This opinion piece was published in Industry Today November 20, 2025.

.

Cybersecurity is on its way to becoming the next big maturation journey for business. Despite this, the issue is still being handled in many Swedish companies as a secondary matter for the IT department, which is the same mistake that was made when sustainability was once reduced to an ”environmental project,” writes Jonas Hasselberg, CEO of Omegapoint. 

At companies where sustainability work took off, three things were done. First, the issue was moved up to management, then a culture was built around values and behaviors that went beyond technology and regulations, and finally, sustainability perspectives were integrated into product and technology development, purchasing, communications, HR, customer relations and business development. Cybersecurity must now make the same journey. 

Today, the threat landscape is clear. Ransomware, insider threats, vulnerable supply chains and digital espionage show how quickly risks are spreading throughout the business. It is no longer enough to buy firewalls and antivirus. The consequences are too extensive and the dependence on digital infrastructure too deep. Companies that want to remain competitive must therefore elevate security work to the management level, from technical detail to core strategic issue.  

Above all, it has The security manager has a responsibility that is similar today to what the sustainability manager had a decade ago. He or she must act as a culture carrier, break down silos, and operate cross-functionally. In HR, by building awareness and routines around human risks. In purchasing, by making demands on suppliers and partners. In communication, by establishing trust and transparency. 

And in strategy and business development where security is not an add-on, but a natural part of every investment, even in the supply chain. It is the same insight that made sustainability work take off – responsibility and transparency are built in from the start, they cannot be added at a later stage.  

The risks of inaction are clear. In addition to technical disruptions, cyber incidents lead to lost customer trust, regulatory penalties and damaged brands. Our digital economy is already strained, and with each successful attack, trust is further eroded. That’s why it’s important for companies to act proactively.  

The counterargument is often that the investments will be too costly. But experience from the sustainability field shows the opposite: the cost of not integrating the perspective in time is far higher, and companies that wait risk falling behind when customers, investors and authorities make demands. Cybersecurity is therefore also just as much about leadership. It requires boards that understand the threat landscape and that set the tone, as well as employees who consider risks and responsibilities.  

Today, too many Swedish companies still do not see cybersecurity as a strategic issue. Sweden, one of the world's most digitalized countries, is thus at risk of losing the digital lead that has been built up over more than two decades. We now have the chance to do something different, it is in the cultural change that real protection takes shape.

About companies and public If stakeholders take the cybersecurity ”sustainability journey” seriously by building culture, integrating perspectives and anchoring responsibility at the management level, Sweden can become a pioneer here too. But it requires the same courage and strategic holistic view that once made sustainability a competitive advantage. 

Sustainability taught us that change is not about reaction, but about direction, resilience and persistence. The same logic applies to cybersecurity. Companies that control their digital resilience are not only stronger against threats – they are also building the foundation for long-term digital sustainability, where trust and continuity are at least as important as climate goals and social responsibility.  

.

Jonas Hasselberg
President and CEO
Omegapoint