Norway and Nordic monetary sector ramps up cyber safety

Finans Norge, the central organisation for banks and monetary companies suppliers in Norway, has established a devoted Cyber Menace Assist Unit (CTSU) that may collaborate with financial institution members to supply skilled help and a centralised useful resource to share cyber threat experiences, IT community safety strategies and advocate defence risk options.   

The formation of the CTSU represents a direct response to the escalating risk of ever extra aggressive cyber assaults in opposition to banks, and the emergence of latest dangers involving unhealthy actors collaborating with financial institution staff to seize insider data and embezzle finance establishment funds.   

Sector-wide steerage

To help its monetary companies members, Finans Norge has launched the Information to Personnel Safety in The Monetary Business (GPSFI). The GPSFI is meant to function a roadmap to assist organisations within the sector higher handle “inner threat” referring to fraud, whereas defending lack of property through the use of superior digital and customised synthetic intelligence (AI) applied sciences to restrict personnel authorised entry to restricted areas for professional functions.   

However that Norway’s monetary companies {industry} is turning into more and more sturdy within the face of digital threats, the usage of “insiders” by unhealthy actors poses a brand new degree of safety threat for banks and insurance coverage teams, mentioned Therese Høyer Grimstad, Norge Finans’ director of labour relations. 

“The information’s objective is to help firms within the monetary {industry} to deal with personnel safety in such a manner that their property are sufficiently protected. The information additionally informs about staff’ rights and privateness, which should be safeguarded,” Grimstad mentioned. 

The GPSFI addresses employment legislation and different authorized points to make sure that the community safety and cyber defence measures adopted to counter inner fraud and knowledge breaches by unhealthy actors conform to Norway’s office discrimination and knowledge safety laws.  

“By strengthening efforts masking personnel safety, it permits our finance sector members to turn into extra geared up to deal with more and more complicated risk conditions,” mentioned Grimstad. 

The escalating risk posed by inner fraud amongst Norway’s 123 industrial, digital and financial savings banks has turn into a big problem for Økonomisk (Økonomisk Kriminalitet og Miljøkriminalitet), the nation’s nationwide authority for the investigation and prosecution of financial crime.   

Økokrim is at the moment working seven separate investigations involving financial institution staff colluding with unhealthy actors to defraud their employers, mentioned Pål Lønseth, the police company’s  director common.  

“We’re seeing a pointy rise in digital threats and financial institution fraud actions the place sure personnel are appearing in a disloyal approach to their employers by collaborating with exterior associates. The top-goal is to embezzle monies by serving to criminals acquire entry to financial institution property,” Lønseth mentioned. 

New and critical threats

Quantum computer systems could supply a brand new type of rising risk and problem for IT community safety within the banking sphere, provided that they might finally make present encryption strategies out of date.   

Deepfake know-how can be including a layer of complexity to monetary fraud, doubtlessly enabling unhealthy actors in the dead of night internet impersonate financial institution administrators through the use of AI manipulation instruments to breed voices and faces.     

A survey carried out by Finans Norge in 2024 discovered that lower than 20% of financial institution executives considered the evolution of quantum computer systems as an actual future risk to their IT safety defences. Round 40% of financial institution executives regarded malware and ransom ware as posing a better diploma of threat and risk to their operations and IT community safety.   

Banks in Norway are lobbying the federal government to introduce further measures to assist firms within the finance sector increase their cyber safety capacities by the implementation of more practical legislative protections.  

Particularly, banks in Norway need the federal government to include the European Union’s Community and Data Techniques 2 (NIS2) directive into Norwegian laws on the earliest alternative. 

A member of the European Financial Space (EEA), Norway’s relationship with the EU is constructed on commerce and supplementary financial treaties lively by the EEA. Norway is a part of the EU’s single market and the Schengen free-travel areas. Round 68% of the nation’s exports are with EU nations.   

Financial institution chiefs view the early implementation of the NIS2 (changing NIS1 2016) in Norway as a elementary legislative motion by authorities to ship an up to date framework for cyber safety to the entire of the monetary companies sector.  

Banks in Norway consider that the NIS2 would set up a excessive frequent customary of safety coupled with a unified authorized framework for community and knowledge programs advantageous to monetary companies organisations.  

Wider cooperation

Banks in Norway are additionally ramping up cooperation with monetary teams throughout the Nordic area with the goal of constructing data platforms to share experience and IT community safety options related to bolstering cyber safety defences.     

In a Nordic context, Denmark and Sweden are considered being forward of Norway when it comes to work carried out to guage cyber safety dangers and threats attaching to AI. Denmark and Sweden are additionally forward in growing defensive instruments to fight the ever extra refined misleading strategies being utilized by unhealthy actors in the dead of night internet to penetrate financial institution IT community defences to illegally applicable property.  

Finansforbundet, Denmark’s monetary companies union, is advising industrial financial institution and monetary sector members to speculate extra closely in AI-related threat coaching with the objective of reinforcing their on-line platforms and IT networks with a extra superior layer of safety safety. 

It’s crucial that banks in Denmark and the Nordic area undertake efficient measures to make sure management over knowledge earlier than introducing AI, mentioned Dorrit Brandt, chairman of Finansforbundet.

“There are benefits and dangers with AI. The flexibility to take care of management over knowledge is essential. There can be effectivity positive factors, and in some instances the introduction of AI will translate into layoffs over the quick time period for finance firms,” Brandt mentioned.  

Denmark’s monetary sector is within the means of introducing AI on a broader scale. An {industry} evaluation carried out in February (2025) by Arbejderbevægelsens Erhvervsråd, the Danish labour motion’s Financial Council, calculated that 98% of all jobs within the nation’s monetary sector will to some extent be affected by AI whereas an additional 9% might be automated over the subsequent twenty years.   

The response by Nordic banks to the AI revolution is obvious within the uptick in spending on personnel upskilling programmes that observe developments within the know-how and assist construction coaching necessities.  

Specialised coaching is being supplied to staff by banks to spotlight the brand new dimension of IT community safety risk that AI poses, in addition to how the know-how is reshaping standard cyber safety defences lengthy employed by banks and insurers to safeguard IT networks and monetary property.  

“As a precedence, there must be a complete programme of upskilling in generative AI throughout the monetary sector. We’re confronting some of the transformative applied sciences ever. The {industry} wants to remain alert and stay in management,” Brandt mentioned.