Nordic CISOs Handle Rising Cyber Threats Remarkably Well
Dark ReadingArchived May 28, 2026✓ Full text saved
Artificial intelligence notwithstanding, the vast majority of CISOs in northern Europe say they're facing no more serious cyberattacks than they did two years ago.
Full text archived locally
✦ AI Summary· Claude Sonnet
CYBERSECURITY ANALYTICS
CYBERSECURITY OPERATIONS
CYBERSECURITY CAREERS
CYBER RISK
NEWS
Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific
Nordic CISOs Handle Rising Cyber Threats Remarkably Well
Artificial intelligence notwithstanding, the vast majority of CISOs in northern Europe say they're facing no more serious cyberattacks than they did two years ago.
Nate Nelson,Contributing Writer
May 28, 2026
4 Min Read
SOURCE: ERIC D RICOCHET69 VIA ALAMY STOCK PHOTO
Around the planet, cyber threats are both rising in volume and growing more potent. Yet organizations in northern Europe don't seem to be feeling the brunt of it; chief information security officers (CISOs) in the region report unexpectedly high levels of preparedness.
This week, Stockholm-based Truesec released its biennial report based on interviews with CISOs located in Nordic countries. Compared to the data it collected two years ago, one trend stood out far beyond the rest: Security leaders are not reporting any increase in severe cybersecurity incidents affecting their organizations. The overwhelming majority of CISOs report facing no more serious issues than they were dealing with two years ago, when artificial intelligence threats were still mostly theoretical.
The report's authors call this "a remarkable feat," especially because a stable number of incidents "in these accelerated times, would equal a net reduction" in the relative percentage of attacks that manage to cause real problems. They attribute the feat to improved cybersecurity defenses, despite few meaningful changes to the power or resources afforded to CISOs.
Related:Do Ceasefires Slow Cyberattacks? History Suggests Not
Nordic CISOs Unphased by Rising Threats
In their interviews, Nordic CISOs reported the same trend everyone else in cybersecurity has been seeing: more threat activity than ever before, more aggressive tactics, more persistent attacks. As just one case in point: In 2024, the average time it took for attackers to exploit targeted organizations was 53 days, according to survey respondents. In 2026, that number is down to 2.4 days, largely thanks to AI.
One would expect, then, that from 2024 to 2026, CISOs would report a greater number of severe cybersecurity incidents affecting their organizations. Not so. A whopping 91% of respondents reported stable, consistent levels. In 2024, only 29% of respondents reported stability, with 53% reporting an increase.
"There are probably many explanations for it," says Gabriel Winnberg, senior security adviser at Truesec. In general, Winnberg and his colleagues attribute the improvement to better organizational cybersecurity. "One example is increased outsourcing to mature managed detection and response (MDR) service providers, providing the capability to identify and manage incidents before they become severe. Another example is better attack surface management."
Heightened risks balanced by better defenses "is something I'm seeing in the US and other geographies, too," adds Noma Security CISO Diana Kelley. "The report's data showing severe incidents stabilizing while lower-severity incidents rise suggests security teams are getting better at detection and containment, but they're doing it under greater time pressure."
Related:More Than 40% of South Africans Were Scammed in 2025
It may also be that, cyber defenses aside, AI has mostly helped hackers with lower- and medium-severity attacks less likely to cause severe outcomes. And while AI has been growing, ransomware — once the scourge of organizations everywhere — has been declining. That helps.
A less optimistic possibility is that these figures are merely a fluke owed to the limitations of the study. Surveys conducted without large enough sample sizes can yield dodgy results. Truesec did not report the number of CISOs who participated in its study, but indicated that they took part in "in-depth" interviews, suggesting a smaller, more targeted group. As a consequence, some figures appear distant from reality. For instance, in 2022, no CISOs told the surveyors that they were experiencing a decrease in severe cybersecurity incidents. That figure rose to 18% in 2024, then fell to zero again in 2026.
CISO Power Stagnates
CISOs also reported stability when it came to their relationships to their larger organizations.
In recent years, CISOs have been known to lobby for a "seat at the table" in the boardroom with other major executives. They're still one degree of Kevin Bacon away, though, as most still report to technology (CTO, CIO) or finance (CFO) leaders ahead of them in the pecking order.
Related:Retail, Services Industries Under Fire in Oceania
Security budgets have also stabilized. An almost identical number of respondents reported that their budgets either increased or decreased in 2026 (68% increase, 9% decrease) compared to 2024 (66% versus 9%).
The way those budgets are being distributed seems to vary based on the organization. While some smaller number of CISOs report their budgets consolidating under the banner of cybersecurity, Winnberg notes that "on the other hand, all report that some security investments are being 'shifted left' into IT (e.g. licensing), so it's no longer part of the CISO's budget."
Despite few material improvements in their standing, the report noted, "In 2026, the CISOs interviewed perceived having moved up further in the food chain, not necessarily organizationally, but rather communicationally, where their voices matter more." The authors speculated that "proximity to executives makes CISOs business-driven. Along with this move comes a shift in objectives, from protecting critical systems to protecting key business processes."
"[That's] another aspect I'm also seeing here in the US," Kelley says. "The emphasis on translating cyber exposure into business-process risk is exactly where CISO focus and executive alignment need to go, moving forward on a global basis."
Read more about:
Europe
About the Author
Nate Nelson
Contributing Writer
Nate Nelson is a journalist and award-winning scriptwriter. In addition to Dark Reading he writes for Darknet Diaries, the most popular show in cybersecurity across all media.
He began his career as a freelancer, ghostwriting Forbes and CNBC op-eds for executives in tech and finance. Then he transitioned to journalism at Threatpost, where he covered cybersecurity news and trends. Throughout those years he co-created a cybersecurity podcast, Malicious Life, which in its day climbed into the Top 20 technology podcasts charts on Apple Podcasts and Spotify.
He holds degrees from New York University and Bard College. As a born and bred New Yorker, he enjoys a superiority complex, but is polite enough to keep it to himself.
Want more Dark Reading stories in your Google search results?
ADD US NOW
More Insights
Industry Reports
How Organizations Are Managing Incident Response
How Enterprises Are Developing Secure Applications
Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy
Essential News & Insights from Black Hat USA 2025
How Enterprises Are Harnessing Emerging Technologies in Cybersecurity
Access More Research
Webinars
The Frontier AI Era: Why Cybersecurity Must Move at Machine Speed
Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack
Defending in the Shadow Era: When the CVE Feed Goes Dark
Building SecOps That Make the Most of Every Dollar
AI-Powered Cybersecurity for Resource-Constrained Organizations
More Webinars
You May Also Like
CYBERSECURITY ANALYTICS
In Cybersecurity, Claude Leaves Other LLMs in the Dust
by Nate Nelson, Contributing Writer
DEC 17, 2025
CYBERSECURITY ANALYTICS
How Agentic AI Can Boost Cyber Defense
by Jeffrey Schwartz
DEC 04, 2025
CYBERSECURITY ANALYTICS
Mideast, African Hackers Target Gov'ts, Banks, Small Retailers
by Nate Nelson, Contributing Writer
OCT 23, 2025
CYBERSECURITY ANALYTICS
Commentary Section Launches New, More Opinionated Era
by Becky Bracken
OCT 10, 2025
Editor's Choice
CYBERSECURITY OPERATIONS
20 Leaders Who Built the CISO Era: 2 Decades of Change
byDark Reading Editorial Team
MAY 12, 2026
41 MIN READ
APPLICATION SECURITY
It's Patch Tuesday for Microsoft & Not a Zero-Day In Sight
byJai Vijayan
MAY 12, 2026
5 MIN READ
CYBERATTACKS & DATA BREACHES
Instructure Breach Exposes Schools' Vendor Dependence
byAlexander Culafi
MAY 6, 2026
4 MIN READ
Want more Dark Reading stories in your Google search results?
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
SUBSCRIBE
Webinars
The Frontier AI Era: Why Cybersecurity Must Move at Machine Speed
TUESDAY, JUNE 23, 2026 1:00 PM EDT
Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack
THURS, JUNE 25, 2026, AT 1PM EST
Defending in the Shadow Era: When the CVE Feed Goes Dark
TUES, JUNE 16, 2026 AT 1PM EST
Building SecOps That Make the Most of Every Dollar
THURS, JULY 9, 2026 AT 1PM EST
AI-Powered Credential Security: Intelligence Without Exposure
WED, JUNE 17, 2026, AT 1PM EST
More Webinars
BLACK HAT USA | MANDALAY BAY, LAS VEGAS
The premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass.
GET YOUR PASS