More than half of all large companies in Scandinavia have been subjected to cyberattacks in the past two years, and 20 percent of IT managers in public sector organizations assess that employees' security knowledge is low. These are some of the results in GlobalConnect's new report on cybersecurity, which is based on interviews with 225 IT managers in Sweden, Norway and Denmark. The report shows major challenges in security work and in particular an increased vulnerability in Sweden.
Cyber threats are growing – “almost greater risk of being attacked than of avoiding it”
The number of cyberattacks and threats against businesses and public organizations is growing steadily. According to Anna Granö, EVP B2B at GlobalConnect, the report’s findings are therefore not unexpected. “All statistics show that attacks are increasing every year. Today’s reality is that you almost run a greater risk of being attacked than of avoiding it. What really matters is how prepared you are and how quickly you can restore your systems if an attack occurs,” says Granö.
According to a report from Cybersecurity Ventures The global cost of cybercrime is expected to reach $10.5 trillion annually by 2025, underscoring the importance of companies being prepared. The GlobalConnect survey also shows that 4 in 10 IT leaders see a need for enhanced resources to achieve the desired level of security, while 12 percent see significant gaps in their current security solutions.
Shortcomings in supplier security can create major risks
A quarter of IT managers are concerned that their external suppliers do not maintain a sufficiently high level of security, which could put the security of the business at risk. In Sweden, uncertainty is greatest, where one in three IT managers is doubtful about the suppliers' security competence. According to Søren Gjevert Petersen, Director Security Services at GlobalConnect, transparency and control are crucial: “No chain is stronger than its weakest link, and this is especially true in security work. Full transparency and control over supplier security measures is more important than ever to protect the business.”
Examples of major security incidents linked to suppliers include: The SolarWinds hack 2020, which showed how vulnerabilities in a vendor's software can be exploited to infiltrate many organizations.
Differences between countries in views on cybersecurity
The report points to clear differences between the Nordic countries. In Sweden and Denmark, about half of IT managers believe that the organization's cybersecurity skills are satisfactory. In Norway, however, only a third believe that security knowledge among employees is up to par.
Denmark also stands out by prioritizing security more than other areas in its IT strategy. This higher priority means that Danish businesses often have a more systematic and structured security approach, which strengthens their preparedness against potential threats. According to ENISA, the EU's cybersecurity agency, strategic prioritization and cooperation between public and private actors are crucial to addressing threats at national level.
“The security challenges are broadly similar across the Nordic region, but there are some differences, especially in how security work is prioritized and structured,” says Anna Granö, EVP B2B at GlobalConnect. “It is encouraging to see that some countries, like Denmark, have a management level that gives cybersecurity a high priority"That insight makes a big difference when the threat landscape is constantly changing."
The need for continuous safety work and training
IT leaders see a clear need to raise the bar on security, not just through better solutions, but also by strengthening employee security skills. The report specifically points to the role of employees in security: 20 percent of IT leaders in the public sector and 12 percent in the private sector rate employee security knowledge as low or very low. Verizon's Data Breach Investigations Report 2023 also identifies that people's lack of security awareness is one of the leading causes of security incidents.
In addition, a full 45 percent of IT managers say management's IT skills are insufficient, which can make it difficult to prioritize necessary resources in security work. In Sweden also reports that almost every fourth IT manager that security problems are sometimes difficult to handle with the resources available.
Conclusion
The conclusion of the report is clear: IT managers across Scandinavia face a complex challenge where they must both meet an increasing threat landscape and engage their organizations in security work. This means ensuring employee competence while management gains a deeper understanding of the resources required to protect your business against cyberattacks.
About the survey
The survey was conducted by Demoscope on behalf of GlobalConnect. Data collection was carried out using a combined method that included both qualitative and quantitative elements through telephone interviews. The target group consisted of IT managers and security managers working in Nordic and/or national level in companies with 150 or more employees, active in the markets in Sweden, Norway and Denmark.








