“We must all take responsibility for Norway’s critical infrastructure” – DNV Cyber research finds responsibility gaps in national cyber resilience

On Friday 6 February, the Norwegian authorities will present their threat assessments for 2026, with E-tjenesten, PST, and NSM providing analysis of trends relevant to Norwegian security.

“The discussion following the government threat reports should rightly consider the cyber threats we face and our preparedness, but it’s time we also discussed who exactly is responsible for managing these risks and what role we each should play,” says Arve Johan Kalleklev, Operations Director at DNV Cyber.

DNV Cyber’s upcoming report How Cyber Resilient is Norway? finds that among Norwegian executives working in sectors considered critical by the EU, over half (52%) say that leaders in their organization see resilience of critical infrastructure as someone else's responsibility. A third (32%) are not even clear on whether their organization is involved in critical infrastructure.

At the same time, trust in Government to manage cyber threats is high, as seven in ten executives (69%) believe authorities are handling the digital risk to critical infrastructure sufficiently. There is support for further Government action, as six in ten executives (60%) back stricter cybersecurity regulation, while many (63%) believe it is necessary to impose politically sensitive measures affecting the public (such as greater surveillance of public data). Support is similarly strong among the public as two thirds of Norwegian citizens (64%) believe authorities should have more powers to stop cyber-attacks, even if this means breaching consumer privacy.

Confidence in government is positive, but it can also lead to a false sense of security and present gaps in responsibility, according to DNV Cyber.

“The Government can set expectations, enforce accountability, share intelligence, encourage cooperation, and build public awareness, but they cannot directly secure infrastructure they do not own,” says Kalleklev. “Cyber resilience depends on how well businesses, the public, and authorities each understand and fulfil their role in an interconnected system. We must all take responsibility for Norway’s critical infrastructure.”

The Government recognizes the need to mobilize the private sector in its Total Preparedness report (Totalberedskapsmeldingen).

Norwegian citizens, for their part, are most likely among Nordic citizens to believe that they can personally contribute to securing critical infrastructure, but this still leaves four in ten Norwegian citizens (39%) believing they don’t have a role to play. The public also holds misconceptions about what an attack on critical infrastructure would entail. Most (67%) believe companies can fully restore their systems within a few hours of a major cyber-attack, when the reality could be weeks or months. More than half (56%) of the public say that cyber-attacks can be prevented by organizations installing the correct software.

DNV Cyber’s report ‘How cyber resilient is Norway?’ will be published on Tuesday 10 February. It explores threats to Norway’s critical infrastructure, assesses national preparedness to manage cyber risk, and offers recommendations for businesses and government to strengthen national cyber resilience.

The report draws on a survey of 200 executives working within critical infrastructure and 500 members of the Norwegian public, as well commentary from in-depth interviews with cyber leaders.

How cyber resilient is Norway? – About the research

The report How cyber resilient is Norway? is part of DNV Cyber’s Nordic Cyber Resilience research exploring the state of national cyber resilience in Norway, Sweden, Finland, and Denmark. The research covers sentiment and priorities among key actors and the public, addresses the threat landscape, and evaluates the preparedness of critical infrastructure organizations to manage cyber risk – including providing recommendations to strengthen cyber resilience.

DNV Cyber will publish dedicated reports for Norway, Sweden, Finland, and Denmark. This builds on DNV Cyber’s influential Cyber Priority research exploring the state of cybersecurity in energy and maritime industries globally.

About the survey

The survey was conducted by FT Longitude on behalf of DNV Cyber between 6 November and 11 December 2025. A total of 2000 members of the public, 500 per country, completed a web-based survey across Norway, Sweden, Finland, and Denmark. Some 800 executives working in critical infrastructure organizations, 200 per country, also completed the survey.

Respondents were recruited via proprietary market research panels and had double opted in to participate. A quota sampling methodology was used to ensure that the sample reflected relevant population proportions in terms of age and gender.

About DNV Cyber  

DNV Cyber is a leading cybersecurity services provider empowering businesses with complex needs to become safer and more resilient. With a global team of more than 500 experts and 30 years of IT and operational technology security experience, DNV Cyber safeguards what is critical – enabling businesses to thrive.

About DNV 

DNV is an independent assurance and risk management provider, operating in more than 100 countries. Through its broad experience and deep expertise, DNV advances safety and sustainable performance, sets industry standards, and inspires and invents solutions.