Yesterday's controls for tomorrow's attackers?
20th October 2026 • Radisson Blu Scandinavia • Copenhagen, Denmark
Are Nordic companies unusually secure, or are they just untested? And does Al change the answer?
The calm before the storm?
The most dangerous moment in cybersecurity is not always the moment when incidents are visibly surging. Often, it is the period just before — when threat levels appear manageable, confidence remains high, and organisations mistake operational calm for strategic stability.
That is the risk now facing the Nordic cyber community.
Across Europe, the underlying cyber landscape is shifting. Digital identity, cloud concentration, Al-enabled attacks, third-party dependency, geopolitical pressure, and regulatory escalation are all converging at once. The result is not necessarily a sudden spike in reported incidents, but a more unstable operating environment beneath the surface — the cyber equivalent of pressure building behind an old dam. Nothing looks broken until the weak point gives way.
For the Nordics, this matters because the region's greatest strengths are also potential fault lines. High levels of trust, digital adoption, public-sector connectivity, financial sophistication, cross-border integration, and cloud-enabled efficiency have made Nordic economies among the most digitally mature in Europe. But the more integrated, automated, and trusted the digital environment becomes, the greater the systemic consequences when something fails.
This is the tipping point: cyber risk is moving from a question of whether organisations can prevent more attacks to whether digitally advanced societies can sustain trust under conditions of permanent cyber pressure.
AI sharpens that challenge. It does not simply create a new category of threat; it accelerates the entire contest. Attackers can scale reconnaissance, social engineering, and phishing with greater speed and realism, while defenders are forced to modernise detection, response, and prioritisation just to keep pace. The gap between apparent stability and actual exposure may therefore widen quickly.
Regulation is adding further urgency. NIS2, DORA and the wider European resilience agenda are raising expectations around governance, accountability, third-party risk, and operational continuity. But compliance is not the same as resilience. Nordic firms may be well positioned by European standards, yet the strategic question is no longer whether they are "more mature than peers". It is whether their current operating models are fit for the next phase of cyber risk.
CISOs therefore face both an external challenge (the looming threatscape) and an internal problem: how to argue for preventive resourcing before attackers prove how damaging a breach can be.
Their case for action is not that Nordic cybersecurity has already failed, but that the conditions for failure are becoming more complex, more interconnected, and harder to see through conventional metrics. Waiting for incident volumes to rise before changing strategy may be precisely the mistake.
So, where Nordic cyber leaders see genuine resilience, where is confidence masking hidden concentration risk, and what practical steps organisations should take before the storm becomes visible. The central question is simple: if the Nordics are among Europe's most digitally advanced societies, are they also becoming one of its most exposed?
The e-Crime & Cybersecurity Congress Nordics will look at how at how security teams and the business must respond to a new era in cybersecurity. Join our real-life case studies and in-depth technical sessions from the most sophisticated teams in the market.
Key Themes: AI and Quantum
Identity, authority, and control for non-human actors
CISOs must rethink core identity and governance frameworks, including the adoption of robust agent identity models (spanning machine, service, and workload identities), and clearly defined delegation structures that determine what authority an agent holds and who grants it. What technologies can help them maintain visibility and control?
Data protection and leakage risks
What does "insider threat" mean when the actor is non-human? For CISOs, the focus shifts to monitoring the behaviour of agents as well as users, developing capabilities to detect anomalous machine activity, and establishing effective controls that balance guardrails, detection, and containment. Do you need Al defences to do that?
Al anti-phishing and social engineering defences
Al is shifting defence from static filtering to behavioural detection at scale, flagging anomalies that rules/ signatures miss. It can also enable pre-emptive defence against social engineering, identifying manipulation cues. The result is a move from reactive blocking to adaptive defence reducing both successful attacks and analyst workload. Can you help?
Who needs to be quantum-ready?
Anyone responsible for long-lived sensitive data or critical infrastructure has a quantum problem. That means banks, governments, telecoms, energy, healthcare whose datasets need to last decades. If your encryption protects value over time, you need crypto-agility and a migration path now, not when quantum arrives. How does this work in the real world?
Integrity and the Al-enabled supply chain
Al-native operating models imply dependence on a complex supply chain of foundation models, internal systems, and external APls and orchestration layers that collectively produce legal work. Imagine the consequences of hacking such a system. So how do CISOs stop that happening?
Intelligent Threat Detection
CISOs now must build a single coherent security program that simultaneously satisfies divergent regulatory demands; they must interpret vague legal standards into technical architectures, and they risk non-compliance if auditors, regulators, or courts interpret differently later; they face unrealistic expectations around incident reporting; and they face personal liability. Can RegTech help?
Key Themes: Building Better Security
Making the best use of threat intelligence
In a preemptive security model, timing is everything — success depends on detecting and neutralizing threats before they become active incidents. To do this, security operations can't just rely on internal telemetry (e.g., endpoint or network logs). They need external, real-time context about emerging threats — where do they get it?
Security Posture Management
Traditional vulnerability scanners don't handle cloud native architectures well. Today's cloud environments spin up thousands of ephemeral assets without a traditional OS, without an IP address for long. So how do you adapt to that dynamic, APl-driven reality? How can traditional tools connect the dots — not just generate tickets?
Improving continuous attack surface discovery
You need to know what attackers can see and what they can actually attack — and you need it on a continuous basis, not in some static inventory. Ideally you also need assets ranked by risk priority and put into the current threat and vulnerability context. Is this feasible and is it cost effective?
The power of automation
There's too much manual intervention in security. SOAR pulls data from SIEMs, EDRs, firewalls, cloud APls, ticketing systems threat intelligence feeds, and even email servers and coordinates actions across tools via APls and prebuilt integrations and intelligent playbooks. Well, that's the theory. How does it work in the real world?
Adversary simulation and behavioural analysis
Automated adversary simulation Identifies telemetry blind spots. They provide prioritized remediation guidance and control effectiveness metrics. They track progress trends and validate security RO is as welI as providing board and audit reporting. How well do they work in practice?
Securing the Cloud: still a problem
The cloud may be secure but misconfiguration, API proliferation, federated identity challenges, third-party compromise and a misplaced trust in shared responsibility all make Cloud environments extremely complex to understand and secure. So is the answer CSPM/CIEM tooling? What about CNAPP/CWPP? How to push your controls into SaaS providers and MSSPs? Can vendors help?
Key Themes: Best Practice Fundamentals
Achieving visibility across ecosystems
From exposed initial access points such as warehouse management systems to complex machine control software, simply understanding your device and application landscape is a huge challenge. Can you help with asset tracking and endpoint visibility? And what about anomaly detection after that?
Transitioning OT to the Cloud?
OT traditionally was localized in particular sites and air-gapped from IT systems. But connectivity with broader corporate networks and the need to manage technology more centrally (especially during COVID) has seen companies looking at managed services in the Cloud for OT. Is this a way forward? Or does the Cloud just create more problems?
Defending against the latest ransomware variants
Ransomware evolution is forcing the hands of government and causing havoc in the insurance market. So firms must go back to basics (see below) but also invest in immutable back-ups and real resilience. Detecting early-stage infiltration is also critical. What else can CISOs do to better defend against ransomware?
Securing the basics
The endpoint and email are still a critical cybersecurity battleground. So, organisations still need EDR/XDR everywhere; they need advanced emaiI security; they need more aggressive patching of internet-facing anything. They need to move from awareness training to behavioural conditioning. What does that mean practically for CISOs?
Why zero trust, isolation and segmentation are key
There has been a shift in recent attacks away form the theft of data — now threat actors are concerned with interrupting all operation activity. It is now critical that business functions are separated, and that internet access to OT networks is limited. Can security teams still keep up with sophisticated foes? Should they upgrade their capabilities?
Dealing with regulations
CISOs now must simultaneously satisfy divergent regulatory demands; they must interpret often vague legal standards into technical architectures, and they risk non-compliance if auditors, regulators, or courts interpret those regulations differently later; they face unrealistic expectations around incident reporting; and they face personal liability. Can RegTech help?