Finnish companies have a lot of work ahead in implementing the European Network and Information Systems Directive
According to Nordic study conducted by Telenor in collaboration with DNA and other Nordic subsidiaries, companies have significant room for improvement in terms of cybersecurity. Also implementing the European Network and Information Systems Directive (NIS2) needs a lot of work in the companies.

The European Network and Information Systems Directive (NIS2) aims to ensure a common level of cybersecurity throughout the European Union. This directive will become part of national legislation in Finland during this year. The requirements of the directive apply to a large portion of Finnish companies, either directly or through subcontracting chains. The study reveals that Nordic companies perceive their cybersecurity levels and threats similarly.
Nearly all Nordic companies consider themselves somewhat aware of cyber threats
However, one crucial aspect of cybersecurity is employee awareness of cyber risks and appropriate responses. NIS2 emphasizes better communication and training on cybersecurity matters for employees. Surprisingly, in Finland, approximately 49% of respondents mentioned that they currently provide the required cybersecurity training related to NIS2 for their staff. In Norway, 61% of companies offer such training, while in Sweden and Denmark, approximately one-third of companies do so.
“Of particular concern is the finding that firewall protection is lacking in up to a quarter of companies. This deficiency should raise alarms not only for the companies themselves but also for their customers who use their services. Good cybersecurity practices not only protect the companies but also reduce the risk of infection for partners and customers”, says Dominique Akl, VP, Network and Cloud Solutions at DNA Corporate Business.
According to the survey, only 75% of companies protect their operations with firewall solutions, and nearly the same percentage mention that their company has any malware protection (76%).
As per the directive, responsibility of company’s cybersecurity lies with its management, and executives can be held personally accountable for any negligence. Almost all respondents (95%) felt they were somewhat aware of cybersecurity threats. However, 10% of respondents were unaware of the specific cybersecurity tools their company had in place.
Preparedness plans are lacking in the majority of Finnish companies
When NIS2 comes into force, it requires that cybersecurity risks be analyzed, and policies related to information system security be implemented. Despite this, only about a third (36%) of Finnish companies have developed incident response plans for cybersecurity threats. Nevertheless, a significant portion (86%) of respondents were confident or fairly confident in their ability to respond to cybersecurity incidents.
Based on the responses, it is likely that a significant number of Finnish companies have weak capabilities to effectively address various security threats.
Resource constraints and expertise pose obstacles to improving cybersecurity
Meeting NIS2 requirements demands increased investment in cybersecurity capabilities and its maintenance from companies.
“Every company should act in line with the intentions of the directive, regardless of whether the directive directly obligates the company,” says Akl.
The most significant barriers to enhancing cybersecurity capabilities were resource and funding constraints (25%), expertise (27%), and staff skills gap (26%). While most respondents (51%) believed that cybersecurity resourcing would increase, only 7% considered it highly likely to happen.
This press release is based on a web survey conducted by Telenor Group with Norstat in October 2023. The study targeted companies in Finland, Norway, Sweden, and Denmark, with respondents being business directors responsible for their respective companies. The total number of respondents was 2134, including 518 from Finland. The survey’s margin of error is 1.9–4.5 percentage points.
Media Inquiries:
Attachement: survey summary
Dominique Akl, Vice President, Network and Cloud Solutions, DNA Plc, tel. +38 (0)44 044 2602, dominique.akl@dna.fi
DNA Corporate Communications, tel. +358 44 044 8000, communications@dna.fi
Images

Documents
DNA is one of the leading telecommunications companies in Finland. Our purpose is to connect you to what matters most. We offer connections, services and devices for homes and workplaces, contributing to the digitalisation of society. Already for years, DNA customers have been among the world leaders in mobile data usage. DNA has about 3.7 million subscriptions in its fixed and mobile communications networks. The company has been awarded numerous times as an excellent employer and family-friendly workplace. In 2023, our total revenues was EUR 1,067 million and we employed about 1,700 people around Finland. DNA is a part of Telenor Group, a leading telecommunications company across the Nordics. More information: www.dna.fi, X @DNA_fi, Facebook @DNA.fi and LinkedIn @DNA-Oyj.
Alternative languages
Subscribe to releases from DNA Oyj
Subscribe to all the latest releases from DNA Oyj by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from DNA Oyj
Ville Virtanen DNA:n strategiasta ja tekoälystä vastaavaksi johtajaksi ja johtoryhmän jäseneksi3.9.2025 09:00:00 EEST | Tiedote
DNA vahvistaa strategista ja teknologista osaamistaan nimittämällä Ville Virtasen strategiasta ja tekoälystä vastaavaksi johtajaksi sekä johtoryhmän jäseneksi 1. lokakuuta 2025 alkaen.
Ville Virtanen appointed DNA’s SVP, Strategy and AI, and member of Executive Management Team3.9.2025 09:00:00 EEST | Press release
DNA is strengthening its strategic and technological capabilities by appointing Ville Virtanen as SVP, Strategy and AI and member of the Executive Management Team, effective 1 October 2025.
DNA:n uusi tekoälybotti parantaa yritysten asiakaskokemusta1.9.2025 09:30:00 EEST | Tiedote
DNA Business Apuri on tekoälypohjainen työkalu, jolla yritykset voivat parantaa asiakaspalvelunsa tavoitettavuutta ja asiakaskokemustaan. DNA Business Apuri on luotettava ja tietoturvallinen tekoälybotti, joka on suunniteltu erityisesti Suomen markkinoille. Se auttaa varsinkin pieniä ja keskisuuria yrityksiä nostamaan asiakaskokemuksensa uudelle tasolle muun muassa automatisoimalla työläitä katalogihakuja, vastaamalla monimutkaisiin kyselyihin ja tarjoamalla palvelua myös niinä aikoihin, kun perinteinen asiakaspalvelu ei ole avoinna. Palvelu tulee DNA:n yritysasiakkaiden saataville 1.9.2025 lähtien.
DNA's new AI bot enhances customer experience for businesses1.9.2025 09:30:00 EEST | Press release
The DNA Business Apuri is an AI-based tool that allows companies to improve their customer service accessibility and overall customer experience. Designed specifically for the Finnish market, the DNA Business Apuri is a reliable and secure AI bot that helps especially small and medium-sized enterprises elevate their customer experience by automating tedious catalog searches, responding to complex inquiries, and providing service even when traditional customer support is closed. The service will be available to DNA's corporate customers starting September 1, 2025.
DNA:n elokuun 2025 myydyimmät puhelimet ja älykellot1.9.2025 08:00:00 EEST | Tiedote
Apple vei kärkipaikan sekä DNA:n kuluttaja- että yritysasiakkaiden myydyimpien puhelinten listalla iPhone 16 Pro 5G -mallillaan myös elokuussa. Applen pienikokoinen iPhone 13 mini nappasi puolestaan ensimmäisen sijan käytettyjen puhelinten listalla. Xploran lasten kellopuhelimet ottivat kärkisijat elokuun myydyimpien älykellojen listalla.
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom