Privacy policy

Our website uses cookies to give you the most optimal experience online by: measuring our audience, understanding how our webpages are viewed and improving consequently the way our website works, providing you with relevant and personalized marketing content.
You have full control over what you want to activate. You can accept the cookies by clicking on the “Accept all cookies” button or customize your choices by selecting the cookies you want to activate. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button. Please find more information on our use of cookies and how to withdraw at any time your consent on our privacy policy.

Managing your cookies

Our website uses cookies. You have full control over what you want to activate. You can accept the cookies by clicking on the “Accept all cookies” button or customize your choices by selecting the cookies you want to activate. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button.

Necessary cookies

These are essential for the user navigation and allow to give access to certain functionalities such as secured zones accesses. Without these cookies, it won’t be possible to provide the service.
Matomo on premise

Marketing cookies

These cookies are used to deliver advertisements more relevant for you, limit the number of times you see an advertisement; help measure the effectiveness of the advertising campaign; and understand people’s behavior after they view an advertisement.
Adobe Privacy policy | Marketo Privacy Policy | MRP Privacy Policy | AccountInsight Privacy Policy | Triblio Privacy Policy

Social media cookies

These cookies are used to measure the effectiveness of social media campaigns.
LinkedIn Policy

Our website uses cookies to give you the most optimal experience online by: measuring our audience, understanding how our webpages are viewed and improving consequently the way our website works, providing you with relevant and personalized marketing content. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button. Please find more information on our use of cookies and how to withdraw at any time your consent on our privacy policy.

Skip to main content

Managing cybersecurity risks in critical industry across the Nordics

Due to their location, the Nordics have very particular security threats they must manage – both physically and digitally. This puts real pressure on the need for advanced cybersecurity defenses across public sector and critical industry.

In fact, within Sweden and Finland, the security of critical infrastructure is a matter for the state, and they are actively involved in vetting and approving security personnel and protocols. There is a requirement to be a national citizen and cleared by security services to manage critical infrastructure security needs.

Despite its importance, when it comes to the IT / OT security of critical infrastructure, the Nordics are, like the rest of the world, 10 – 15 years behind being mature.

Securing the convergence of IT / OT

The fourth industrial revolution has seen two different domains forced together causing a convergence that benefits industry and consumers but can also leave operations, sometimes critical operations, open to risk.

The OT environment was not designed to be connected. It is generally extremely expensive to build, complex to change and doesn’t run on the same operating systems that we use in a modern technology environment. Upgrading and adapting these systems is incredibly complex.

When the two environments converge, a potential major cyber risk is introduced, and this must be managed. The Nordic region have seen these vulnerabilities exploited, for both common criminality and ransomware as well as within the context of cyber warfare which threatens international stability and diplomacy.

Convergence is a great opportunity, but it comes with the cost of an increased risk that must be identified, managed, and controlled.

Cyber-insurance

One area where we’re likely to see an evolution is in cyber-insurance for critical industry. How can financial and civil risk be shared through insurance? Cyber-threats are now within the top five risks identified by insurers on their risk register.

Tailor-made insurance offers are made for manufacturers using diligence reports and assessment lists to cover what they know but it is likely that it will become harder and more costly to insure critical infrastructure.

As cyberthreats continue to rise, bringing risk to life, will insurers continue to support this industry?

A longer-term solution is around public and private enterprise working together to accelerate the maturity of IT / OT security. They must work to protect each other’s interests on the understanding that hostile nations can and do use industry as tools in their political campaigns. Given the very real threat seen in the Nordics, they could become a test bed for this teamwork and lead the way.

What does this mean for the Nordics?

There is real pressure on Finland and Sweden to have the right skills within their country. Consultants and security operations centers that are not physically located in these territories are not allowed to be used. There are exemptions, where required, but the workaround is that a non-national would have to work side-by-side with a national to perform their role making them an extremely costly resource. This means constant effort across the public and private sector to upskill and re-skill their experts. Public funds must be invested in this area.

In Norway, Iceland and Denmark they are free to use consultants with global knowledge, which means a wider group of experts to choose from. But with a highly digitalized manufacturing and utilities sector, they are always at risk of disruption.

Share this:

Email us about Digital Vision for the Nordics