<<ALMEDALEN 2025 >> As digital threats continue to grow, cybersecurity is no longer just an IT issue – it is a strategic leadership responsibility. In a panel discussion on cybersecure leadership, experts explored how companies can prepare for an increasingly uncertain future, where technology, legal frameworks, and organizational culture must work hand in hand.
This panel discussion and the conversation explored what this new kind of leadership entails, and what CEOs, managers, and boards need to understand and do in today’s data economy to achieve data sovereignty and an acceptable level of cybersecurity, both in normal conditions and under heightened alert or wartime.
Our CEO, Anders G. Nilsson joined the panel discussion together with Petra Klein, Group CSO and Head of Group Security, Swedbank, Christina Wainikka, Associate Professor of Civil Law and Policy Expert in Intellectual Property, Confederation of Swedish Enterprise and Kåre Nordström, CEO, Orange Cyberdefense. Johanna Parikka Altenstedt, Moderator, Cyber Lawyer, Cybernode/RISE moderated the discussion.
Cybersecurity Starts at the Top
Petra Klein, Head of Group Security at Swedbank, leads a wide-ranging effort to build a security culture within an organization of over 17,000 employees.
She emphasized that cybersecurity must be anchored in leadership:
“Security has to start at the top. It is about building trust and a willingness to defend what we’ve built,” said Petra Klein.
Petra Klein works bravely with revolutionary ways of creating a strong security culture at Swedbank. Among other things she made sure to introduce Cyber Threat Hunters – experts actively searching for threats – and conducts red team exercises to stress-test the organization’s resilience. Klein highlighted the importance of addressing social engineering. She brought in Helena Malm contributing insights into human vulnerabilities.
“Communication is key. “
But, how do you get a message across to 17,000 people?
“Among other things, we work with simple, powerful one-liners that everyone can understand. ‘Everyone is responsible for security’ is one example.”
Gamification Reaches the Boardroom
Petra Klein further shared how Swedbank communicates with executive leadership and the board about cyber risks.
“We regularly report on the top five threats, with clear messages and indicators. It has to be understandable for businesspeople.”
Swedbank uses Game of Threats, a tool based on gamification – making learning interactive and engaging:
“When security becomes fun, we get much further.”
Culture, Contracts, and Business Value
Christina Wainikka, policy expert in intellectual property at the Confederation of Swedish Enterprise (Svenska Teknikföretagen), stressed the importance of thinking strategically about intangible assets – and recognizing security as a business issue.
“Trade secrets often hold the company together. Legislation requires a proactive approach – such as robust confidentiality agreements. Technology, law, and human factors – it is a three-legged stool.”
She used the Japanese concept of kintsugi – repairing broken pottery with gold – as a metaphor for how companies should view their asset protection:
“When something breaks, it should not just be fixed – the repair should highlight the strength of taking care of it!”
Small Companies, Big Challenges
Anders G Nilsson, CEO of Ideon Science Park, pointed out that smaller companies are especially vulnerable. They often have limited resources, yet are highly affected by incidents. Laying the right foundation early is critical.
“Many small businesses have between three and thirty employees. They need to know what to focus on – have a strategy, and be clear about what they need to protect, which is already a great step forward.”
One proposed solution: pooling resources and creating shared structures.
There is a real opportunity to rethink cybersecurity collaboration for small and medium-sized enterprises (SMEs).
“Security is a team sport. We help smaller companies access the right expertise, even with limited resources.” Among other things, Ideon Science Park works together with IUC and Region Skåne as well as within Sweden Secure Tech Hub, to support small companies becoming more resilient when it comes to cyber security.
From Risk to Competitive Advantage
Anders also emphasized that cybersecurity should not just be seen as a cost – it can be a competitive advantage.
“We live in an uncertain world. Having control over your vulnerabilities – and knowing what you want to protect – isn’t just about risk management. It builds trust.”
Companies need to be trained in having strategic discussions about cybersecurity, and supported in building follow-up and governance processes.
To conclude, Cybersecure Leadership: From Technology to Culture:
Cybersecurity leadership is not just about technical acumen, it is about strategic foresight, cultural influence, legal insight, and ethical responsibility. In today’s data-driven economy and volatile threat landscape, strong leadership is not optional, it is a cornerstone of resilience and trust.
