Cybersecurity in a Nordic context
Why robust digital systems matter to society
Across the Nordic region, digital technologies are deeply embedded in how society functions. Energy supply, industrial production, transport systems, healthcare and public services all depend on digital systems working reliably – every day, under all conditions.
Digitalization has enabled efficiency, sustainability, and innovation at a scale. At the same time, it has increased society’s exposure to digital threats. As systems become more interconnected, disruptions are no longer isolated technical incidents, they can affect physical operations, essential services and public trust.
As Filip Enander, Head of Cybersecurity and Resilience at AFRY, says:
Digital systems have become the backbone of modern society. When they are disrupted, the impact is often far greater than expected and rarely limited to one organization or one sector.
This raises a fundamental question for organizations: how do we ensure that digital systems are robust enough to support a safe, stable, and functioning society in an increasingly uncertain world?
When digital threats become societal risks
Cyber threats have evolved significantly in recent years. Attacks are becoming more targeted, persistent, and more closely linked to geopolitical developments. Critical infrastructure, industrial environments, and essential services are particularly exposed, not because they are poorly protected, but because they are vital to everyday life.
When digital systems are compromised or unavailable, the effects are tangible. Production can stop, logistics chains can be disrupted, and services that citizens and businesses rely on may no longer function as expected. In highly interconnected Nordic societies, such disruptions can quickly propagate across sectors and national borders.
In this context, cybersecurity is no longer only about protecting information. It is about safeguarding continuity, safety and confidence – and about limiting the societal consequences when incidents occur.
Complexity as a core challenge
Many of today’s critical systems are the result of long evolution rather than deliberate design. Legacy IT and OT environments remain central to operations in infrastructure and industry, even as new digital solutions are introduced. These systems were often built for stability and isolation, not for today’s level of connectivity.
At the same time, dependence on external suppliers, cloud services, and shared digital platforms continues to grow. While this enables scalability and efficiency, it also introduces complex dependencies that are difficult to fully map, monitor, or govern.
According to Enander, this complexity is often underestimated:
The challenge is rarely a lack of technology or ambition. It is understanding the system as a whole, where the real dependencies are, and what needs to work when something goes wrong.
Regulation mirrors rising expectations
New EU legislation such as NIS2 reflects a growing recognition that digital disruptions can have far‑reaching consequences. Requirements now extend beyond policies and documentation, focusing instead on practical capability: the ability to manage risks, handle incidents, and maintain essential functions.
These expectations apply across sectors, from energy and transport to industry and public services. In practice, this means cybersecurity and robust IT cannot be treated as isolated technical disciplines. They require coordination across leadership, operations, engineering, IT, OT and procurement, and a shared understanding of responsibility.
Why robust IT underpins trust in society
In the Nordic countries, trust in public and private institutions is high. Energy is expected to flow, transport systems to operate, industry to deliver and public services to be available. Digital systems quietly enable much of this reliability.
Their importance often becomes visible only when something fails.
Robust IT and OT are therefore not only technical or regulatory concerns. It underpins safety, economic stability, and society’s ability to function during periods of stress. For organizations, it also supports long‑term credibility and legitimacy in an environment where digital failures are increasingly visible and consequential.
A systemic view of cybersecurity
Responding to today’s digital threats requires a systemic perspective. Cybersecurity cannot be separated from physical assets, operational processes, or organizational structures.
Effective approaches typically combine:
- well‑designed and secure IT and OT environments
- clear governance, roles and decision‑making structures
- integration of security considerations into design and investment decisions
- preparedness to manage incidents and restore operations when disruptions occur
Rather than attempting to eliminate all risks, many organizations are focusing on building systems that can handle uncertainty and change without losing critical functionality.
A Nordic engineering perspective
At AFRY, this perspective is rooted in decades of experience working with infrastructure, industry, and societal systems across the Nordics. By combining expertise in cybersecurity, digital solutions and engineering, AFRY contributes to strengthening the foundations that critical services and industries depend on.
In a world shaped by increasing digital dependence, robust systems are not just a technical necessity, they are the base of a functioning and trusted society.
