The question is no longer if your organization will be attacked, but how well prepared it will be when it happens.
René Eriksen, VP IT Managed Services, and Odd Egil Byrkjedal, Security Advisor at Embriq, explain why cybersecurity needs to move up the leadership agenda, not as a technical measure, but as a strategic investment.
Digitalization brings new opportunities and increased risk
Digital transformation enables efficiency, innovation, and flexibility, but it also opens more doors for malicious actors. Cloud platforms, IoT, and integrated systems increase the attack surface.
“The more we digitalize, the more surfaces we expose to attacks. That means more vulnerabilities and greater financial risk,” explains René.
According to the Norwegian National Security Authority’s Risk 2025 report, 76% of Norwegian businesses reported serious ICT-related incidents in 2024. The consequences of major attacks often reach millions in losses and can disrupt production and value chains for weeks or months.
René Eriksen, VP of IT Managed Services at Embriq
When production stops, revenue stops
IT and OT systems form the backbone of many businesses. OT controls physical operations such as production lines, machinery, and energy generation. When these are hit, it’s not just the data systems that go down production and value creation grind to a halt.
“When IT or OT supports value creation, the consequences go far beyond downtime. Customers, revenue, and reputation are at stake. This can trigger contract breaches and compensation claims,” René says.
“Lost production days lead to direct financial losses. At the same time, you risk losing trust and customers,” Odd Egil adds.
Many small businesses mistakenly believe they’re not targets for cyberattacks.
“One of the biggest misconceptions I encounter is that small companies think they aren’t on hackers’ radar. But they’re attractive exactly because their defenses are often weaker,” says Odd Egil.
Odd Egil Byrkjedal, Sales Executive, Embriq
Security is an investment, not a cost
Cybersecurity should be seen as a safeguard for business value creation: an investment that reduces the impact when something goes wrong.
In a budget-conscious year, it’s natural to scrutinize every expense, but security must be assessed based on what it protects.
“When production stops or data is lost, the consequences can quickly outweigh any savings. Cost-cutting doesn’t help if your revenue disappears,” René explains.
“Many believe the risk is low, but compared to the cost of a breach, the investment is absolutely worth it,” Odd Egil adds.
Security work starts with insight
Strategic control requires leadership to know which systems are critical, how they are integrated, who has access, and what the consequences would be if they fail.
“Technologists often use jargon that can be hard to understand and meanings shift depending on the context. We need to communicate clearly so that leadership sees both risk and consequence. It’s about securing value creation today and tomorrow,” says René.
“Segment your systems and protect the most valuable ones. Understand how your platform is connected and accessible. Not everything requires the same level of protection, but your critical assets must be secured holistically. Emergency response plans are essential,” he continues.
The threat landscape evolves constantly, so your security strategy must be continuous and risk-based.
“The first step any business should take is a gap analysis. It shows where the greatest risks lie and helps prioritize the actions that reduce them,” says Odd Egil.
Strategic and future-focused
Cybersecurity isn’t a one-off project you can check off. It’s an ongoing part of your company’s ability to manage risk and protect value, especially for those responsible for critical infrastructure. In an unpredictable landscape, the leaders who prioritize security today will be the strongest tomorrow.
This article was published in Aftenposten on June 10, 2025.
You can read it on Aftenposten here.