First and foremost, we need to increase our awareness regarding the content of our systems and networks. Security is not only about developing technical solutions, but understanding – from a broader perspective – which information is critical to companies and what is important to protect. This also applies to hospitals, schools and all organisations that handle sensitive information.
Marcus Wallenberg, Board Chair in Saab and SEB
What impact is development within Cyber Security having on major Swedish industrial companies?
It impacts us all. Regardless of whether you run a business in the clothing industry or oversee a power plant, huge volumes of sensitive data are transferred between parties. This is especially true for international collaborations. This is becoming increasingly apparent to hi-tech companies like Saab and the banks, as the banking system is integral to the lifeblood of the economy. Here, it is imperative that secure solutions are in place for the global transfer of information.
How high up on the agenda are security issues in the boardroom if they are so important?
At present, it's not as if everyone in the boardroom is highly conversant in these matters. You can't really expect this. Individual board members may, of course, be very knowledgeable, but even if security issues are on the agenda, they are never discussed in detail at board meetings. This means it is paramount that company leadership clearly comprehends these issues and how they affect the company.
Does that mean a CEO appointment can be contingent on knowledge of security and risk management?
No, I find that hard to believe, unless the company itself works within the area. Then again, the duties of a CEO include ensuring that services, products and technologies are adequately protected. These security issues need to be considered within a larger context. They are one aspect of the total risk management carried out within the company.
Will companies need to adapt their strategies according to future threats?
All companies are, in one way or another, affected by digitalisation and increased security threats, but not to such an extent that long-term strategies will need to be amended. However, this is not the case for conducting operations or information handling in networks and systems. That's why I think that step one for every company should be to understand the types of threats and risks to which they are exposed.