Cyber resilience a necessity - but Swedish companies are lagging behind

This opinion piece was published in Current Security July 14, 2025.

Sweden is one of the most digitized countries in the world - but among the least prepared when threats materialize. Too few Swedish companies have built the necessary cyber resilience. Five crucial characteristics separate the resilient from the vulnerable, writes Jonas Hasselberg, President and CEO of Omegapoint.

Sweden has recently been thrown into digital turmoil. Repeated cyber attacks have knocked out SVT's news feed and led to disruptions elsewhere in the digital society. The Prime Minister was quick to comment that Sweden is under attack and that the threat to our most basic societal functions is serious. The threat that was previously considered exceptional has become commonplace for many businesses. In the latest edition of Swedish Safety Index as many as 79% of decision-makers in critical operations state that the threat to Sweden is serious or very serious. At the same time, we see a growing gap between the vulnerability of organizations and their actual security capabilities. Digital reality is outpacing many.

It is no longer a question of if an attack happens - but when - and how well the organization is equipped to recover. The answer is cyber resilience: the ability to quickly return to normal operations after a digital disruption. Yet, a global mapping out of 1 500 organizations in 14 countries, only 7% have achieved this. This is a figure that should worry policy makers and business leaders alike in Sweden, a country that is one of the most digitized in the world, but where cybersecurity has lagged behind its ambitions.

A well-functioning security strategy is not a barrier to innovation - quite the contrary.

Cyber resilience does not happen by itself. It requires strategic decisions, investments and culture building where security is not seen as a technology, but as a foundation for long-term business survival and competitiveness. That's why we've identified five key characteristics of cyber resilient companies - lessons that Swedish businesses should also learn:

Cybersecurity is integrated into the business - from the start

In resilient organizations, management understands that cybersecurity is not an IT issue - it is a business-critical issue. Cybersecurity efforts are fully embedded in the company's business objectives with a strategic rather than reactive approach.

Proactive investment against next generation attacks

While many companies are still trying to fend off traditional phishing attacks, resilient players have already armed themselves against smishing, quishing, software supply chain breaches and AI-driven threats. They are investing in incident response, threat analysis, zero-trust architecture and machine learning for pattern recognition, as a preventive measure.

AI are both threats and tools

Resilient actors know that AI has a two-way power. They do not rely solely on traditional protections but actively leverage AI in their own cyber protections. They combine human expertise with machine analysis to quickly identify anomalies, anticipate attacks and act before the damage is done.

Safety culture is embedded throughout the organization

Cyber-resilient companies have a culture where every employee, from the front desk to the boardroom, understands their role in security. Incident reporting is encouraged, training is regular and management takes responsibility for driving change.

They dare more - thanks to their protection

A well-functioning security strategy is not a barrier to innovation - quite the contrary. The most resilient companies are also the most innovation-driven. They dare to launch new digital services, enter uncertain markets and take technological leaps because they know their digital backbone will hold up.

There are no shortcuts to cyber resilience. More and more Swedish decision-makers are realizing that digital risks can no longer be managed with one-off interventions or fire brigade calls. We can see that maturity is increasing but also the realization of the shortcomings.

To face the threats of the future, a high level of digitalization is not enough. We need to build security with the same systematic approach as we build businesses. It requires investment, commitment and leadership that clearly prioritizes resilience throughout the organization.

It is no exaggeration to say that cyber resilience has become a matter of national competitiveness. In a context where cyber attacks can knock out power grids, healthcare infrastructure or manufacturing chains, resilience is a foundation for both the economy and democracy.

Jonas Hasselberg
President and CEO
Omega points