More than seven out of ten Nordic IT leaders see a growing need to strengthen their cybersecurity strategy, but many are not equipped to take the next step. A new report from GlobalConnect shows that four out of ten lack sufficient resources to meet the challenges of the future – where both new regulations such as NIS2 and emerging technologies place higher demands on structure, competence and leadership.

The report is based on interviews with 225 IT and security managers in Sweden, Norway and Denmark and focuses on how organizations are preparing in practice for a more complex future security landscape – where technology, regulations and internal capabilities play a crucial role.

Five insights that stand out in the report:

Advertisement

• 71% of IT managers in the Nordics believe their cybersecurity efforts need to be strengthened
• 40 % states that they lack resources to meet the demands they themselves have identified
• 53 % sees NIS2 and other regulatory changes as one of the most important drivers
• Only 21 % have a strategy for managing security risks associated with quantum technology
• 1 in 3 state that there are deficiencies in the organization's cybersecurity skills

Need for both technology and leadership

– It is clear that more and more people realize the importance of investing in security, but the report also shows that many still struggle to translate this insight into concrete actions. We need both technology and leadership to prepare for a more complex threat landscape, says Anna Granö, EVP B2B at GlobalConnect.

More than one in four IT managers say they do not know whether their organization is covered by the NIS2 directive. This shows that the regulations are not always fully known or implemented in their operations, which can affect preparations for future requirements.

– Many organizations still do not have a full overview of which rules apply or how they affect their own operations. NIS2 places strict demands on both structure and responsibility – and meeting them requires the right expertise and long-term planning. Furthermore, few are aware that suppliers to NIS2-classified operations are also covered by the directive, says Søren Gjevert Petersen, Senior Director Security Services at GlobalConnect.

Sweden stands out in Nordic comparison
The report shows that Swedish IT managers face particularly big challenges. Only 7 percent say they have sufficient resources to future-proof their cybersecurity – the lowest figure in the entire Nordic region. Swedish respondents also express the greatest uncertainty about whether their organization is covered by NIS2, and trust in management’s understanding of cybersecurity is significantly lower than in Denmark and Norway.

At the same time, the responses show that Swedish businesses have a high level of awareness of the changes required – but the path to get there is perceived as uncertain and resource-intensive.

About GlobalConnect's IT-Insights report series

The interim report is the third in GlobalConnect's ongoing series on IT in the Nordics and this time focuses on future-proofing – how IT leaders work to not only manage today’s threats, but stand strong against tomorrow’s demands. Cybersecurity is a main theme, but the report also touches on leadership, skills needs and regulatory challenges.

Read more and download the report here.