Rising cyber threats to Nordic banks continues to supply industry-led initiatives that allow organisations within the monetary area to raised handle danger, bolster readiness and strengthen inner IT community safety programs.
Finans Norge, the central organisation for banks and monetary providers suppliers in Norway, has established a devoted Cyber Risk Help Unit (CTSU) that may collaborate with financial institution members to offer professional help and a centralised useful resource to share cyber danger experiences, IT community safety strategies and suggest defence menace options.
The formation of the CTSU represents a direct response to the escalating menace of ever extra aggressive cyber assaults towards banks, and the emergence of latest dangers involving dangerous actors collaborating with financial institution staff to seize insider info and embezzle finance establishment funds.
Sector-wide steerage
To assist its monetary providers members, Finans Norge has launched the Information to Personnel Safety in The Monetary Business (GPSFI). The GPSFI is meant to function a roadmap to assist organisations within the sector higher handle “inner danger” referring to fraud, whereas defending lack of belongings by utilizing superior digital and customised synthetic intelligence (AI) applied sciences to restrict personnel authorised entry to restricted areas for reputable functions.
However that Norway’s monetary providers {industry} is turning into more and more strong within the face of digital threats, using “insiders” by dangerous actors poses a brand new stage of safety danger for banks and insurance coverage teams, mentioned Therese Høyer Grimstad, Norge Finans’ director of labour relations.
“The information’s objective is to help firms within the monetary {industry} to deal with personnel safety in such a manner that their belongings are sufficiently protected. The information additionally informs about staff’ rights and privateness, which have to be safeguarded,” Grimstad mentioned.
The GPSFI addresses employment legislation and different authorized points to make sure that the community safety and cyber defence measures adopted to counter inner fraud and knowledge breaches by dangerous actors conform to Norway’s office discrimination and knowledge safety laws.
“By strengthening efforts protecting personnel safety, it permits our finance sector members to turn out to be extra geared up to deal with more and more complicated menace conditions,” mentioned Grimstad.
The escalating menace posed by inner fraud amongst Norway’s 123 industrial, digital and financial savings banks has turn out to be a big problem for Økonomisk (Økonomisk Kriminalitet og Miljøkriminalitet), the nation’s nationwide authority for the investigation and prosecution of financial crime.
Økokrim is at present working seven separate investigations involving financial institution staff colluding with dangerous actors to defraud their employers, mentioned Pål Lønseth, the police company’s director normal.
“We’re seeing a pointy rise in digital threats and financial institution fraud actions the place sure personnel are performing in a disloyal strategy to their employers by collaborating with exterior associates. The top-goal is to embezzle monies by serving to criminals achieve entry to financial institution belongings,” Lønseth mentioned.
New and critical threats
Quantum computer systems might supply a brand new type of rising menace and problem for IT community safety within the banking sphere, on condition that they might finally make present encryption strategies out of date.
Deepfake expertise can be including a layer of complexity to monetary fraud, doubtlessly enabling dangerous actors at nighttime internet impersonate financial institution administrators by utilizing AI manipulation instruments to breed voices and faces.
A survey carried out by Finans Norge in 2024 discovered that lower than 20% of financial institution executives seen the evolution of quantum computer systems as an actual future menace to their IT safety defences. Round 40% of financial institution executives regarded malware and ransom ware as posing the next diploma of danger and menace to their operations and IT community safety.
Banks in Norway are lobbying the federal government to introduce extra measures to assist firms within the finance sector increase their cyber safety capacities by means of the implementation of simpler legislative protections.
Particularly, banks in Norway need the federal government to include the European Union’s Community and Data Techniques 2 (NIS2) directive into Norwegian laws on the earliest alternative.
A member of the European Financial Space (EEA), Norway’s relationship with the EU is constructed on commerce and supplementary financial treaties energetic by means of the EEA. Norway is a part of the EU’s single market and the Schengen free-travel areas. Round 68% of the nation’s exports are with EU nations.
Financial institution chiefs view the early implementation of the NIS2 (changing NIS1 2016) in Norway as a elementary legislative motion by authorities to ship an up to date framework for cyber safety to the entire of the monetary providers sector.
Banks in Norway consider that the NIS2 would set up a excessive widespread normal of safety coupled with a unified authorized framework for community and knowledge programs advantageous to monetary providers organisations.
Wider cooperation
Banks in Norway are additionally ramping up cooperation with monetary teams throughout the Nordic area with the purpose of constructing info platforms to share experience and IT community safety options related to bolstering cyber safety defences.
In a Nordic context, Denmark and Sweden are thought to be being forward of Norway when it comes to work executed to judge cyber safety dangers and threats attaching to AI. Denmark and Sweden are additionally forward in growing defensive instruments to fight the ever extra subtle misleading strategies being utilized by dangerous actors at nighttime internet to penetrate financial institution IT community defences to illegally acceptable belongings.
Finansforbundet, Denmark’s monetary providers union, is advising industrial financial institution and monetary sector members to speculate extra closely in AI-related danger coaching with the purpose of reinforcing their on-line platforms and IT networks with a extra superior layer of safety safety.
It’s crucial that banks in Denmark and the Nordic area undertake efficient measures to make sure management over knowledge earlier than introducing AI, mentioned Dorrit Brandt, chairman of Finansforbundet.
“There are benefits and dangers with AI. The power to keep up management over knowledge is essential. There might be effectivity good points, and in some circumstances the introduction of AI will translate into layoffs over the quick time period for finance firms,” Brandt mentioned.
Denmark’s monetary sector is within the means of introducing AI on a broader scale. An {industry} evaluation carried out in February (2025) by Arbejderbevægelsens Erhvervsråd, the Danish labour motion’s Financial Council, calculated that 98% of all jobs within the nation’s monetary sector will to a point be affected by AI whereas an additional 9% could possibly be automated over the subsequent twenty years.
The response by Nordic banks to the AI revolution is clear within the uptick in spending on personnel upskilling programmes that monitor developments within the expertise and assist construction coaching necessities.
Specialised coaching is being offered to staff by banks to focus on the brand new dimension of IT community safety menace that AI poses, in addition to how the expertise is reshaping standard cyber safety defences lengthy employed by banks and insurers to safeguard IT networks and monetary belongings.
“As a precedence, there must be a complete programme of upskilling in generative AI throughout the monetary sector. We’re confronting some of the transformative applied sciences ever. The {industry} wants to remain alert and stay in management,” Brandt mentioned.
