Sweden’s corporate readiness against cyber threats has improved slightly over the past year, according to Cisco’s annual Cybersecurity Readiness Index. However, in one of the most critical areas — artificial intelligence (AI) — Swedish companies lag behind their peers.
Negative findings in last year’s report
Over the past year, Sweden’s cybersecurity preparedness for both business and society has been a hot topic. In spring 2024 Cisco published a global readiness report where Sweden stood out negatively on several measures. Swedish organisations appeared less prepared to handle cyberattacks and showed a higher level of overconfidence in their capabilities than many other European countries.
A volatile world — new figures for 2025
Cisco has now published the 2025 edition of the study amid an equally uncertain global environment, after a number of large-scale attacks continued to cause damage and disruption to businesses, public sector organisations, authorities and civil society.
About the Cisco Cybersecurity Readiness Index
The Cisco Cybersecurity Readiness Index, now released for its third year, is based on responses from more than 8,000 business leaders and cybersecurity professionals across 30 countries.
AI protection falling behind
One area where Sweden underperforms compared with the European average is AI — arguably the most topical and complex issue in today’s threat landscape. The rapid development of AI technologies gives attackers access to new and powerful criminal tools.
AI used by criminals — and also as defence
When it comes to understanding AI-related threats and risks, Sweden sits near the bottom of the European ranking, while 84 percent of organisations reported AI-related incidents during the past year, such as AI-generated phishing attempts.
“That is a very high figure, but it is not surprising…” – Henrik Bergqvist, Cisco Sweden
AI threats expected to rise in 2025
“So far we have mainly seen AI used to simplify and enhance traditional cyberattacks…” – Henrik Bergqvist
Skills shortage hinders AI security
AI is not only a tool for criminals; it also enables more advanced and powerful defensive solutions. The report finds, however, that Swedish organisations deploy AI-based security measures less frequently than most other European countries.
Lack of resources and experts
A central factor is a shortage of skilled personnel: 62 percent of Swedish companies are uncertain whether they have sufficient resources and expertise to assess AI threats, and 60 percent report having ten or more vacant positions within their cybersecurity teams.
Three in four expect attacks
The report also examines past incidents and future concerns. Seventy-six percent of Swedish organisations expect to experience a cyberattack severe enough to cause disruption within the next 12–24 months. In 2024, 46 percent experienced cyberattacks that caused operational disruption.
How cybersecurity is assessed
The study evaluates organisations’ cyberdefence capabilities across five criteria: identity controls, network resilience, device trustworthiness, cloud security practices, and AI-related knowledge and the use of AI for defence. Organisations receive a rating on a four-level scale.
Sweden’s standing in European comparison
In Sweden, a large majority of companies — 80 percent — fall into one of the two lower rating categories: 13 percent in the lowest category and 67 percent in the second-lowest, while 20 percent occupy the two highest categories. This is a modest improvement compared with 2024, placing Sweden roughly mid-table among the European countries included in the survey.
Bright spots in the statistics
One positive detail is that Sweden has a slightly larger share of respondents in the highest category than other European countries: 6 percent are rated at the top level.
“The results show that we have the potential to lead in cyber readiness…” – Henrik Bergqvist
Selected statistics
- Rating distribution for Sweden: highest 6%, second-highest 14%, second-lowest 67%, lowest 13%.
- 84 percent experienced an AI-related cyber incident in 2024.
- Only 35 percent are confident their employees understand AI threats.
- 76 percent expect a serious attack within 12–24 months.
- 93 percent plan to increase cybersecurity investments, but only 33 percent allocate more than 10% of their IT budget to security.
- 78 percent consider the lack of cybersecurity expertise a problem.
- 83 percent have employees who regularly use unprotected devices.
- 60 percent have ten or more vacant cybersecurity positions.