People working in cybersecurity roles disagreethat previous leadership experience during a high-profile cybersecurity incident bolsters a leader's credibility total 9%.

71% of people working in cybersecurity roles want a balance of both technical hands-on experience and strategic/executive leadership experience in a cybersecurity leader.

People working in cybersecurity roles are very or extremely confident in current cybersecurity upper leadership at 49%.

In 2026, 9% of Nordic CISOs reported an increase in severe cybersecurity incidents (vs 53% in 2025), while 91% reported a stable level (vs 28% in 2025), and none reported a decrease (vs 19% in 2025).

23% of Nordic CISOs cited ransomware or availability disruption as their primary concern.

17% of Nordic CISOs cited insiders & human error as their primary concern.

14% of Nordic CISOs cited AI-related threats as their primary concern.

14% of Nordic CISOs cited supply chain as their primary concern.

9% of Nordic CISOs cited vulnerabilities as their primary concern.

5% of Nordic CISOs cited DDoS and opportunistic probing as their primary concern.

In 2026, about 65% of Nordic CISOs report through technology leadership (CIO or CTO) with one or two intermediaries to the CEO (half each).

34% of people working in cybersecurity roles are very confident in current cybersecurity upper leadership.

15% of people working in cybersecurity roles are extremely confident in current cybersecurity upper leadership.

91% of people working in cybersecurity roles mark having a strategic and long-term cybersecurity vision as very important in a cybersecurity leader.

In 2026, 55% of Nordic CISOs reported an increase in less severe incidents.

73% of Nordic CISOs either explicitly state that no vulnerabilities have been exploited or are unable to point out concrete cases.

32% of Nordic CISOs cited identity-related attacks (e.g., leaked credentials) as their primary concern.

40% of Nordic CISOs report to finance, either directly reporting to the CFO or through a CIO.

32% of Nordic CISOs explicitly state that access, influence, or sponsorship matters more than formal reporting hierarchy.

The dominant range for cybersecurity budgets among Nordic organizations remains approximately 5 to 10% of the IT budget (45% compared to 47% in 2024), with an average of approximately 7%.