This opinion piece was published in Industry Today on June 3, 2026.  

Cybersecurity needs to be elevated to the political mainstream now. Not after the next breach, and not after the next system disruption, but before the pace of threat development sets the framework for what is even possible to defend, writes Dan Bergh Johnsson, partner at Omegapoint. 

What is missing is not more strategies, but a clear political focus on pace, prioritization and responsibility in an environment where attacks are developing faster than the systems that are supposed to stop them, writes Dan Bergh Johnsson, partner at Omegapoint.

Sweden is heading towards elections in a situation where security dominates the agenda. Defense, energy and crime are being intensely discussed. But one of the most crucial issues is being left in the shadows, namely cybersecurity – even though it is precisely the one that now needs to be protected against increasingly advanced AI-driven attacks.

It is remarkable. Sweden is one of the world's most digitalized economies – and therefore also one of the most vulnerable. And now the threat landscape is fundamentally changing.

In April, Anthropic launched a new AI model that marks a breakthrough in several ways. The new thing is not that AI can identify vulnerabilities in code, as that type of functionality has existed for some time. The crucial thing is instead that the model can handle the entire chain: it can not only find a vulnerability and understand it, but also independently write code that exploits it in practice.

The third stage has so far been dependent on human intervention.

With the time from discovery to exploitation now at risk of shrinking from weeks to days, or even hours, the balance between attack and defense is changing fundamentally. Defense relies heavily on detecting, analyzing, and fixing vulnerabilities before they are exploited, while attacks rely on speed and surprise. With AI accelerating the entire process, this balance is clearly shifting in the attacker’s favor.

The fact that the technology is initially only being made available to a few players, including Apple, Google and Microsoft, shows how serious the development is considered to be. The reasoning is that these players should be given a head start to secure their systems before similar tools become more widespread.

The time window is estimated to months rather than years. This is not a hypothetical scenario, but a rapid escalation of an already existing threat.

For Sweden, this means several concrete consequences:

Firstly Our economic model is directly exposed. Banks, payment systems, industry and the public sector are deeply integrated digitally, which means that an attack rarely stops at a single system but risks affecting entire value chains.

Secondly Total defense is dependent on civilian digital infrastructures, which means that cyberattacks can no longer be considered an isolated technology problem but as an integrated part of modern security policy.

Thirdly There is a risk that societal trust will be affected. As attacks become faster, more scalable and harder to detect, the likelihood of disruptions that can affect everything from healthcare to central societal functions increases.

A review of the parties' positions shows that cybersecurity is included in both defense and digitalization policies, but is rarely treated as a strategic issue in its own right. At the same time, AI and cybersecurity are largely handled separately, even though it is in their combination that the most profound change in the threat landscape is now taking place.

What is missing is not more strategies, but a clear political focus on pace, prioritization, and responsibility in an environment where attacks are evolving faster than the systems that are supposed to stop them.

Three questions should each party be able to answer:

1. How should Sweden reduce the time from discovery to action in critical systems?

2. How should the public and private sectors collaborate when threats become AI-driven and real-time?

3. How do we ensure competence, investment and division of responsibilities in an environment where the scale of attacks is rapidly increasing?

This is fundamentally a core economic, security and democratic issue. Historically, crises have often been what forced action. In an era where threats are evolving at an ever-increasing pace, this is a risky approach, as the next crisis could develop faster than our ability to react.

That's why cybersecurity needs to be elevated to the political mainstream now. Not after the next breach, and not after the next system disruption, but before the pace of threat development sets the framework for what is even possible to defend.