Cyberattacks on Swedish organizations are increasing sharply according to new data from Check Point Research. Swedish authorities and public organizations were exposed to an average of over 2,700 attacks per week during September, making the public sector the most vulnerable industry in the country. At the same time, the threat landscape is growing rapidly in healthcare, where cybercriminals are exploiting the vulnerabilities of digitalization and the lack of resources.
The Swedish public sector is in an increasingly vulnerable position. Authorities, municipalities and regions handle enormous amounts of sensitive information every day – from personal data to critical infrastructure and financial transactions. According to Check Point Research is cyberattacks Swedish organizations now at the highest level since measurements began, and the threats are becoming both more frequent and more sophisticated.

The fact that the Swedish public sector is exposed to more attacks than any other industry is worrying, says Fredrik Sandstrom, security expert at Check Point Software. Cybercriminals are targeting businesses with large amounts of personal data and critical information. The public sector must therefore work more proactively and detect threats before they have time to strike.
Healthcare is becoming an increasingly attractive target
Healthcare is the second most affected sector, with close 2,500 attacks per week, according to the report. This is a significant increase from the previous month. The rapid digitalization of healthcare – with electronic medical records, remote care and AI-supported diagnostics – creates new attack points that cybercriminals are exploiting.
Vulnerability is further exacerbated by legacy IT systems, poor security practices and a high reliance on continuous operations. A single incident can have major consequences for patient safety and trust in healthcare. Checkpoint highlights that cybercriminals often see healthcare as an “easy target” because businesses are forced to restore systems quickly – which increases the risk of ransom payments being made in ransomware attacks.
Generative AI creates new security risks
One of the most worrying trends in the report concerns generative AICheck Point has analyzed how companies and organizations use AI tools globally and notes that approximately two out of a hundred AI commands contain sensitive information, such as customer data, internal instructions or source code.
For Swedish authorities and regions – which handle enormous amounts of personal data in healthcare, education and social services – this means that protected information risks being leaked. the organization's own systems when fed into external AI services. According to Check Point, this concerns over 90 percent of organizations who use generative AI regularly.
The risk is particularly high when staff do not have clear guidelines on how AI tools can be used. Many employees input information into open AI services that ChatGPT, Copilot or Gemini without understanding that the data may be stored outside the organization's control. Therefore, it is necessary cyberattacks Swedish organizations seen in a broader context where AI management is also included in the cybersecurity strategy.
Need for national coordination and clear guidelines
To meet the increasing threat landscape, both technical protection and awareness work are required. Check Point recommends that Swedish organizations invest in multilayer security solutions, continuous training and AI-specific policies.
It's not just about stopping attacks, but about building resilience – to be able to quickly detect, isolate and recover from incidents. A combination of proactive threat hunting, network segmentation and secure AI use will be crucial in the future.
We see a clear shift where AI both used as a tool for defense and as a weapon by attackers, continues Sandstrom. Organizations need strategies that protect both their people and their data in this rapidly changing digital environment.
A growing responsibility for Swedish decision-makers
The increasing frequency of cyberattacks Swedish organizations underlines the need for national coordination and long-term investments in cybersecurity. In addition to authorities and regions, schools, universities and state-owned companies that manage critical infrastructure are also affected.
Cyber threats against Sweden are becoming increasingly advanced and require collaboration between government, industry and research. Check Point urges decision-makers to act quickly – not only to protect data, but to preserve citizens' trust in digital well-being.
For more information, visit Check Point Software's blog: https://blog.checkpoint.com/security/global-cyber-threats-september-2025-attack-volumes-ease-slightly-but-genai-risks-intensify-as-ransomware-surges-46/








