A Risk-Based Approach Creates Control

The global geopolitical situation creates uncertainty, and many business leaders feel increasing concern about the future. Oskar Ehrnström, Head of Security at Vivicta, emphasizes the importance of proactively managing risks through a risk-based approach to remain stable during business-critical changes.

Wars, trade conflicts, and political shifts create global uncertainty about how decisions or attacks can affect an organization’s operations. Oskar Ehrnström, Swedish Head of Security at the IT service company Vivicta, stresses that in a changing world, where external factors are difficult to influence, it becomes crucial to focus on what you can actually control. By identifying risks in advance and having a clear action plan for different scenarios, he emphasizes that organizations can increase their resilience and create greater security in their operations.

"Relying on old work models and hoping they will suffice is a common but risky mistake. Changes happen quickly and can affect everything from supply chains to digital services. I sometimes get asked what happens if an American cloud provider suddenly becomes unavailable due to new trade restrictions. Many companies worry about such scenarios, but I think the wrong question is being asked. Instead, ask yourselves how well prepared you are. It’s about analyzing your own operations, identifying what is business-critical, and developing strategies to ensure access to these resources,” he says.

Spread Risks for Increased Stability

The strong desire to take control of digital presence and be prepared for future changes is a rapidly growing trend in the market. Oskar emphasizes that risk management should be seen as a holistic perspective on operational activities, where the work begins with a thorough mapping and analysis to identify security gaps and explore alternative operational solutions.

He explains that without proper mapping, you risk creating a vulnerable organization with a plan that is not adapted for unforeseen events—which can lead to serious consequences.

"You need to analyze which information or resource is business-critical and ensure that it is always available, no matter what happens in the outside world. It is a process that is often both competence- and resource-intensive. Companies cannot influence the outside world but must relate to it to maintain control. There are no universal solutions here, and a strong partner can provide expertise and support to succeed,” he concludes.

Can Sweden Trust the Interaction Between Business and the Public Sector?

As the threat landscape grows and digital attacks can quickly disable everything from hospitals to energy supply, a crucial question arises: are business and the public sector ready to jointly manage the country’s security?

It is easy to associate Sweden’s security with the important work of the Armed Forces, but Oskar Ehrnström, Head of Security at Vivicta, notes that today’s threats look different. Digital attacks can paralyze healthcare or disrupt energy—and since private technology companies have gone from being suppliers to becoming society-sustaining actors, the responsibility can no longer rest solely with the state.

“Critical functions such as healthcare systems, payment services, power grids, and transportation are largely run by private companies, so resilience is increasingly about digital infrastructure, dependencies between actors, and the ability to collaborate in real time. The government’s investments in total defense are important but risk being insufficient if not followed by a clear structure for interaction between the public sector and business. The challenge is to make it work in everyday life—and here, actors are needed who can keep the most critical functions running while also developing new ways of working together,” he says.

Securing Operation of Central Digital Solutions

Vivicta bridges the gap between strategic ambitions and practical everyday security by taking responsibility for critical societal systems such as medical records, banking services, and cloud platforms for authorities. Ehrnström explains that this can mean ensuring that patient records are always available, that payments work, or that public services continue even in a crisis.

“The development has taken us beyond the role of a technology company—we are now part of the country’s resilience, which changes the playing field for us, our customers, and Sweden’s authorities. By combining cutting-edge technology with proven processes for everything from cybersecurity and monitoring to scenario-based exercises, we can prevent attacks and ensure a society that always works.”

The Ability to Collaborate Determines Resilience

For Sweden to meet digital development and growing security threats, he emphasizes that clear roles and a rapid flow of information are required between both companies and authorities. Everyone must know who does what in a crisis—but just as important is collaboration before it happens.

“Societal security is no longer the state’s sole responsibility but is based on shared resources and capabilities. The current model is shaped for peacetime, but that world no longer exists, and therefore we must more quickly adapt both structures and roles.”

Oskar Ehrnström explains that Vivicta understands and appreciates its new role in society and that it means they must take responsibility for societal security from their perspective.

“But we also want to urge the public sector to step up: today, public actors are too passive, while private actors are driving progress. It is high time to strengthen preventive cooperation and ensure that government investments actually result in effective collaboration between public and private actors,” he concludes.