Insights

Articles, analyses and practical advice on cybersecurity, compliance and information security.

Governance May 5, 2026 · 6 min read

The maturity report is written for the board. Not for the crisis.

Status reports test no one. When the alarm goes off at 02:14 on a Friday, what matters is the board's ability to decide, not the maturity score. Practise, don't just report.

Read the article →

Governance May 5, 2026 · 12 min read

What was right yesterday isn't right today

Europe isn't stuck with the hyperscalers by force. We made good decisions and stopped reconsidering them. NIS2, DORA and the Cybersecurity Act now make reconsideration a formal duty.

Governance April 18, 2026 · 4 min read

Compliance cost isn't a technology problem. It's governance debt.

European companies spend ~€150 billion a year on regulatory compliance. AI won't speed that up if governance is missing.

Governance April 17, 2026 · 8 min read

Security that isn't communicated is security that doesn't exist

The right risk picture isn't enough if leadership can't act on it. How to reach decisions upward and behaviour downward.

Cybersecurity Act April 16, 2026 · 5 min read

Alone with the responsibility. The security coordinator who never got a mandate.

One person. No mandate. No resources. That's the reality for information security coordinators in Swedish municipalities.

Cybersecurity April 14, 2026 · 4 min read

Your supply chain is your biggest cybersecurity risk – not your size

42 percent of Swedish organisations have low supply chain maturity. Being small doesn't protect you – it makes you the weakest link.

Cybersecurity April 7, 2026 · 4 min read

The law won't protect your business – you have to do it yourself

Sweden's Cybersecurity Act doesn't cover everyone. But the threats do. Four business risks that demand leadership attention.

Governance March 24, 2026 · 5 min read

Six frameworks. One governance structure. No excuses.

NIS2, GDPR, DORA, CRA, AI Act and the Cybersecurity Act impose overlapping requirements. Five signs your governance falls short.

Cybersecurity March 6, 2026 · 3 min read

Fifteen years of the same threat picture. Why has maturity stalled?

Swedish organisations still lack basic cybersecurity capabilities. The problem isn't knowledge — it's the absence of structural change.

Cybersecurity Act February 23, 2026 · 5 min read

The Cybersecurity Act and leadership accountability. Are the rules really the same for everyone?

The Swedish Cybersecurity Act imposes the same requirements on public and private sectors, but the consequences for non-compliance differ significantly. We examine what this means for leadership accountability.

NIS2 February 10, 2025 · 1 min read

NIS2 and the Cybersecurity Act: what applies now?

The Swedish Cybersecurity Act entered into force in January 2025. We walk through the key requirements and what your organisation needs to do.

ISO 27001 January 22, 2025 · 1 min read

ISO 27001:2022: the key changes

The updated standard introduces new controls and a restructured control annex. Here is how your ISMS is affected.

CISO January 8, 2025 · 2 min read

CISO-as-a-Service: the right choice for mid-sized organisations?

Not every organisation needs a full-time CISO. We explore when a shared security leader is the smartest choice.

Real-time data

Threat Landscape

See real-time data from CISA and NIST showing the current threat landscape and why continuous security work is essential.

View threat landscape

Ready to strengthen your cybersecurity?

Book a free meeting and we will discuss how we can help your organisation meet the new requirements.

Book a meeting