Articles, analyses and practical advice on cybersecurity, compliance and information security.
Why a correct risk assessment can still become your biggest vulnerability in an AI-driven organisation. The assessment was true the day it was written — the question is how long it stays that way.
Read the article →
We build and sell software for security and compliance. So this might sound strange: the software won't solve your problem. Not by itself. Let us explain what it actually can't do.
The day Sweden's payment and e-ID services go down for three hours, we feel how thin the digital layer is. Why governance, not technology, decides whether the country holds.
When the alarm goes off, knowing who your suppliers are isn't enough. You need to know what actually stops working, and who decides what. From list to dependency map.
Status reports test no one. When the alarm goes off at 02:14 on a Friday, what matters is the board's ability to decide, not the maturity score. Practise, don't just report.
Europe isn't stuck with the hyperscalers by force. We made good decisions and stopped reconsidering them. NIS2, DORA and the Cybersecurity Act now make reconsideration a formal duty.
European companies spend ~€150 billion a year on regulatory compliance. AI won't speed that up if governance is missing.
The right risk picture isn't enough if leadership can't act on it. How to reach decisions upward and behaviour downward.
One person. No mandate. No resources. That's the reality for information security coordinators in Swedish municipalities.
42 percent of Swedish organisations have low supply chain maturity. Being small doesn't protect you – it makes you the weakest link.
Sweden's Cybersecurity Act doesn't cover everyone. But the threats do. Four business risks that demand leadership attention.
NIS2, GDPR, DORA, CRA, AI Act and the Cybersecurity Act impose overlapping requirements. Five signs your governance falls short.
Swedish organisations still lack basic cybersecurity capabilities. The problem isn't knowledge — it's the absence of structural change.
The Swedish Cybersecurity Act imposes the same requirements on public and private sectors, but the consequences for non-compliance differ significantly. We examine what this means for leadership accountability.
The Swedish Cybersecurity Act entered into force in January 2025. We walk through the key requirements and what your organisation needs to do.
The updated standard introduces new controls and a restructured control annex. Here is how your ISMS is affected.
Not every organisation needs a full-time CISO. We explore when a shared security leader is the smartest choice.
Book a free meeting and we will discuss how we can help your organisation meet the new requirements.
Book a meeting
