Only about one in six Finnish organisations can continue their operations unchanged or almost unchanged in various disruption situations.
The figure is alarmingly low, as the situational awareness of the ongoing deterioration in the operational and security environment has been clear for a long time. Next February will be four years since Russia's war of aggression against Ukraine began.
At the same time as the global political turmoil, society is digitising at an accelerating pace, which forces companies and organisations to pay attention to the security of IT and digital environments.
Digia's recent survey on the current state and impacts of digital security (in Finnish) shows that there is still much work to be done in this area.
The pressure does not only come from the situation in Ukraine. The risks associated with cybersecurity and hybrid influencing are also increasing as private criminal groups and states adopt new methods. In addition, Israel's invasion of Gaza, Trump's customs policy and conflicts within the European Union make the business environment unprecedentedly difficult.
The McKinsey Uncertainty Index confirms the feeling of being drawn from crisis to crisis: the time between the peaks of uncertainty has shortened from the 11 years of the 1990s by two years at a time, so now the interval is only five years. In addition, each peak is higher than the previous one.
"Nor does it seem that the uncertainty about this will ease. You could say that this is pretty much a permanent space in which the operations of organisations need to be planned," says Digia's CEO Timo Levoranta.
Digia's survey reveals the main concerns and the digital security landscape for Finnish companies.
The overall picture is chilling: 97 per cent of the respondents say that the changed operating and security environment has affected the organisation's operational activities. As many as 22 per cent of the respondents feel the impact is significant.
Although the Finnish economy has not grown for almost 20 years, the economic situation is not the most common issue affecting company operations. When asked what factors have affected the organisation's operations, 93 per cent of the respondents mentioned information and cybersecurity threats. The general economic situation was mentioned by 78 per cent of the respondents, and the geopolitical situation by 69 per cent of the respondents.
Of the sectors, the public administration and the financial industry in particular mentioned cyber threats. The technology sectors, on the other hand, emphasised the economic situation.
In general, the operating environment of the organisations included in the survey has changed negatively in recent years: 84 per cent of the respondents say that security threats have increased. This means many disruptions and threats every year among Finnish companies and organisations.
97% of the respondents say that the changed operating and security environment has affected the organisation's operational activities.
According to Harri Suni, Vice President of Digia's Defence & Security Unit, the number of threats has "exploded" in recent years.
"Our digital security of supply and resilience are being tested hard in the information environment. In particular, state actors have increased their operations, such as Russia, China, and North Korea. We have information about proxy groups acting on behalf of these countries, whether it is intrusion into government information networks, industrial espionage or denial-of-service attacks in the financial sector," Suni describes.
Although companies have their work cut out for them in their security practices, there are also bright spots.
In a generally safe and stable country like Finland, threats are mainly digital, so preventing them is also digital. In the survey, 92 per cent of the respondents said that their organisation had renewed its information systems, and a quarter of the respondents mentioned that the investments had been significant.
Similarly, the use of new technologies such as artificial intelligence, 5G and other latest network technologies, blockchain, and so on to increase security is widespread: 92 per cent of respondents said their organisation utilises them at all, and 18 per cent even significantly. In particular, companies in the technology sector are eager to use the latest tools.
In this situation, it should be possible to finance the acquisition of new technologies and safety-related research, development and innovation.
On the other hand, the public sector is investing less than average in new technology, which worries security professionals.
"It is precisely in this situation that financing the acquisition of new technologies and safety-related research, development, and innovations should be possible. For example, opponents use artificial intelligence in their attacks. How do you defend yourself without investing in expertise and technologies?" Harri Suni asks.
Another primary concern is data security. Most respondents say their key data can only be partially utilised in a disruption situation.
"Data is the second most important asset for a company, right after people. Most companies' data is stored in the data centres of multinational giants worldwide. Whether it is the most sensible thing to do in terms of the continuity of operations and security of supply, you can think about it," Suni says.
In general, Suni calls for Finnish organisations to improve resilience. A good situational picture, continuous training, and investments in safety will inevitably increase the number of companies whose operational capacity is maintained despite disruptions.
At the same time, Finnish society's comprehensive security will be strengthened, and its ability to succeed in a constantly changing world will be further developed.
Read more about how the changed operating and security environment affects Finnish organisations and society.
Read more: Huge potential in new technologies – "You should invest in digital security before you have to" >>