1. Offerings
  2. /
  3. Security
  4. /
  5. Resilience

Resilience

In a world where geopolitical conflicts, cyberattacks, and disinformation have become part of everyday life, new ways of thinking about security are required. To meet legal requirements, expectations, and an increasingly risky global environment, we need to raise our common security standard.

The Resilience service provides strategic advisory and tactical guidance to help organizations meet the ten cyber capabilities defined by the National Cyber Security Centre (NCSC).

 

Log in   Register your interest!

pexels-mati-mango-5952651

Stronger protection for Sweden and our operations

The increasing threat landscape facing civil society is changing how we prepare our companies and organizations. This is not only about protecting our operations, but also about strengthening our competitiveness and creating long-term security for customers, employees, and society at large.

In response, the NCSC—together with agencies such as the Swedish Defence Materiel Administration (FMV), the Swedish Armed Forces, the Swedish Civil Contingencies Agency (MSB), and the Swedish Security Service (SÄPO)—developed a list of actions defining ten cyber capabilities that all Swedish companies and public authorities are recommended to establish in order to counter threats from cybercriminals and foreign actors.

Why is this so important right now?

The EU’s new cybersecurity directive, NIS2, will become law in all EU member states and will take effect in Sweden in January 2026. This means that all affected companies and organizations must have clear and sufficient cybersecurity measures in place. The legislative change can be compared to the introduction of GDPR, as supervisory authorities will be appointed and penalties may be imposed for non-compliance.

Through NIS2, executive management teams are given explicit responsibility and can be held accountable for shortcomings in how the organization manages cybersecurity.

NCSC’s 10 Cyber Capabilities

The following ten capabilities should be ensured by all Swedish companies and organizations in order to comply with the regulations. The recommendations highlight the importance of practicing incident response, establishing clear communication channels, and preparing resources to handle critical situations. Through systematic work and regular exercises, organizations can not only manage security incidents effectively but also strengthen their readiness for future threats.

1. Ensure the ability to detect security incidents

To effectively identify security incidents in the IT environment, it is essential to detect them as early as possible. This can be achieved through a combination of manual, technical, and automated methods.

2. Install security updates promptly

Prioritize updates for information systems that are exposed to the internet, are business-critical, or contain vulnerabilities that risk being exploited. The goal should be to install security updates as soon as they are released.

3. Manage privileges and use strong authentication

Review all accounts in the IT environment and deactivate any that are no longer in use. Grant only the permissions necessary for each role. Use multi-factor authentication for public services, sensitive information, and accounts with administrative access. If multi-factor authentication is not available, use long and unique passwords.

4. Limit and protect the use of elevated privileges

Protecting administrative privileges is crucial for reducing security risks in the IT environment. By establishing clear routines for the assignment and use of these privileges, organizations can safeguard their systems and data.

5. Disable unused services and protocols

To protect information systems from threats, it is important to disable functions that are not required for the system’s operation. By applying appropriate security measures, organizations reduce the risk of the system being exposed to attacks.

6. Back up and test restoration of information

Creating and testing backups is essential for protecting information and systems against data loss. Regular backups enable organizations to quickly restore data and minimize disruption during incidents.

7. Segment and control access within the network

To protect the organization’s IT environment, it is crucial to segment the network to limit and monitor traffic flows between different parts of the system. It is also important to ensure that only approved devices are allowed to connect.

8. Ensure that only approved software can run — allowlisting

Only authorized software should be allowed to run in the IT environment. By using allowlisting, organizations can protect their systems and information by preventing unauthorized software from being executed.

9. Upgrade software and hardware

Replace outdated software and hardware to reduce vulnerabilities and ensure that systems function properly and maintain adequate security.

10. Control internet access

Secure internet access is essential to prevent internal systems and data from communicating with external environments without authorization. By implementing the right measures, organizations can prevent a compromised system from being used for remote control or data theft.

motståndskraft

 

Overview of the tool, showing how well the company meets NCSC’s 10 cyber capabilities.

How we work together

01

Mapping maturity level

An initial workshop with key personnel in your organization to map your maturity level across NCSC’s 10 cyber capabilities. The workshop is complemented by interviews to develop a shared understanding.

02

Prioritization and tactical planning

We prioritize the 10 capabilities based on strategic objectives. This includes considering the organization’s business goals, the current threat landscape, and available budget and resources. The prioritization leads to tactical planning of concrete activities, including implementation and communication plans, resource allocation, and evaluation of choices and tools.

03

Execution

During regular monthly meetings, activities are carried out by our cybersecurity experts together with a designated resource from your organization. Ongoing expert guidance is provided, along with ready-to-use templates and playbooks.

04

Quarterly follow-up

Each quarter, we review and measure the maturity level of each cyber capability, making it easy to track progress over time. The results are presented in quarterly reports.

05

Access to strategic framework

You always have full access to our proprietary strategic framework for NCSC’s “Cybersecurity in Sweden.” This framework is at the heart of the service and is what we use to plan our work. It is designed to provide practical, concrete next steps.

06

Community

Access to the service’s shared Teams channel, where customers and our experts can exchange experiences and ask questions.

07

Annual cybersecurity event

You will receive an invitation to our annual cybersecurity event, exclusively for all customers of the service. The main focus is on how we can collectively strengthen both our own and our shared resilience.

"Cybersecurity is something everyone must address, and although the need has been evident for decades, many organizations still have not taken cybersecurity and information security as seriously as required."

– National Cyber Security Centre (NCSC)

The value of the service

As a customer of the Resilience service, you gain access to a digital tool where you, your colleagues, and our security experts can log in to view your organization’s maturity in relation to strategic objectives. The tool includes a roadmap for the work, activity tracking, an annual cycle, and a comprehensive library of templates.

Increased control and traceability

  • A clear view of the current status and maturity across all defined cyber capabilities.
  • Quarterly measurements provide concrete evidence of progress.

Focus and direction

  • A prioritized, tactical plan to strengthen capabilities step by step.
  • Avoids “ad hoc efforts” by ensuring that everything is connected in a clear, consistent thread.

Expert support on your terms

  • Our cybersecurity experts lead the work, while the customer controls the execution.
  • Access to a proven, strategic framework based on NCSC’s guidelines.

More efficient use of resources

  • Lower risk of misinvestment by focusing on the right activities.
  • Faster impact of initiatives thanks to planning and follow-up.

Knowledge and network

  • Access to a shared Teams channel for exchanging experiences.
  • Annual event for inspiration, trends, and collective resilience.

What does Resilience cost?

Bronze

NCSC’S Capabilities

  • Access to tools and strategic framework
  • Prioritization and tactical planning
  • Monthly meetings with expert advice
  • Quarterly reports on maturity level
  • Access to a shared Teams channel for knowledge exchange
  • Exclusive annual event
  • Access to NCSC’s related templates
Price: 30.000 SEK/Month

Silver

NCSC’S CAPABILITIES
NIS2
 
  • Access to tools and strategic framework
  • Prioritization and tactical planning
  • Monthly meetings with expert advice
  • Quarterly reports on maturity level
  • Access to a shared Teams channel for knowledge exchange
  • Exclusive annual event
  • Access to NCSC’s and NIS2’s related templates
Price: 40.000 SEK/Month

Gold

NCSC’S Capabilities
NIS2
DORA
  • Access to tools and strategic framework
  • Prioritization and tactical planning
  • Monthly meetings with expert advice
  • Quarterly reports on maturity level
  • Access to a shared Teams channel for knowledge exchange
  • Exclusive annual event
  • Full access to the complete template library
Price: 50.000 SEK/Month
We are leading edge •

Register your interest!

Would you like a personal demonstration of the Resilience service? Leave your contact information and we will get back to you!

Hidden
Hidden
Samtycke(Required)

Related services

Information security

Offering

Read more

Cyber Security Lifecycle Management

Offering

Read more

Contract analysis

Offering

Read more

Aktuellt

Inga inlägg hittades

Se fler inlägg

Följ oss!

Vi delar gärna med oss av kunskap, erfarenheter och inspiration. Följ oss på LinkedIn eller ta del av vårt nyhetsbrev, så får du ta del av insikter först av alla.

We are leading edge •

This website uses cookies

Cookies consist of small text files. They contain data that is stored on your device. To enable us to place certain types of cookies we need to obtain your consent. At Exobe AB, corp. ID no. 556769-5605, we use the following kinds of cookies. To read more about which cookies we use and storage times, click here to access our cookies policy.

Manage your cookie-settings

Necessary cookies

Necessary cookies are cookies that must be placed for basic functions to work on the website. Basic functions are, for example, cookies which are needed so that you can use menus on the website and navigate on the site.

Functional cookies

Functional cookies need to be placed on the website in order for it to perform as you would expect. For example, so that it recognizes which language you prefer, whether or not you are logged in, to keep the website secure, remember login details or to be able to sort products on the website according to your preferences.

Cookies for statistics

For us to measure your interactions with the website, we place cookies in order to keep statistics. These cookies anonymize personal data.

Personalization cookies

In order to provide a better experiance we place cookies for your preferances

Cookies for ad-tracking

To enable us to offer better service and experience, we place cookies so that we can provide relevant advertising. Another aim of this processing is to enable us to promote products or services, provide customized offers or provide recommendations based on what you have purchased in the past.

Ad measurement user cookies

In order to show relevant ads we place cookies to tailor ads for you

Personalized ads cookies

To show relevant and personal ads we place cookies to provide unique offers that are tailored to your user data