Dagens industri: Swedish Firms Face Cybersecurity Certificate & Leadership Risks

Swedish companies face significant cybersecurity challenges stemming from evolving digital certificate requirements and internal leadership gaps. Experts caution that neglecting these issues could result in operational disruptions and increased security vulnerabilities. Fredrik Nilsson, Head of Client Team at Dotkeeper, highlights upcoming changes to digital certificate validity periods mandated by the CA/Browser Forum. These periods will decrease from the current 398 days to 200 days in 2026, 100 days in 2027, and ultimately 47 days by 2029. Nilsson emphasizes the unsustainability of manual renewal processes under these new constraints, urging organizations to proactively map all public certificates, identify manual dependencies, and implement automated management solutions. Complementing these technical concerns, Thomas Öberg, Principal Architect Cybersecurity at itm8, observes a prevalent lack of dedicated Chief Information Security Officers (CISOs) within many medium-sized Swedish companies. This deficiency often delegates cybersecurity responsibilities to already overburdened executives, such as CIOs, CFOs, or CEOs, who may lack specialized expertise. Öberg warns that this ambiguity creates significant risk, as any revenue-generating company is a potential target for cyberattacks. Öberg further emphasizes the growing external pressures from regulations like NIS2, coupled with increasing demands from investors and insurance providers, which underscore the vital need for robust cybersecurity leadership. He advises companies to prioritize fundamental security measures, beginning with comprehensive risk analysis to identify and protect critical assets, rather than striving for an unattainable "perfect solution."