Cyber threats

Cyber threats to national security can arise in the form of cyber espionage or influence by foreign powers. The side effects of cybercrime may also pose a threat to national security as society becomes increasingly dependent on the smooth operation of information systems.

Illustration: blue windows.

State-sponsored cyber espionage remains the most important cyber threat. Finland is a target of continual attempts at cyber espionage, with no prospect of such operations subsiding, even in the long term. Authoritarian states use espionage to gather intelligence in support of their own national policymaking, and in order to influence the policymakers who are targeted by such operations. They may also seek to exert a deterrent effect by demonstrating their capacity to operate in a cyber environment.

Cyber espionage may also seek to obtain details of R&D work with a view to enhancing the global competitive status of authoritarian states and their business operations. Information of this kind is mainly held by the private business sector in Finland, but can also be found in universities and research institutes.

Ransomware can disrupt society

In May 2021 the Colonial Pipeline Company had to interrupt fuel distribution on the East Coast of the USA when ransomware encrypted the information in its invoicing system. This measure prevented billing and blocked the company from accessing its own data.
The Coop groceries chain and a pharmacy in Sweden were forced to close in June 2021 when a US-based provider of software services fell victim to ransomware. The attack disrupted cash register systems at retail outlets.

The information systems that are targeted by cyber espionage may be accessed via vulnerabilities. Such vulnerabilities may also enable cyber influencing, meaning unauthorised modification of information or blocking of access to information. The damage that can be done by modifying data or preventing access to it increases as more functions of society are placed on a digital footing.

The threat of cyber influencing is currently associated with financially motivated extortion. While this is only undertaken with the prospect of financial gain, and does not seek to threaten the state of Finland, the side effects of such activities may endanger national security if they disrupt a system that is critical to the functioning of society.

The system owner is optimally placed to protect an information system, and a large share of Finland’s critical infrastructure now belongs to private businesses. Ensuring business continuity remains an established part of normal corporate management, but securing information is a technical issue that is still often the responsibility of a specialised data management or security service. Outsourcing arrangements standardly manage such aspects of business continuity on a contractual basis, but measuring the effectiveness of data protection measures is not yet commonplace. This increases the risk of becoming a target of cybercrime.


Cyber espionage is highly likely to continue, even in the long term, as global confrontation heightens the pressure on authoritarian states to procure secret intelligence from Finland with growing disregard for Finland’s sovereignty.

Finnish information systems are unlikely to be targeted by the hostile cyber influencing operations of foreign powers in the medium term unless security policy conditions become significantly more difficult.

While Finland has a fairly good data security culture, it is likely that a Finnish business or branch of public administration will fall victim to a criminal ransomware attack. It is also possible for this to constitute a threat to national security.

Probability terms used in the report 

Highly improbable 5 % 
Improbable 20 % 
Possible 50 % 
Probable 75 % 
Highly probable 90 % 

Time assessments used in the report 

In the near future 0–6 months 
Short term 6 months–2 years 
Medium term 2–5 years 
Long term over 5 years