Swedish banks and state join forces to boost cyber security

Sweden’s central bank, the Riksbank, the finance sector and key national security organisations are pursuing a strategy to deepen cooperation between state-operated cyber defence hubs, and the IT security departments in banks, insurance providers and other important financial sector players.

The primary objective of the cooperation is to build a more solid basis for public trust and confidence in digital networks and IT infrastructure.

The finance industry’s thrust for a more robust collaboration with national security stakeholders was strengthened in May, after Swedish government and financial institutions came under a wave of sustained distributed denial-of-service (DDoS) attacks by bad “foreign actors” in the cyber domain. The attacks caused serious disruption to the digital and IT infrastructure networks of leading private and public organisations over three days.

Sweden’s prime minister, Ulf Kristersson, responded to the targeted cyber disruption by committing additional government funding and material resources to joint state and private sector partnerships. This promised to deliver enhanced cyber security offerings and technologies to protect Sweden’s critical communications networks and IT infrastructure against a backdrop of heightened geopolitical tensions.

“We are being exposed to bigger and more sophisticated cyber attacks that not only target state departments, but that are increasingly directed against banks and bank identification systems,” he said. “Since joining Nato in 2024, Sweden faces a more dangerous reality with new forms of cyber threats.”

For government decision-makers and bank chiefs, the highly disruptive cyber attacks in May served to escalate concerns about vulnerabilities in Sweden’s privately and publicly operated IT networks, and underscore the growing threat to critical infrastructure in one of the world’s most connected nations. Close to 95% of households in Sweden have internet access.

The amplified risk factors to IT network security, posed by bad actors in the cyber realm, has resulted in the Riksbank adopting a sharper and more proactive approach to pursuing partnerships with the finance sector to identify added-value defence services.

Competition launch

The Riksbank will launch its second Online Cybersecurity Challenge Summit (OCCS) competition on 23 October 2025, an event that sets out to encourage small and large actors in the country’s finance sector to practice and improve their competence in dealing with cyber threats.

The Riksbank’s cyber security competition event, which is organised online, involves Capture the Flag missions requiring participating IT professionals to play the roles of defenders and hackers in a bid to solve a broad range of different problems and challenges. The OCCS is open to participation by banks, insurers, finance industry regulators and companies operating in the financial infrastructure services sphere.

The need for Sweden’s banks and finance institutions to intensify cooperation with primary national security agencies has increased in direct response to the escalating nature of malicious threats from bad actors in the cyber domain, said Johan Torgeby, the chief executive of Svenska Enskilda Banken (SEB), Sweden’s largest commercial bank.

“As an industry, there is a greater need on the part of finance groups and non-finance sector companies in general to invest more, on an exponential basis, to boost cyber security capabilities,” said Torgeby, who is also chairman of Finance Sweden, the central organisation for banks and insurers. “We must develop optimum solutions to protect ourselves from cyber attacks both as organisations and a sovereign country.”

Deep dive

In its annual Threat assessment of banks in Sweden report, published in May 2025, Finance Sweden conducted a deep dive to analyse the nature of new and existing information security and cyber security threats.

For its part, Finance Sweden has urged the Riksbank to implement proposals contained in an investigative study conducted by the central bank in 2024–25, which deals with omnipresent threats emanating from domestic and foreign bad actors targeting critical IT infrastructure in Sweden.

Riksbank’s investigative study, A new function for crisis management in the event of serious operational disruptions in the financial sector’s digital infrastructure, will be used by Finance Sweden as a template to drive an action plan. This will serve to define the roles and responsibilities underpinning a long-term collaboration between finance institutions and the frontline national security agencies.

Specifically, Finance Sweden wants the Riksbank to help establish efficient working protocols and management functions in organisations that may be faced with having to deal with cyber threat situations.

The protocols sought by the finance sector from the Riksbank are regarded as providing important signposts to enable organisations to effectively employ crisis management functions that can interact seamlessly with frontline state security agencies such as the National Cyber Security Center, CERT-SE, Sweden’s computer security incident response team (CSIRT) and the National Defence Radio Establishment (Försvarets Radioanstalt/NDRE).

Operating alongside the NCSC and the Swedish Armed Forces-controlled NDRE, CSIRT is tasked with supporting government and societal efforts to both manage, mitigate and prevent large-scale IT security incidents and cyber attacks targeting private and public organisations by prioritising protective resources to essential services and critical infrastructure.

CSIRT has been increasingly active as an advisor to banking and non-finance sector actors since 2024, helping enterprises to address and resolve identified weaknesses in their IT networks.

The agency is providing low-cost solutions to enterprises that are deemed vulnerable to attacks by opportunistic bad actors in the cyber space looking to gain advantage from inadequate and standard software utilised by some businesses. Risk factors include low-performance file transfer software and the use of virtual private networks that expose the computer networks of vulnerable enterprises to certain types of exploitation by bad actors, including data leaks, malware intrusions and man-in-the-middle attacks. 

In building stronger cyber security bonds with state frontline agencies, Finance Sweden is advocating for the Riksbank, in consort with NCSC, CERT-SE and NDRE, to establish specific measures to support operators of societally important finance activities in the event of DDoS, ransomware and other major cyber attacks. 

Additionally, finance industry chiefs want a legislative response from the Swedish government to enact and include the new crime of data interference into the criminal code. Under existing laws, DDoS attacks are covered by the crime of hacking even in instances where the integrity of individual computer systems are not breached.

The finance industry is currently lobbying government to have the scope of the so-called Hackers Act and Criminal Code expanded to incorporate temporary disruption and sustained attack events involving actual penetration of IT networks, in addition to cyber crime incidents where computer systems are attacked but not breached.

Strategic collaborations between private and public sectors in Sweden will continue to multiply in the face of significantly more targeted cyber attacks against IT infrastructure, said Måns Jonasson, a senior digital and internet technologies expert with the Internet Foundation.

“Where previously it was mainly individual municipalities that were affected by random incidents, nowadays it’s important institutions that are coming under attack,” he said. “The nature of some recent attacks suggests a coordinated attempt to either destabilise or to test the resilience of Sweden’s digital infrastructure.”