Skip to content
arrow-alt-circle-up icon

Cyber Incident?

arrow-alt-circle-up icon

Call 00800 1744 0000

arrow-alt-circle-up icon

MDR-1
By: Marc de Jong Luneau, Strategic Cyber Security Advisor & General Manager Nordics, Northwave Cyber Security
Published: May 2025

Addressing The Critical Gap in Cyber Crisis Readiness

Despite the growing sophistication of cyber threats and the intensifying pressure from regulators like the EU’s NIS2, DORA, and CRA, many medium and large companies in Sweden remain underprepared for a real cyber crisis.

The Digital Security 2024 report by Sweden Secure Tech Hub reveals that 60% of Swedish organisations admit to lacking sufficient resources to effectively manage cyber threats. Furthermore, only half of the surveyed organisations have a clear plan for handling cyberattacks, indicating a gap between perceived preparedness and actual readiness.

As a strategic cyber security advisor to senior leadership and owners of midsize and large companies across Europe, during crises as well as in preparation, I have seen many times and firsthand the consequences of this risky combination.

Let’s take a closer look at why cyber crisis readiness matters and how business leaders can (and must) catalyse a holistic approach in their organisations.

From Sweden to the world:
high stakes in high-value sectors

Sweden is home to a range of globally significant sectors. Pharmaceutical innovation, precision manufacturing, green energy technology, and next generation medtech are strong exponents of the Swedish economy. These industries are digital by design, highly interconnected, and often deeply dependent on supply chain integrity and operational uptime.

This enables Sweden to compete on global stages. It also creates additional cyber risk exposure. In abstract summary, Sweden’s ‘risk dynamic’ is high.

This means that accurate risk management is an ongoing, detailed and often complex matter. It also means that the probability that something fails is a very real one. Business leaders can quickly make their own assessments if that high dynamic applies. Check for yourself with these three “Yes/No” statements:

  1. We are depending on digital for our innovation, client success and delivery.
  2. We are on an aggressive growth trajectory towards international expansion.
  3. We need to comply to GDPR, NIS2, CRA and/or DORA.

Does more than one statement apply to your business? Your readiness is a crucial element in your risk management. My recommendation is first and foremost: prove to yourself that you are, in fact, ready. After all, this is what you are personally accountable for as an executive

Cyber-Resilience-Plan-implementation
Why-NW

What is Cyber Crisis Readiness?

Working with the leadership of clients in many different sectors has taught me that many are aware of their exposure, but underestimate the speed and coordination required to contain a serious cyber incident. Simply put: having a plan on paper is not the same as being ready to act under pressure. There are three dominant issues I come across frequently, often in combination. These issues critically jeopardise an effective response and even increase the impact of a cyber crisis. 

  • Overconfidence. Many executive teams assume their preparedness is solid because a plan exists or because they passed a compliance audit. But these plans often sit unused, untested, and disconnected from the realities of a fast-moving digital crisis.
  • Fragmentation. Cyber incident response, business continuity, and crisis communications are too often managed in silos. In a real-world attack—such as ransomware or data exfiltration—this fragmented approach leads to confusion, delays, and inconsistent management and messaging.
  • Competence. Many companies have never run a realistic tabletop exercise, let alone a full-scale crisis drill. This leaves leadership teams unpractised, unclear on roles, and prone to paralysis, misjudgement and flat-out failure when it matters most.
Stars

So, what works best?

What I see to be most effective in practise is actually executing a resilience strategy that includes:

  • Leaders taking the lead in educating and emphasising the critical importance of resilience for the company to be successful in its mission.
  • Integrating cyber response with business continuity frameworks to ensure cohesion during incidents.
  • Creating clear governance structure for crisis response teams. Ensure everyone knows their roles during a crisis, how they should respond and share information with each other.
  • Running frequent simulations and crisis exercises that involve both technical and executive teams.
  • Developing clear communication protocols and out of band communications systems that are regulator and customer ready. They should enable an unhampered response even if the whole company is down.
  • Conducting post-incident reviews that lead to genuine learning and continuous improvement.

The question for any leader is: when it happens, will you be ready or will you just continue to hope that you are?

Resilience is not a document. It’s a muscle you train in and, presumably, a body you care for. In today’s threat landscape, it’s one you can’t afford to let weaken. So, get ready. Northwave is here to help. You can get started today with our personalised crisis readiness calendar that provides concrete next steps.

We’re here to take an honest look at your situation and develop a custom plan for your organisation’s cyber crisis readiness. Simply reach out to me and our Swedish team for a free consultation.

We are here for you

 

.