyber threat landscape.