Northern Europe: A resilience case study

Foreword: Jake and Stathis lead resilience efforts at Nordic Cyber Group (NCG). In this article they examine the state of risk and resilience in Northern Europe, focusing on current and future threats in the region.
The risk landscape over the medium term
In the short term, Northern Europe faces several resilience threats. Geopolitical tensions, particularly with Russia, continue to pose significant risks as the region is experiencing increased interference with critical infrastructure (including cyberattacks and potential sabotage) and increasing energy prices. So too are the ongoing impacts of climate change, such as extreme weather events, straining resources and infrastructure. For example, data centres in Europe are facing the risk of disruptions from extreme weather events, including extreme heat.
The rise of advanced cyber threats, including ransomware and AI-enhanced phishing attacks, further complicates security. AI-enhanced phishing attacks use generative AI to create very personalised and realistic emails, SMS messages, phone calls or social media outreach to deceive targets. An example is the Gmail AI phishing attack in 2024, where hackers used AI to create hyper realistic emails and phone calls, tricking users into revealing their credentials.
Supply chain resilience has also been under a stress test in Northern Europe during the past few years as the pandemic, raw materials shortages, geopolitical tensions, the Ukraine war, and rising shipping costs have all significantly affected EU production lines and their supply chains. This trend is expected to continue with the recent developments in US and the imposed tariffs on imports by the Trump presidency. As a result, the need for enhanced supply chain resilience strategies will continue to rise where organizations update their third-party risk management, diversify suppliers, increase their inventories and invest in the digital transformation of their supply chains.
Long term threats to Northern Europe
Looking further ahead, the long-term resilience threats in Northern Europe include continuous geopolitical instability, the advancement of cyber threats, climate change, and the increased shift toward cloud computing.
Geopolitical instability in Northern Europe is influenced by several factors. The ongoing conflict in Ukraine has significantly altered the dynamics of the region, leading to increased military activities and funding by EU. The potential for further Russian aggression remains a critical concern, especially for Baltic states and other neighbouring countries. Political instability within key European nations, such as Germany and France, could also affect the EU’s ability to respond effectively to external threats.
Cyber warfare related incidents, such as the use of computer technology to disrupt activities of a state or organization, especially through deliberate attacks on information systems for strategic or military purposes, are expected to increase with the integration of AI. A recent example of the utilization of AI in cyber warfare is the cyber-attack on Kazakh diplomatic entities on January 2025. Suspected Russian hackers used AI-driven spear phishing techniques to embed malicious code within diplomatic documents. This attack aimed to conduct cyber espionage by stealing sensitive information and disrupting diplomatic operations.
The increased shift towards cloud computing also poses long-term threats. The reliance on a few large cloud service providers (CSPs) for data storage and management introduces risks such as data breaches and loss, potential downtime, decreased recovery capabilities and insufficient access management.
Climate change will continue to reveal environmental and infrastructural vulnerabilities which will require organizations to be able to adapt swiftly. For example, melting glacier and rising sea levels can lead to significant changes in territory and border management alongside the refinement of maritime routes, further complicating global supply chains and geopolitical stability.
Artificial Intelligence and cybersecurity: a northern European perspective
AI is influencing cybersecurity in multiple ways and the key areas where it makes a significant impact are the following:
- Compliance: AI enhances regulatory compliance by automating the monitoring, reporting, risk and management processes. AI-driven systems can analyse large datasets to ensure adherence to regulations by evaluating the appropriate control implementation, identifying non-conformities and risks alongside their corrective actions, detect patterns and predict potential compliance breaches
- Identity security: AI improves identity and access management (IAM) by continuously monitoring user behaviour and access patterns. Additionally, AI can detect anomalies such as unusual login times or locations, flagging potential security breaches
- Financial crime prevention and fraud detection: AI can reduce financial crime incidents like money laundering and fraud as AI-powered systems can analyse transaction patterns in real-time to identify suspicious activities, reducing false positives and improve accuracy. AI models provide increased adaptability to new fraud patterns, reducing the time and effort required to detect and respond against them
- Threat and anomaly detection: AI enhances the detection of threats and anomalies by analysing network traffic and user behaviour. Machine learning algorithms can identify unusual patterns that may indicate a cyberattack, allowing for quicker and more effective response
- Vulnerability management: AI-driven vulnerability management automates detection, prioritisation, and remediation processes. For instance, NVIDIA’s Agent Morpheus is a tool based on AI that is designed to scan for vulnerabilities and create an actionable task list for security analysts
- Incident response: AI-powered incident response automates threat detection, analysis and mitigation. AI systems can analyse quickly large datasets, detect real-time patterns and automate incident triage resulting in significantly reduced response times and allowing human analysts to focus on more complex tasks.
High-risk sectors and escalating threats
Certain sectors in NE are more vulnerable to cybercrime. The financial sector, due to its high-value targets, faces frequent attacks, including phishing, ransomware and data breaches. For instance, from January 2023 to June 2024, the EU financial sector faced significant cyber challenges, with increased incidents of data breaches and ransomware attacks according to ENISA’s analysis on threat landscape for the financial sector.
The healthcare sector is also at risk, with cyberattacks potentially disrupting critical services and compromising sensitive patient data. In 2023, ransomware attacks surged across EU healthcare organizations, with 66% of healthcare entities reporting such incidents. These attacks often led to significant disruptions in hospital operations and breaches of sensitive data.
The energy sector, given its critical importance, is also a prime target for nation-state actors and cybercriminals. Since Russia’s invasion of Ukraine, cyberattacks against Europe’s grid have increased significantly with thousands of incidents reported. These attacks have targeted critical infrastructure, causing disruptions and highlighting the need for enhanced cybersecurity measures.
We have also observed these trends firsthand across organizations operating critical infrastructure, as the demand for our financial crime, fraud prevention, and resilience services have risen significantly.
Compliance as a strategic advantage: thriving amid Europe’s resilience mandates
The introduction of the NIS 2 Directive alongside other EU regulations such as the Digital Operational Resilience Act (DORA), Cyber Resilience Act (CRA) and the Critical Entities Resilience (CER) Directive, has impacted our organization and our clients respectively. These regulations aim to improve the resilience of critical infrastructure and ensure uplifted cybersecurity practices across multiple sectors. Common requirements across these regulations include enhanced risk management, mandatory incident reporting and strict security measures for third party providers.
As a result, there has been growing interest in practical tools and approaches to support compliance with evolving regulations and standards such as DORA, CRA, CER, NIS 2, ISO 27001, and ISO 22301. Organizations are increasingly seeking ways to assess their current posture and address regulatory requirements efficiently. Drawing on experience with these frameworks, we have developed methods and tools to support structured assessments and provide guidance aligned with the specific needs and operational context of different sectors, strengthening resilience in a fast-changing regulatory environment.
Enhancing resilience: trends and innovation across northern Europe
The resilience field in Northern Europe has evolved considerably in recent years as there is a growing emphasis on civil preparedness, with countries like Sweden and Finland enhancing their crisis readiness programs.
The utilization of digital technologies and AI in resilience planning has also increased, enabling more effective plan creation, testing, threat detection and incident response. Innovative tools such as Digital Twins, Taskade’s BCP Flowchart Generator, Fusion Framework System and AI-driven predictive analytics are only some examples of the vast toolkit being utilised by organizations.
Various sectors, including finance, healthcare, energy, transportation and telecommunications have been working together to address shared vulnerabilities, enhance collective security and infrastructure resilience. For instance, joint efforts between the transportation and telecommunications sector focus on securing critical communication networks and ensuring the continuity of transportation services during crises. The European Union Agency for Cybersecurity (ENISA) has also played a crucial role in fostering collaboration through initiatives like the DORA forums where the European Supervisory Authorities (ESAs) have active role.
About Nordic Cyber Group AB

At NCG, they are dedicated to safeguarding businesses from the ever-evolving landscape of cybersecurity threats. Today, NCG serve clients across the globe, providing expert guidance and solutions to help them stay ahead of evolving cyber threats. Their team of experts have years of experience in the field of cybersecurity, holding relevant cyber and solution-specific certifications. NCG work with businesses of all sizes, from startups to large corporations, and across various industries to provide customized solutions that meet their unique needs. They understand that every business is different, and that’s why we take a personalized approach to each of our clients.
Authors of this article, Jake Basile and Stathis Psyllakis, are resilience leaders at Nordic Cyber Group (NCG), a specialist cybersecurity firm dedicated to enhancing the resilience of organizations across Northern Europe.
With extensive experience in cybersecurity, business continuity and disaster recovery, they have been instrumental in developing innovative solutions to address new and upcoming threats towards various sectors. NCG's partnership with the BCI has provided valuable insights and resources, enabling the company to stay at the forefront of resilience practices and thought leadership throughout Europe. Their BCI membership has facilitated knowledge sharing and collaboration with industry experts, further strengthening their commitment to building a resilient future.