From threat to action: How to navigate the cyber battlefield

In the current digital landscape, cyberattacks have become an inevitable concern, which calls for a shift from if to when. Implement Consulting Group, in collaboration with the Chamber of Commerce and Industry of Southern Sweden and Recorded Future, recently hosted a webinar guiding participants from cyber threat theory to a pulse-raising crisis simulation. This article delves into the essential learnings from the webinar, "Hacked – Do You Have a Plan?", providing actionable insights for organisations to foster robust preparedness against cyber threats.

A rapidly shifting cyber threat landscape 

The scale and sophistication of cyberattacks are growing at an alarming pace. Julius Nicklasson from Recorded Future highlighted that criminal networks are shifting tactics, turning to crypto theft and AI-powered fraud as their new business models.

“What’s really changed in the past year is how cybercrime is organised. It’s no longer just individuals; it’s structured networks that operate almost like businesses.”

Moreover, the connection between cyber and geopolitics has never been more obvious.

Consider the facts:

• Cyberattacks in Sweden increased by 165% last year compared to the same period the year before[1]
• Sweden’s NATO membership increases its exposure to state-sponsored hacker groups
• Cybercrime now generates more revenue than the world’s largest economies – making it the third largest “economy” globally after the USA and China
• Ransomware and supply chain attacks are hitting hardest in critical sectors like manufacturing, retail, and public services

This growing threat landscape is not just a matter of statistics and facts; it demands practical readiness. Understanding the risks is only the beginning; the real challenge lies in how well we can respond when every second counts.

What we learned from simulating a cyber crisis 

A crisis simulation reveals gaps, tests decision-making under pressure, and prepares teams to act fast when real crisis occurs. In a live webinar session, a crisis simulation was conducted: a targeted cyberattack on the fictional company GreenBite Falafel. Watch the webinar here (Webinar in Swedish)

Here are the key takeaways:

Information gaps cause paralysis – among leaders, staff, and potentially the public. Without timely, reliable updates, leadership freezes. Decision-making breaks down in uncertainty.

Communication can build or break trust – failing to engage with media and customers fuels speculation and undermines confidence.

Your supply chain is your soft spot – when GreenBite’s IT supplier Data Fortress was compromised, production came to a complete standstill.

Paying a ransom is not a decision to make in panic – whether to pay should be decided well in advance and not in the middle of a crisis.

Manual backup routines are business-critical – fallback processes for ordering, delivery, and invoicing became the top priority after six hours of simulated chaos.

Five pillars of digital resilience 

The crisis simulation exposed just how quickly confusion can spread and operations can be disrupted, but it also highlighted where action can make a real difference. Here is how organisations can translate those insights into concrete steps to strengthen resilience and recover faster from cyber incidents and attacks:

1. Data-driven threat analysis

Leverage real-time intelligence on vulnerabilities, threat actors, and attack vectors to focus on your resources effectively.

2. Continuous supplier risk management

Identify and classify ICT vendors by assessing to what extent they support critical processes and deliver critical functions. Demand transparency and rehearse joint crisis scenarios.

3. Crisis and communication planning

Define clear roles, mandates, and decision thresholds. Simulate a crisis at least once a year – with management, IT, communication, and other functions all present, either in the same room or virtually.

4. Technical tests and manual contingency procedures

A combination of penetration tests and other technical manual contingency procedures should be regularly tested for your most critical processes.

5. Regulations as strategic drivers

Frameworks like NIS2 and DORA demand more than compliance. Used right, they can strengthen internal governance, promote executive ownership of cyber risk, and support more informed decisions on security investments.

Start before it becomes urgent 

Combining threat intelligence with hands-on experience from simulations, cybersecurity is not just an IT issue, it is a shared responsibility between business operations and digital/IT/security. Building resilience requires cross-functional coordination across security, management, communications, operations, and trusted partners.

And one thing is clear: practising your crisis response in advance makes all the difference. The time to prepare is now – not when your screen goes dark.