Skip to content
Menu
0
Employer's Guide
Employer's Guide
Site content

Information Security Month is all very well, but where are the policies?

Data Council Information and cyber security
October is EU Information Security Month. In Sweden, MSB and the Swedish Police are organizing the Think Safe campaign. The aim of the campaign is to raise awareness of information and cyber security issues. At first glance, it's hard to disagree - we need more awareness of these issues.

This year, MSB, together with the police, has also been given an extended assignment by the government to strengthen knowledge in society about information and cyber security. The campaign will therefore run from June to November, with different themes during the period.

Almega's report Service companies and strengthened cyber security in Sweden shows that one fifth of service companies have been exposed to cyber attacks in the past three years. Moreover, the majority of attacks were targeted and sophisticated. The real picture of cybersecurity threats is likely to be even darker - there is a constant buzz of attempted attacks. The report also reveals that one company suspects that a sophisticated attack it suffered was a large-scale exercise in preparation for a cyberattack on Ukraine. Information and cybersecurity efforts thus deserve more attention and action.

The Swedish Minister for Justice, Morgan Johansson (S), sent SEK 40 million to implement the information campaign. The government's efforts are important, of course, but it seemed like a hasty measure when it was presented a week after Russia's renewed invasion of Ukraine.

Faced with a foreign power's great capacity for cyber attacks, one can also consider what are effective measures. Spending SEK 40 million on a campaign over six months can be compared to the budget of a longer-term commitment like the National Cyber Security Center. The center, which is under construction, received 50 million kroner for its first year. Working on the issues is difficult and resource-intensive. Another urgent government mission, for example, showed how complex the issues are in the financial sector alone.

Late in its term, the government took a number of welcome measures, but there is still room for the incoming government to really make a difference and take action to improve information security: skills supply and collaboration with the business community are two examples. There are more in our report A tech agenda for Sweden.

An information campaign is good, but a solid information security policy is better.

Fredrik Sand
Industrial policy expert