Rising cyber threats to Nordic banks continues to supply industry-led initiatives that allow organisations within the monetary house to higher handle danger, bolster readiness and strengthen inner IT community safety methods.
Finans Norge, the central organisation for banks and monetary providers suppliers in Norway, has established a devoted Cyber Menace Help Unit (CTSU) that can collaborate with financial institution members to offer skilled help and a centralised useful resource to share cyber danger experiences, IT community safety strategies and suggest defence menace options.
The formation of the CTSU represents a direct response to the escalating menace of ever extra aggressive cyber assaults in opposition to banks, and the emergence of latest dangers involving unhealthy actors collaborating with financial institution workers to seize insider data and embezzle finance establishment funds.
Sector-wide steering
To assist its monetary providers members, Finans Norge has launched the Information to Personnel Safety in The Monetary Trade (GPSFI). The GPSFI is meant to function a roadmap to assist organisations within the sector higher handle “inner danger” regarding fraud, whereas defending lack of belongings by utilizing superior digital and customised synthetic intelligence (AI) applied sciences to restrict personnel authorised entry to restricted areas for respectable functions.
However that Norway’s monetary providers {industry} is changing into more and more sturdy within the face of digital threats, using “insiders” by unhealthy actors poses a brand new stage of safety danger for banks and insurance coverage teams, mentioned Therese Høyer Grimstad, Norge Finans’ director of labour relations.
“The information’s goal is to help firms within the monetary {industry} to deal with personnel safety in such a approach that their belongings are sufficiently protected. The information additionally informs about workers’ rights and privateness, which have to be safeguarded,” Grimstad mentioned.
The GPSFI addresses employment legislation and different authorized points to make sure that the community safety and cyber defence measures adopted to counter inner fraud and information breaches by unhealthy actors conform to Norway’s office discrimination and information safety laws.
“By strengthening efforts overlaying personnel safety, it permits our finance sector members to change into extra geared up to deal with more and more advanced menace conditions,” mentioned Grimstad.
The escalating menace posed by inner fraud amongst Norway’s 123 industrial, digital and financial savings banks has change into a big problem for Økonomisk (Økonomisk Kriminalitet og Miljøkriminalitet), the nation’s nationwide authority for the investigation and prosecution of financial crime.
Økokrim is presently operating seven separate investigations involving financial institution workers colluding with unhealthy actors to defraud their employers, mentioned Pål Lønseth, the police company’s director basic.
“We’re seeing a pointy rise in digital threats and financial institution fraud actions the place sure personnel are performing in a disloyal option to their employers by collaborating with exterior associates. The tip-goal is to embezzle monies by serving to criminals achieve entry to financial institution belongings,” Lønseth mentioned.
New and severe threats
Quantum computer systems might provide a brand new type of rising menace and problem for IT community safety within the banking sphere, provided that they may finally make present encryption strategies out of date.
Deepfake expertise can also be including a layer of complexity to monetary fraud, doubtlessly enabling unhealthy actors at nighttime internet impersonate financial institution administrators by utilizing AI manipulation instruments to breed voices and faces.
A survey carried out by Finans Norge in 2024 discovered that lower than 20% of financial institution executives seen the evolution of quantum computer systems as an actual future menace to their IT safety defences. Round 40% of financial institution executives regarded malware and ransom ware as posing a better diploma of danger and menace to their operations and IT community safety.
Banks in Norway are lobbying the federal government to introduce further measures to assist firms within the finance sector enhance their cyber safety capacities by means of the implementation of simpler legislative protections.
Particularly, banks in Norway need the federal government to include the European Union’s Community and Data Programs 2 (NIS2) directive into Norwegian laws on the earliest alternative.
A member of the European Financial Space (EEA), Norway’s relationship with the EU is constructed on commerce and supplementary financial treaties lively by means of the EEA. Norway is a part of the EU’s single market and the Schengen free-travel areas. Round 68% of the nation’s exports are with EU nations.
Financial institution chiefs view the early implementation of the NIS2 (changing NIS1 2016) in Norway as a elementary legislative motion by authorities to ship an up to date framework for cyber safety to the entire of the monetary providers sector.
Banks in Norway consider that the NIS2 would set up a excessive widespread customary of safety coupled with a unified authorized framework for community and knowledge methods advantageous to monetary providers organisations.
Wider cooperation
Banks in Norway are additionally ramping up cooperation with monetary teams throughout the Nordic area with the intention of constructing data platforms to share experience and IT community safety options related to bolstering cyber safety defences.
In a Nordic context, Denmark and Sweden are considered being forward of Norway when it comes to work achieved to guage cyber safety dangers and threats attaching to AI. Denmark and Sweden are additionally forward in growing defensive instruments to fight the ever extra refined misleading strategies being utilized by unhealthy actors at nighttime internet to penetrate financial institution IT community defences to illegally applicable belongings.
Finansforbundet, Denmark’s monetary providers union, is advising industrial financial institution and monetary sector members to take a position extra closely in AI-related danger coaching with the objective of reinforcing their on-line platforms and IT networks with a extra superior layer of safety safety.
It’s crucial that banks in Denmark and the Nordic area undertake efficient measures to make sure management over information earlier than introducing AI, mentioned Dorrit Brandt, chairman of Finansforbundet.
“There are benefits and dangers with AI. The power to keep up management over information is essential. There will likely be effectivity positive factors, and in some instances the introduction of AI will translate into layoffs over the quick time period for finance firms,” Brandt mentioned.
Denmark’s monetary sector is within the technique of introducing AI on a broader scale. An {industry} evaluation carried out in February (2025) by Arbejderbevægelsens Erhvervsråd, the Danish labour motion’s Financial Council, calculated that 98% of all jobs within the nation’s monetary sector will to a point be affected by AI whereas an extra 9% might be automated over the following twenty years.
The response by Nordic banks to the AI revolution is obvious within the uptick in spending on personnel upskilling programmes that observe developments within the expertise and assist construction coaching necessities.
Specialised coaching is being offered to workers by banks to focus on the brand new dimension of IT community safety menace that AI poses, in addition to how the expertise is reshaping typical cyber safety defences lengthy employed by banks and insurers to safeguard IT networks and monetary belongings.
“As a precedence, there must be a complete programme of upskilling in generative AI throughout the monetary sector. We’re confronting some of the transformative applied sciences ever. The {industry} wants to remain alert and stay in management,” Brandt mentioned.
