Finns appear more willing than other Nordic citizens to accept limits on digital convenience – and even slow down technological development – if it strengthens national security, according to new research from DNV Cyber.

Six in ten (61%) Finnish citizens say they would accept measures such as government access to personal data or restrictions on mobile connectivity if it helped prevent or stop cyber-attacks on their country’s critical infrastructure. At the same time, almost half (47%) of Finland’s critical infrastructure executives say they would support slowing or halting further digitalization of essential systems if it reduced cyber risk.

Hardening attitudes towards the risk of digital connectivity comes amid growing exposure of Finland’s critical services to cyber-attacks. Two-thirds (65%) of critical infrastructure executives say that the number of breaches attempted on their business has increased in the last year. Only 13% say they are very well prepared to defend against hackers using AI to make their attacks more sophisticated. Critical infrastructure industries include energy, transportation, water, healthcare, financial services, and other systems vital for society, the economy, and national security.

Finland’s seeming wiliness to put the brakes on digital convenience stems from a decades-old culture of prioritizing national security. The country is recognized for its Comprehensive Security Model – a concept whereby a society’s vital functions are safeguarded in all circumstances through coordinated responsibility shared by government, businesses, organizations, and citizens. 
DNV Cyber’s research suggests that digital transformation is putting the Comprehensive Security Model under strain. More than half (55%) of critical infrastructure executives say that leaders in their organization see the resilience of critical infrastructure as someone else’s responsibility.

Additionally, 44% of Finns do not think members of the public are responsible for the cyber resilience of the nation’s critical infrastructure, and a similar share believe individuals can do little to reduce cyber risk. In reality, everyday digital behavior increasingly places people closer to the security chain than many realize.

“The Comprehensive Security Model has served Finland well because it is built on shared responsibility,” says Valtteri Peltomäki, National Security Director, DNV Cyber. “To strengthen it further, we need clearer ownership of responsibility, better understanding of digital dependencies, and stronger coordination between public authorities, critical infrastructure operators and the public. Digital complexity doesn’t weaken resilience by itself, but lack of clarity over shared ownership of cyber risk does.”

DNV Cyber’s research highlights the need for greater clarity over cyber risk ownership for the Comprehensive Security Model to thrive in an increasingly digitally-dependent society. More than two-thirds (77%) of critical infrastructure executives say that more clarity is needed from government authorities about what role their business is expected to play, and most (78%) believe more investment is needed to make the public more aware of their role in supporting national cyber resilience. Only a quarter of the population (24%) say they have a good understanding of the people and organizations responsible for protecting Finland’s critical infrastructure from cyberattacks.

Recommendations: Strengthening cyber resilience in Finland

The report How Cyber Resilient is Finland? sets out six recommendations to strengthen Finland’s cyber resilience:

1. Extend joint responsibility beyond regulatory compliance
   Reinforce shared responsibility for cyber resilience across government, critical infrastructure providers, and citizens by clarifying roles, expectations, and ownership beyond minimum regulatory requirements.
2. Reduce vulnerabilities in the supply chain
   Strengthen visibility and oversight across suppliers and third party dependencies to reduce systemic risk, limit hidden exposure, and address cascading effects from cyber incidents in connected ecosystems.
3. Do not let maturity lead to complacency
   Ensure that confidence built on past performance does not weaken preparedness by continuously reassessing risk, investing in skills, and adapting defenses to faster moving and more sophisticated threats.
4. Encourage collaboration between all infrastructure sectors
   Improve operational collaboration and trusted information sharing between organizations and sectors to reflect the interconnected nature of cyber and cyber physical risk.
5. Build public confidence and knowledge around response and recovery
   Make preparedness, response, and recovery more tangible for citizens by clarifying what disruption looks like in practice and how individuals can contribute during and after cyber incidents.
6. Balance connectivity with digital independence
   Manage critical digital dependencies by maintaining visibility, control, and resilience across increasingly connected and AI enabled systems—without undermining the benefits of digitalization.

About research
How Cyber Resilient is Finland? is published by DNV Cyber and forms part of a broader research program examining cyber resilience in critical infrastructure across the Nordic region. 

The Finland focused research draws on: 

• A survey of 200 senior executives in Finnish critical infrastructure organizations, including energy, transport, water, healthcare, and financial services 
• A survey of 500 members of the Finnish public
• In depth interviews with leaders and experts in cyber security and resilience

The research was developed in partnership with FT Longitude (a Financial Times company). Fieldwork was conducted between November 2025 and January 2026.

  
About DNV Cyber  

DNV Cyber is a leading cyber security services provider, empowering organizations with complex needs to become safer and more resilient. With a global team of more than 500 cyber security specialists and over 30 years of experience in IT and operational technology security, DNV Cyber safeguards what is critical—enabling businesses and societies to thrive. 

About DNV  
DNV is an independent assurance and risk management provider operating in more than 100 countries. Through its broad experience and deep expertise, DNV advances safety and sustainable performance, sets industry standards, and develops solutions that address global transformation challenges.