Cyber preparedness of Finnish sectors at a good basic level
The cyber preparedness of Finnish companies is at a good basic level, according to the recent national cyber security maturity survey. Companies’ awareness of cyber threats and the importance of preparedness has improved. Key challenges include the shortage of cyber security professionals and shortcomings in the management of partner networks. There is considerable variation in the level of preparedness both between different sectors and between individual companies within sectors.
A positive development is that companies’ awareness of the importance of cyber preparedness has clearly increased compared to the previous survey carried out in 2020. In companies where the level of preparedness is highest, the development of cyber security is part of the company’s strategy and management, and communication between persons responsible for cyber security and the organisation’s executive management is continuous and effective.
Although companies have become more aware of threats and risks, the implementation of cyber security management may still fall short due to a lack of personnel or time, among other factors. All sectors were deemed to have room for improvement in terms of identifying partner networks, whole supply chains and dependencies. In many organisations, preparedness was slowed down by a shortage of cyber security talent.
The telecommunications sector and the ICT and software sector at the top when it comes to cyber security
The sectors where cyber security maturity was assessed to be the highest were the telecommunications sector and the ICT and software sector, which are also subject to notable information security threats. Both of these sectors are characterised by a systematic approach to information security and a strong and comprehensive culture of preparedness.
The sectors that were assessed to have the most room for improvement were the trade and distribution sector and the ports and maritime sector, where areas for improvement included the operative implementation of cyber security and raising its importance on the priority lists of organisations’ management.
The survey included companies from 12 different sectors: telecommunications; ICT and software; finance; energy; health care; logistics; media; food; manufacturing; water services; trade and distribution; and ports and maritime.
“In order to develop a society that can withstand cyber attacks, we need up-to-date information on the cyber maturity of sectors critical to security of supply. The results of the survey will help us prioritise our efforts to improve cyber security,” says Juha Ilkka, director of the Digital Security 2030 programme at the National Emergency Supply Agency.
Companies have woken up to the elevated threat level
The survey was conducted in 2022 and included 121 Finnish companies from 12 different sectors. The survey was carried out by the National Emergency Supply Organisation’s Digital Pool as part of the National Emergency Supply Agency’s Digital Security 2030 programme, utilising the Kybermittari tool developed by the National Cyber Security Centre Finland operating under the Finnish Transport and Communications Agency.
The threat and risk landscape of cyber security was undergoing a dramatic change during the survey, with companies also having noticed an increase in cyber activities.
“By the end of 2022, cyber security had been added to the agendas of all companies and their management due to the prevailing global situation. My hope is that the results of the survey will convince businesses to further improve their cyber security preparedness. For us, the survey provided valuable information, on the basis of which we will start planning further measures in collaboration with companies,” says Antti Nyqvist from the Digital Pool.
The organisations participating in the survey received information on their successes and challenges in different cyber security domains and benchmarking data from their own sectors. The published report summarises the most notable areas for improvement and key findings of the sector-specific reports. The report goes over the sector-specific results and also provides an overview of the national state of cyber security and areas for improvement.
The Digital Pool is a cooperation forum for Finnish information technology and network companies and authorities. The Pool is part of the National Emergency Supply Organisation, and its operations are coordinated by the National Emergency Supply Agency.