Sweden in the crosshairs: time to strengthen defences
April 23rd, 2026, Stockholm, Sweden
As a range of attackers continues to target Sweden and the Nordic region, public and private sectors must respond
Sweden is under attack - and it's spending more on cybersecurity
Sweden is under attack, Prime Minister Ulf Kristersson said earlier in the year following three days of disruptions targeting public broadcaster SVT and other key institutions.
"We are exposed to enormous cyberattacks. Those on SVT have now been recognised, but banks and Bank-id have also been affected," he said.
Those attacks were followed by August's Miljodata ransomware attack which impacted roughly 200 municipalities and regions, disrupting HR systems for employee health and accident reporting. The attack is considered one of the largest in recent years, and sensitive personal data was potentially leaked.
And in mid-November NoName057(16), a pro-Russian hacktivist group, targeted Sweden as the main focus of its DDoS campaign, replacing Denmark, which led the previous wave. The group used its volunteer-powered DDoS tool, DDoSia, to target government services, transport systems, telecom networks, and public platforms across several regions.
These incidents have prompted the government to up spending. Sweden's proposed 2026 defence budget included SEK0.37 billion for enhanced cyber security, come to SEK49.83 billion. Organisations outside the government need to do the same.
So, what should organisations spend that additional budget on?:
• Fixing gaps in foundational cyber hygiene: asset inventory & configuration management; patch automation and vulnerability management; network segmentation /microsegmentation; endpoint posture assurance.
• Identity security: identity lifecycle management & privileged-access hardening; unifying 1AM, PAM, CIEM, and SSO into a coherent identity fabric; conditional access with continuous risk scoring; identity threat detection (ITDR); MFA hardening+ phishing-resistant methods (FIDO2, passkeys).
• Detection and response modernisation: XDR + Al-augmented SOC; automated incident response and playbooks; adversary-simulation tooling to tune detections.
• Third-party and SaaS risk: Continuous external attack-surface monitoring of vendors; automated evidence collection & assurance workflows; Contract-level visibility of data access, and attack/threat data.
• Data security and data governance (especially in Al-driven environments): data discovery; DSPM (Data Security Posture Management); guardrails for LLM/AI usage: data leakage prevention, policy enforcement.
• Cloud security maturity uplift: CSPM ➔ CNAPP transition (holistic cloud posture + workload protection); Zero-Trust enforcement across multi-cloud; Identity control in cloud environments.
• Business continuity and resilience engineering: immutable backup architecture+ automated recovery; mapping minimum viable business processes; dependency mapping across apps, vendors, cloud, data.
