Achieving Cyber Resilience in Nordic Markets

0
398
Achieving Cyber Resilience in Nordic Markets

As cybercrime has become more common, cyber risk education in the Nordics has lagged behind. The number of attacks is up, and their material impact on commerce is grave. It is no longer reasonable to expect to fend off all attacks in your environment. Learn more about achieving cyber resilience in Nordic markets.

It is important to adopt a more proactive approach to understanding cyber risks in financial terms that the executives and directors can understand. So, moving forward, it’s important that firms in the Nordics embrace a new way of thinking to build cyber resilience in a rapidly changing global landscape so they can develop their market and maintain value.

***************************************
You might also like to read: Scandinavia Among the Most Cyber-Secure Countries in the World
***************************************

Achieving Cyber Resilience in Nordic Markets
Global cyber-attacks reached a record high in 2023, and 2024 is set to see this trend continue, particularly in the Nordics.

Managing cyber risk requires a new approach

As bad actors continue to evolve, and increased internet connectivity exposes Nordic businesses to greater vulnerabilities from third-party bodies and partners, it is crucial to accept that there is no silver bullet for cyber risk.

Global cyber-attacks reached a record high in 2023, and 2024 is set to see this trend continue, particularly in the Nordics. Following the Covid-19 pandemic, 97% of Nordic organizations saw cyber-attacks increase, with incidences of cybercrime doubling between 2020 and 2023 in Sweden and quadrupling in Finland since joining NATO in 2022. With tools of cybercrime such as AI, deepfakes and methods such as scam emails and identity theft progressing at an alarming rate, it is increasingly clear that perfect loss elimination is unachievable.

Indeed, cyber investment and education in these regions are very low, with recent research by the European Union Agency for Cybersecurity (ENISA) suggesting that as much as 80% of data breaches are the result of human error and lack of education.

A new way of thinking is therefore necessary. Businesses need to focus less on trying to thwart every single cyber threat and more on limiting losses from cyber-attacks to ensure they lose as little capability as possible and can continue to operate. This may seem somewhat counterintuitive, but such a more realistic approach is the best way to deal with the fast-changing cyber-threat landscape.

At Resilience, this is the approach we advise clients to adopt, first conducting risk assessments to determine the degree which they can suffer a setback from a cyber-attack but still be able to trade, which then helps them understand their level of cyber risk.

Cybercrime is expected to cost businesses more than $10 trillion by 2025, yet cyber spending between 2022 and 2025 is predicted to be just over $1.5 trillion and capacity coverage from cyber insurance will only reach $900 billion by the same year. This indicates a significant gap between losses from cybercrime and investment in cybersecurity and cyber insurance coverage, highlighting the need for quantifying cyber risk through thorough risk modelling and prioritising a cyber resilience strategy that best suits one’s needs.

Achieving Cyber Resilience in Nordic Markets, article continues below the image.

Achieving Cyber Resilience in Nordic Markets
Cybercrime is expected to cost businesses more than $10 trillion by 2025.

*************************************
You may also like to read: Your Beginner Guide to Data Protection as an Expat in Scandinavia
*************************************

At Resilience, AI insights are used to inform our cyber-risk models, creating a financial and measurable picture of a client’s cyber risk. These models can then be utilized, with the help of expert risk managers, and dedicated third-party teams to help businesses, wider organizations and security leaders identify the most pressing threats and the most effective cyber risk management tools to protect them. This will help businesses and organizations maximize their return on investment and integrate cyber risk into their long-term strategies.

C-suite needs to be better informed

In order to execute an effective cyber resilience strategy, cyber security officers need to feel empowered to communicate risk transfer, mitigation objectives, and cyber control capabilities to the C-suite and work collaboratively to achieve cyber resilience. Parallel to this, C-suite leaders need to move on from today’s typically more siloed stance and be receptive to this fresh approach.

Achieving this requires much greater buy-in and awareness across senior leadership teams, from CROs and CISOs to CFOs. According to recent research, nearly 42% of Swedish CEOs do not believe cybersecurity belongs at the board level, despite the enormous operational damage that can be caused by a successful attack.

When C-suite leaders buy into cyber risk as a business challenge, organizations can ensure that it is managed as part of a wider business strategy, ensuring appropriate investment, and promoting education of employees on common cyber risks.

To do this, we need to ensure that cyber risk officers and CISOs are speaking the language of the board and discussing cyber risk in terms of real financial terms and potential losses. Dedicated risk officers who can translate cyber risks in terms of potential losses, mitigations and real financial risks are crucial to help translate the impacts of security decisions in financial terms for CFOs, CEOs, and boards of directors to evaluate and make informed decisions.

Achieving Cyber Resilience in Nordic Markets
C-suite leaders need to move on from today’s typically more siloed stance and be receptive to a fresher approach.

Cyber resilience is the way forward

In January, leading Finnish IT provider Tietovery was subject to an attack by ransomware group Akira, accessing the data of thousands of public sector institutions and citizens. This attack is only one of many to strike the Nordics this year and is symptomatic of a much wider, more dangerous trend.

With 131 publicly disclosed cyber-attacks against EU countries in December 2023 alone, cybercrime in the EU is on the rise: it is no longer a question of if you will be the target of cybercrime, but when. The Nordics’ lack of cyber education and investment, coupled with the region’s high interconnectivity and geopolitical pressures underscore the need for a new way of thinking on cyber risk. What businesses need now is to adopt a more proactive stance that emphazises education, a non-siloed, collaborative approach to risk management, and adequate investment to enhance cyber resilience.

Integrating cyber risk management into a broader business strategy and utilizing robust risk transfer mechanisms such as cyber insurance will help organizations in the Nordics prepare for, and anticipate, cybercrime in advance, and successfully navigate the evolving cyber threat landscape.

Achieving Cyber Resilience in Nordic Markets
Rehan Hussain

Achieving Cyber Resilience in Nordic Markets, written for Daily Scandinavian by Rehan Hussain. As the Head of Underwriting at Resilience, Rehan leads the underwriting strategy and operations for the international and UK & Europe regions, covering cyber insurance and risk management solutions for corporate clients. Rehan has over 15 years of experience in the insurance industry, with advanced qualifications in insurance and information security, and a track record of delivering profitable growth and client satisfaction.

Previous articleMost Sold Electric Vehicle in Norway
Next articleHow to Use Long Layovers as a Tool
Avatar photo
Journalist, PR and marketing consultant Tor Kjolberg has several degrees in marketing management. He started out as a marketing manager in Scandinavian companies and his last engagement before going solo was as director in one of Norway’s largest corporations. Tor realized early on that writing engaging stories was more efficient and far cheaper than paying for ads. He wrote hundreds of articles on products and services offered by the companies he worked for. Thus, he was attuned to the fact that storytelling was his passion.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.