Swedish Companies Struggle with Cybersecurity Leadership Amid Rising Threats

Swedish businesses are increasingly grappling with cybersecurity challenges, particularly the absence of dedicated Chief Information Security Officers (CISOs) in many mid-sized firms. According to Thomas Öberg, Principal Architect of Cybersecurity at itm8, the lack of a CISO often leads to cybersecurity responsibilities being thrust upon already burdened roles such as CIOs, CFOs, or even CEOs, creating ambiguity and a false sense of security regarding organizational safety.

The pressure of growing regulatory demands, such as NIS2, heightens the urgency for Swedish companies to enhance their cybersecurity posture. "If you have revenue, you are a target," Öberg warns, illustrating the misconception that only firms handling critical societal data need to prioritize cybersecurity. Many organizations struggle to identify the starting point for their cybersecurity initiatives and how to effectively report control measures to their boards.

Öberg advocates for a foundational approach, emphasizing that companies should not be overly focused on finding a 'perfect solution' but instead prioritize basic security measures. itm8 positions itself as a strategic advisor, assisting companies in risk analysis and gradually building their cybersecurity capabilities. This partnership approach aims to cultivate resilience against potential breaches and ultimately foster trust among employees and stakeholders.