1. Home
  2. /
  3. Kunskapsbank
  4. /
  5. Status report: Digitisation, threats and opportunities in the public sector

Status report: Digitisation, threats and opportunities in the public sector

The public sector faces a double pressure: an escalating threat landscape and shrinking resources. But there is also a positive driving force: the opportunity to make a difference for people. In this current situation analysis, we review how municipalities and regions can balance security, regulations and innovation, and why management must take ownership of the issue.

Cyber threats and strained finances: External pressure on the public sector

The geopolitical situation has fundamentally changed the digital conditions. State actors and criminal networks are targeting critical societal infrastructure, with municipalities and regions in the line of fire. SÄPO, MCF and FRA report increased incidents and threat actors mapping Swedish networks for future attacks.

At the same time, the economy is under pressure. Inflation and tighter budgets create a need for efficiencies. This creates a dual pressure: the need to invest in security, which costs money, alongside the mandate to streamline in order to save. The promise of digitalisation remains, but resources are shrinking.

If the external driving force is about threats and economy, then the internal driving force is considerably more positive: The desire to create better conditions for the inhabitants.

The expectations of residents drive digitalisation

If the external driver concerns threats and economics, the internal driver is considerably brighter: The desire to create better conditions for the residents, and expectations are high. The public administration's e-services will be compared to the banking app and travel booking.

The systems must be fast, smooth and available around the clock; anything else will create frustration and erode trust. A developed digital workplace is also a prerequisite for employees to be able to deliver that service. This should influence your IT investments.

NIS2, the AI Regulation and the Data Act: Regulations that show the way

In this complex reality, several new frameworks have emerged. Used correctly, they give your business a clear structure to strengthen security and navigate a changing threat landscape. What they have in common is that they move the responsibility from the IT department into the boardroom:

  • NIS2. Stricter requirements for cybersecurity and incident reporting, with formal managerial responsibility.

  • The AI Regulation. Regulates AI based on risk level, with special requirements for the public sector.

  • Data Act. Counters lock-in and gives you tools to retain control over your data.

  • DOS Act. Requires digital services to be accessible to all.

The system must be fast, smooth and available around the clock, anything else will create frustration and eroded trust.

How to build a secure digital foundation in public sector

How do you avoid getting stuck in complicated regulations? Which parts must be secured and standardised, and where can we speed up?

Certain areas require a strict, standardised approach. Regulations must be followed, standards must be used, and security must be prioritised even when it takes longer and costs more. These include:

  • Identity and access. Secure authentication and clear role and permission management ensure legal certainty and traceability.

  • Protection of systems and information. Standardised network architecture, segmentation and technical protection measures reduce the attack surface and strengthen resilience.

  • Data protection and information management. Classification, correct storage, encryption and controlled access to sensitive data.

  • Vulnerability and monitoring. Logging and monitoring that make it possible to detect deviations and demonstrate compliance during supervision.

  • Continuity and robustness. Recovery plans as well as tested backup and redundancy so that essential public services can be maintained during incidents.

  • Availability and operational reliability. Compliance with accessibility requirements and stable operation that meets the needs of the organisation and citizens.Secure foundation enables digital innovation

Secure foundation enables digital innovation

With a stable foundation in place, you can begin exploring new solutions in the form of innovative digital services, pilot projects in AI, and other innovative ways to meet the needs of residents. The risk becomes lower when the foundation is secure and any failures become lessons, not catastrophes.

Therefore, management must own the digital risk

Every digital initiative involves trade-offs. Speed versus security, innovation versus stability, cost versus value. It is management that must own these trade-offs. It can no longer be delegated to an IT manager; it must be part of how the organisation is governed. With NIS2 and other regulations, the responsibility for cybersecurity, availability, and risk management has formally moved into the boardroom.

Digital risk should be treated as financial risk, with regular follow-ups, clear ownership, and resources to act. Management teams that integrate this into their regular governance are better prepared when it really matters.

Read more in our report on digitalisation in the public sector

5 common questions and answers about digitalisation in the public sector

  • What are the biggest digital threats to the public sector in Sweden?
    State actors and criminal networks target critical societal infrastructure through ransomware, data theft and disinformation campaigns. SÄPO, MCF and FRA confirm that threat actors are actively mapping Swedish networks. Municipalities and regions are particularly vulnerable since they are responsible for essential public services.
  • What does NIS2 mean for municipalities and regions?
    NIS2, which becomes Swedish law through the Cybersecurity Act, tightens requirements for cybersecurity and incident reporting. Management receives formal legal responsibility for compliance, meaning that cybersecurity is no longer just an IT issue but a management issue.
  • How can the public sector digitalise with a shrinking budget?
    By first securing and standardising the basics: identity, access, data protection and continuity, and then building innovation on top. This reduces the risk of costly incidents and creates conditions for efficiency improvements and innovative AI solutions.
  • Which regulations currently have the greatest impact on digitalisation in the public sector?
    NIS2 (cybersecurity and management responsibility), the AI Regulation (requirements for transparency in AI use), the Data Act (counteracts vendor lock-in) and the DOS Act for digital accessibility are the most central. Together, they shift responsibility from the IT department to the boardroom.
  • Why must management own the digital risk in the public sector?
    New regulations like NIS2 impose formal requirements on management's responsibility for cybersecurity. Digital risks can lead to interruptions in essential public services and directly affect residents. By treating digital risk as financial risk, with monitoring, ownership and resources, the organisation is better equipped.
Get in touch and we'll tell you more about how you can strengthen your protection

Status report: Digitisation, threats and opportunities in the public sector

Download blog text

This is how Nordlo processes your personal data and uses cookie-like technology

We at Nordlo Group AB will process the information you provide to respond to your request and to provide marketing information. We also use the information to identify your interests to tailor our communication to suit you.

When we send you newsletters, we also use cookies and personal data to improve our e-mails. We do this by analyzing information about your IP-address and information about interactions with our newsletters.

By clicking “send”, you consent to our processing of your personal data for the above purposes. Giving your consent is always voluntary, and you can withdraw your consent at any time by contacting us at info@nordlo.com. You as well have several other rights, e.g. the right to obtain access to the personal data we are processing about you and the right to object to the tailoring of our communication.

Read more in our privacy policy and our cookie policy.

This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form
Show link (Admin)*
En person i grå hoodie ler medan hen tittar på en mobiltelefon utomhus.

Subscribe to our newsletter!

Så behandlar Nordlo dina personuppgifter och använder cookieliknande teknik

Vi på Nordlo Group AB kommer att behandla den information du tillhandahåller för att svara på din förfrågan och för att tillhandahålla marknadsföringsinformation. Vi använder också informationen för att identifiera dina intressen för att anpassa vår kommunikation till dig.

När vi skickar nyhetsbrev använder vi även cookies och personuppgifter för att förbättra våra epostmeddelanden. Vi gör detta genom att analysera information om din IP-adress och information om interaktioner med våra nyhetsbrev.

Genom att klicka på "skicka" samtycker du till vår behandling av dina personuppgifter för ovanstående ändamål. Att ge ditt samtycke är alltid frivilligt, och du kan när som helst återkalla ditt samtycke genom att kontakta oss på info@nordlo.com. Du har även flera andra rättigheter, t.ex. rätten att få tillgång till de personuppgifter vi behandlar om dig och rätten att invända mot anpassningen av vår kommunikation.

Läs mer i vår integritetspolicy och vår cookiepolicy.

Related articles

Blog
Public sector
Cloud and infrastructure
Digital business development

AI in the public sector: How to get started safely and legally

Read more
Blog
Public sector
Security

Guide for the public sector: What is the minimum level according to the Cybersecurity Act and how do you get there?

Read more
All knowledge posts

This website uses cookies and personal data

When you visit https://nordlo.com, we at Nordlo Group AB use cookies and your personal data. Some cookies and some processing of personal data are necessary, while you choose whether to consent to others. You make your choice below. Your consent is entirely voluntary.

You have certain rights, such as the right to withdraw your consent and the right to lodge a complaint with a supervisory authority. Read more in our cookie policy and our privacy policy.

Manage your cookie-settings

Cookies and personal data that we use for analysis

Check to consent to the use of Cookies and personal data that we use for analysis

To analyse how you use our website, we use cookies from Google and HubSpot's analytics service. We also process your personal data, e.g. your encrypted IP address, your geographical location and other information about how you use the website. 

Cookies and personal data that we use for marketing

Check to consent to the use of Cookies and personal data that we use for marketing

We use cookies and your personal data to display relevant marketing and to follow up on such marketing when you visit other websites or social media. We do this with the aid of Google, Facebook, HubSpot and LinkedIn. The personal data that we process for marketing purposes include your IP address, information about how you use the website and information that these services already have about you.  

Ad measurement user cookies

Check to consent to the use of Ad measurement user cookies
In order to show relevant ads we place cookies to tailor ads for you

Personalized ads cookies

Check to consent to the use of Personalized ads cookies
To show relevant and personal ads we place cookies to provide unique offers that are tailored to your user data