Cybersecurity in the Public Sector 2025: Offensive and Defensive Strategies

Cybersecurity in the Public Sector 2025: Offensive and Defensive Strategies

The threat landscape facing the Swedish public sector continues to grow — in both scale and complexity. Ransomware, phishing, exploitation of known vulnerabilities and rapid zero-day abuse have become everyday challenges. According to analyses from Check Point, LexisNexis Risk Solutions and Google Cloud, attackers now exploit newly disclosed vulnerabilities within hours of their publication.

This article is part of the series Public Sector 2025 – The Technological Shift Shaping the Future of Government, where we explore how AI, cybersecurity and modern software development together drive the next major leap in Swedish public digitalisation.

A Security Model in Transition

In response, more authorities have adopted Zero Trust as their architectural foundation: strict access control, continuous verification and no implicit trust. The model is also embedded in the national guidelines for 2025, where multi-factor authentication (MFA) is highlighted as the standard for all public organisations.
The NIS2 directive raises the bar even further with increased accountability, reporting requirements and minimum technical baselines – a clear sign that cybersecurity has become a strategic societal issue, no longer merely an IT concern.

Concrete Examples: Measures, Initiatives and Incidents

Practical work is where cybersecurity becomes visible. Here are some of the most prominent initiatives in Sweden in 2025.

Municipal SOC Pilots: Early Detection and Rapid Response

Gothenburg and Örebro have established local Security Operations Centers where AI-supported tools actively detect and prioritise incidents. These SOC solutions have helped stop phishing campaigns, ransomware attempts and intrusion attempts on personal data systems — often before any damage occurs.

MSB’s National Incident Exercises: Training That Delivers Results

MSB coordinates annual cyber exercises with municipalities and regions. The exercises simulate attacks on critical infrastructure, data leaks and operational disruptions. The results are clear: organisations that train regularly handle crises significantly faster and with better coordination.

AI Support in National Initiatives: Automated Threat Analysis

The NCSC at FRA is currently evaluating AI platforms that automatically analyse threat data and prioritise alerts. These systems can detect anomalous behaviour, identify intrusion attempts and support analysts with real-time reporting — a central investment for national monitoring.

Zero Trust and MFA in Practice: Proven Results

Region Stockholm deployed MFA and continuous identity verification across all operational systems throughout 2025. The results speak for themselves: more than 50% fewer successful intrusions and data leaks compared to the previous year. This demonstrates what modern architecture can deliver when adopted at scale.

AI-Driven Cyber Defence: Faster Analysis and Better Prioritisation

AI has become a central support system in the SOC environments of public organisations. Swedish authorities now use tools that:

  • filter noise and irrelevant alerts
  • detect patterns invisible to traditional methods
  • prioritise incidents based on risk
  • recommend early mitigation actions

International initiatives, such as New York’s AI-supported security centre, serve as benchmarks for how Sweden can build scalable models for national cyber defence.

But one principle remains unchanged: AI does not replace people. It augments them — accelerating analysis and improving quality — but decisions and action plans still rely on human expertise.

The 2025 national guidelines therefore emphasise traceability, human oversight and transparency in AI-supported security processes.

Digital Resilience: Where Culture and Competence Determine the Outcome

Teknik räcker inte. Samstämmiga analyser från Google Cloud och LexisNexis Risk Solutions visar Technology alone is not enough. Consistent analyses from Google Cloud and LexisNexis Risk Solutions show that true resilience is created through competence, culture and continuous training.

MSB and NCSC highlight leadership engagement as one of the strongest success factors — not only during crises but in everyday operations.

The 2025 national strategies emphasise:

  • organisation-wide training
  • regular incident exercises
  • faster decision chains
  • clearer responsibilities
  • continuity planning and recovery capabilities

And the data is unambiguous: authorities that conduct continuous training restore operations up to twice as fast after major attacks (MSB’s Cybersäkerhetskollen).

Strategic Challenges and Direction

Below are the key strategic insights for 2025.

AI as Cyber Defence – Powerful, but Requires Maturity

Reports show that AI-based incident handling can keep up with the growth and complexity of cyber threats. At the same time, achieving real impact requires strengthened competence in analysis, policy and operational decision-making.

Zero Trust – Necessary but Challenging

Several authorities report that Zero Trust requires significant modernisation of legacy systems. Successful implementation is closely tied to:

  • clear mandates
  • shared technical platforms
  • strong and informed leadership

Culture and Training – The Heart of Real Resilience

Training and knowledge influence incident response speed more than any individual technical investment. Authorities with ongoing training and exercises have significantly higher recovery capacity.

Future Outlook: What the Next Step in Cyber Defence May Bring

Several development tracks are accelerating and are expected to shape the next generation of Swedish cyber strategy.

AI-Assisted Incident Management

The next wave of AI systems could:

  • generate mitigation recommendations
  • draft incident reports
  • automatically notify affected departments
  • initiate certain protective measures autonomously

This could significantly shorten the time from detection to action.

Collaborative Defence – Real-Time Threat Data Sharing

A likely next step is national platforms where municipalities, regions and state authorities share:

  • real-time attack data
  • vulnerabilities
  • active campaigns

The goal: an AI-supported national “early warning system”.

Integrated Security in Public Services

As technology matures, security will become increasingly invisible to users:

  • biometric authentication
  • dynamic access control
  • automated background verification

Citizens interact with secure services without having to think about the security mechanisms behind them.

A Sector Under Pressure, but With Growing Capacity

Cyberattacks against the public sector increased by around 30% during 2025. In parallel, the Government has intensified its efforts by:

  • updating the national cybersecurity strategy
  • strengthening the mandate of the NCSC
  • investing heavily in digital resilience

The NIS2 directive also provides a stronger, binding framework for technology, competence and reporting.

Conclusion: Cybersecurity as a Team Effort

In 2025, the public sector faces a faster and more aggressive threat landscape — but also greater opportunities for defence, collaboration and resilience.

Winning organisations build security on three pillars:

  1. Modern architecture and Zero Trust, with MFA, rapid patching and continuous verification.
  2. AI as an analytical accelerator, enhancing speed and quality without replacing human expertise.
  3. A trained and engaged organisation, where culture and competence form the foundation of real resilience.

It is at the intersection of technology, governance and people that the future of cybersecurity is built — and where Sweden’s public sector is strengthening its ability to both withstand attacks and recover quickly when they occur.

Want to strengthen your cybersecurity in practice?
At HiQ, we help the public sector build modern security architectures, implement Zero Trust and use AI for faster, smarter incident management.
Get in touch, together we’ll strengthen your digital defence!

Read Part 3 in the series “Public Sector 2025 – The Technological Shift Shaping the Future of Government” here

Work at HiQ

Get in touch!

Choose your nearest office, looking forward to hear from you!

Read more articles here

insight Software Development in the Public Sector 2025: Digital Transformation, Data Modernisation and Collaboration in Practice
insight The EU’s AI Reset Is the Right Path to Safeguard Europe’s Responsible Competitiveness
insight Public Sector 2025: AI as a Force, Compass and Catalyst
insight When AI Meets Cybersecurity: From Risk to Opportunity
insight Atlassian Rovo: AI as the Hub of Future Collaboration
insight Part 2: Social Engineering and Cyber Threats: The Return of the Human Factor
insight Part 3: Platformisation and Digital Resilience: Business Strategy on Cloud Terms
insight Part 1: AI and the Competence Shift: Ready for the Next Big Leap?
insight Windows 10 Support Ends – How It Affects Businesses and What You Need to Do Now
insight Meet Laura Vantellini, HiQ’s new Managing Director in Germany 
insight Digitalization, AI and the Future of Sweden – A Conversation with Minister for Civil Affairs Erik Slottner
insight Customer data is the new gold – and hackers are already digging
insight Quantum Computers and Cybersecurity – From Future Threat to Strategic Reality
insight New Report Shows How We Use ChatGPT: Like Buying an iPhone and Only Using the Flashlight
insight From Crisis to Insight: Building a More Secure Digital Public Sector
insight The Cyber Landscape 2020–2025: From Pandemic Shock to AI-Driven Threats
insight AI sets a new standard for banks’ fraud prevention
insight When Nature Strikes: How AI Can Protect the Energy System from the Next Crisis
insight AI makes Jira the developer’s new assistant
insight Only Five Percent Succeed with AI – How to Avoid Being Among the Losers
insight From Frozen Firmware to Adaptive Intelligence: Embedded Software Is Changing the Game
insight Edge AI: Intelligence Moving into the Systems
insight Digital Resilience – The Next Competitive Advantage
insight From Docker to Kubernetes – The Story of How We Build the Next Generation of Digital Ecosystems
insight The 11 Hottest AI Agents of 2025 – and How They’re Already Transforming Business
insight AI Experiences from a Developer’s Everyday Life – How to Use AI for Coding
insight From Data to Agency: Navigating the AI Maturity Path to Agentic Systems
insight What Does “Developer Experience” Really Mean – and Why Should the Business Side Care?
insight The Future of Development: What State of Software 2025 Reveals About Tomorrow’s Tech Roles
insight From Model Year to Always Up-to-Date – How Software Is Redefining the Car’s Lifecycle
insight AI in the Power Grid – From Vision to Real-World Application
insight Efficiency Without Shortcuts – How to Get More Out of Every Step in the Development Cycle
insight Interview with Ashkan Fardost: Why We Must Understand Technology as Something Deeply Human
insight Towards a Data-Driven Future: Falu Energi & Vatten’s Strategic Journey
insight Confident in Swedish – A Language Initiative that Builds Courage and Connection
insight Java on Cloud Terms – Best Practices for AWS, Azure, and GCP
insight Building a Tech Industry Where Everyone Feels at Home
insight Spring Boot, Quarkus or Micronaut? Your Guide Through the Java Framework Jungle
insight AI – The Manufacturing Industry’s Shield Against the New Reality of Trade Tariffs?
insight How to Build Change-Resilient Teams – with Annika R Malmberg on Tech Royale
insight Vibecoding vs. DevOps: The Future of Software Development in the AI Era?  
insight From Threads to Thousands – How Virtual Threads Are Transforming Java Development
insight How Companies Can Implement the POUR Principles in Their Digital Strategy Ahead of the EAA
insight Everything You Need to Know About Digital Accessibility Before June 2025
insight How Young Professionals Can Prepare for the Future of DevOps
insight Why CxOs Should Care About the Future of DevOps
insight The Trends Shaping DevOps in 2025
insight “We Must Prepare for an Increasingly Complex Threat Landscape”
insight DeepSeek and the AI Arms Race – What Does It Mean for Sweden?
insight Unlearning for DevOps Teams: A Key Skill for the Future
insight DevOps and AI: Building Systems That Learn and Adapt
insight Insights on Leadership and Partnerships in Tech with Simona Bamerlind
insight How to Lead a Tech-Forward Organization – Insights from Ledarlabbet
insight Understanding CRA: A Path to Competitive Advantage
insight Figma’s Dev Mode: A Hands-on Guide
insight Exploring AI, Cybersecurity, and the Future of Intelligence with Staffan Truvé
insight How to Avoid Common AI Project Pitfalls
insight Cybersecurity in Focus This October: How We Can Create a Safer Digital Society
insight Understanding PSD3 and PSR: Why They Matter and What You Need to Know
insight Open Banking and the API Economy: Drivers of New Innovation in Finance
insight The Swedish Financial Infrastructure from a Tech Perspective
insight Five Keys to IT and Tech-Driven Innovation – Insights from Radar Talk
insight The Rise of Autonomous Vehicles: Revolutionizing Transportation
insight AI and Sustainability: Opportunities, Challenges, and the Way Forward
insight AI – From Data to Business Decisions 
insight How HiQ Helps You and Your Business
insight What Happens if Your Software Fails?
insight Skip Projects & Pi in Software Development
insight Four Expert Tips on Business Value with GAI
insight How well do we really understand children’s digital preferences?
insight Mastering Industrial IoT
insight NIS2 – Not Just for Critical Functions
insight Navigating the AI Revolution
insight Unlocking Your Data Goldmine
insight AI Adoption in Nordic Energy and Manufacturing
insight Emerging AI Infrastructure
insight The Nordic AI Race