Säpo’s latest intelligence assessment reveals a more aggressive, risk-tolerant Moscow—and a business landscape dangerously unprepared for hybrid warfare
Sweden’s Security Service (Säpo) has issued its starkest warning yet: Russia is not merely persistent—it is becoming bolder. In the agency’s latest annual assessment, Security Police Chief Charlotte von Essen delivered an unequivocal message to Swedish industry: Moscow’s intelligence apparatus has shifted tactics, demonstrating “more offensive Russian actions with covert influence activities” and an “endless” appetite for information acquisition.
For Nordic business leaders, the implications extend far beyond government security briefings. This is a direct challenge to corporate resilience, supply chain integrity, and strategic planning in an era where the lines between statecraft and commerce have blurred beyond recognition.
The New Risk Calculus: From Cautious to Confrontational
Säpo’s characterization of Russia as “more risk-averse than before” demands careful parsing. In intelligence parlance, this signals a troubling evolution: Russian operatives are increasingly willing to accept operational risks that would have been unthinkable pre-2022. The invasion of Ukraine has not depleted Moscow’s covert capabilities—it has redirected them.
Operations Chief Fredrik Hallström revealed that Säpo investigated “hundreds of suspicious incidents” over the past year. While the agency has not established definitive links between these events and state-sponsored sabotage, the pattern is unmistakable. Russian agents have been actively mapping Sweden’s critical infrastructure—documenting protection values, identifying vulnerabilities, and establishing networks for potential future activation.
Critically, Hallström noted attempts at “destructive cyber-attacks” against Swedish targets. This aligns with broader Nordic trends: according to the Nordic Cyber Summit 2024 report, ransomware attacks have surged by up to 400% in some instances across the region since Sweden and Finland joined NATO. The Baltic Sea, once a commercial highway, has become a contested zone where undersea cable disruptions and GPS jamming occur with increasing frequency.
The Business Implications: Beyond Compliance to Resilience
Carolina Björnsdotter Paasikivi, Head of Säpo’s Security Department, delivered a pointed message to the private sector: “Business operators need to be aware of who they are dealing with and who they are doing business with.”
This is not abstract guidance. Recent intelligence from February 2026 reveals Russia is now recruiting individuals with substance addiction issues for sabotage missions—exploiting vulnerable populations as expendable assets in hybrid warfare campaigns. The tactic underscores Moscow’s operational creativity and moral flexibility. If Russian intelligence services are willing to weaponize social marginalisation for physical sabotage, corporate security teams must assume no sector remains off-limits.
The Nordic business community faces a particular vulnerability. The region’s advanced digital infrastructure—long a competitive advantage—has become an attack surface. Research from Fastly indicates that 66% of Nordic companies now view cyber and technological risks as their primary external threat, while 58% identify infrastructure and utility failures as significant security concerns. Yet paradoxically, 53% of organizations admit they feel unprepared to face sophisticated threats, and 51% acknowledge their internal cybersecurity technologies are insufficient.
This confidence gap—between recognised risk and defensive capability—represents the single most critical challenge for Nordic C-suites in 2026.
The Terrorism Vector: When Ideology Meets Opportunity
Säpo maintains Sweden’s terrorist threat level at “elevated” (three on a five-point scale), but the nature of that threat is evolving. Von Essen highlighted a disturbing trend: “The violence itself may be superior to the ideology, especially among young people.” This suggests a fragmentation where radicalisation pathways have shortened and operational capacity has decentralised.
The reference to the Sydney Bondi Beach attack serves as a reminder that seemingly distant events can inspire localised violence. More concerning for Nordic business is Säpo’s warning about state-sponsored “deniable terrorism”—particularly from Iran. Hallström emphasised that Tehran may commission attacks through criminal networks operating within Sweden, targeting Israeli interests and perceived opponents.
For multinational corporations with Israeli partnerships, Jewish employees, or operations in contested markets, this creates a complex security environment where traditional threat assessments may underestimate state-criminal nexuses.
Strategic Context: NATO Accession and the Baltic Flashpoint
Sweden’s March 2024 NATO membership has fundamentally altered its threat profile. As the Jamestown Foundation analysis notes, Sweden’s accession transformed the Baltic Sea into “a NATO lake”—a strategic reality that Moscow finds intolerable. The Russian embassy in Stockholm reportedly maintains intelligence officers comprising approximately 30% of its diplomatic staff, with the Russian Orthodox Church serving as a parallel collection platform.
Military intelligence (MUST) has warned that Russia may initiate new military confrontations within 12 months, with potential for limited armed attacks on individual military facilities or units in the short term, escalating to broader campaigns over 5-10 years. This timeline—overlapping with corporate strategic planning horizons—demands integration of geopolitical risk into business continuity frameworks.
The three threat horizons identified by MUST deserve board-level attention:
- 0-12 months: Limited armed attacks on specific facilities possible
- 3-5 years: Russia could achieve local air superiority or impose naval blockades
- 5-10 years: Potential for broader territorial campaigns
For industries dependent on Baltic Sea shipping, Gothenburg port operations, or northern supply routes, these scenarios require contingency planning that extends well beyond traditional insurance and hedging strategies.
The China-Iran Axis: Multiplying Complexity
While Russia dominates Säpo’s threat assessment, the agency explicitly identifies China and Iran as primary external threats. Beijing’s approach differs fundamentally—stressing long-term economic influence, technology theft, and diaspora community targeting rather than overt sabotage. Yet the convergence creates a multi-vector challenge where corporate security teams must simultaneously defend against Russian-style hybrid operations, Chinese industrial espionage, and Iranian proxy networks.
The NIS2 Directive, scheduled for full implementation across the EU, provides a regulatory framework for critical infrastructure protection. However, compliance alone will prove insufficient. As the Nordic Cyber Summit report emphasizes, organizations must shift “from security to resilience”—accepting that breaches will occur and focusing on operational continuity.
Recommendations for Nordic Business Leadership
1. Conduct Geopolitical Due Diligence on Partnerships
Säpo’s warning about knowing “who you are dealing with” extends to supply chain verification, joint venture screening, and vendor assessment. Russian intelligence has demonstrated particular interest in technology transfer and dual-use capabilities.
2. Reassess Critical Infrastructure Dependencies
With confirmed Russian mapping of protection values, companies should evaluate physical security for data centres, energy connections, and logistics hubs. The threshold for state-sponsored sabotage has lowered—prepare accordingly.
3. Integrate Cyber and Physical Security
The “destructive cyber-attacks” referenced by Säpo represent a shift from espionage to disruption. Board-level cybersecurity oversight must include scenarios where digital attacks enable physical consequences.
4. Develop Crisis Protocols for Hybrid Incidents
Traditional business continuity planning assumes discrete, identifiable threats. Hybrid warfare—combining cyber, economic, information, and potentially kinetic elements—requires adaptive response frameworks.
5. Engage with Government Intelligence Sharing
Säpo has emphasized its active prevention of foreign power access to security-sensitive activities. Proactive engagement with national security services, where legally permissible, can provide threat intelligence unavailable through commercial channels.
Conclusion: The Resilience Imperative
Säpo’s assessment arrives at an inflection point. The Nordic model—characterized by openness, digital integration, and collaborative governance—faces stress tests from adversaries who exploit these very strengths. Russia’s increased risk tolerance, Iran’s proxy networks, and China’s patient economic infiltration represent distinct but complementary challenges.
For business leaders, the message is clear: security is no longer a cost centre or compliance exercise. It is a fundamental component of strategic positioning in an era where commercial advantage and national security have become inseparable. The organizations that thrive in this environment will be those that internalize Säpo’s warning not as government alarmism, but as operational intelligence requiring immediate organisational response.
The Baltic Sea may be a NATO lake, but the waters remain turbulent. Nordic business must learn to navigate them.
About the Author: Nordic Business Journal’s Security Desk covers geopolitical risk, corporate intelligence, and critical infrastructure protection across the Nordic region.
Next In This Series
Coming April 2026: “The Supply Chain Fortress” — How Nordic corporations are restructuring procurement, nearshoring critical components, and building redundancy into logistics networks amid geopolitical fragmentation. We’ll examine case studies from the defence, pharmaceutical, and energy sectors on operational resilience in an era of state-sponsored economic warfare.
Connect with our reporting team: Have insights on Nordic corporate security challenges? Contact our editors at security@nordicbusinessjournal.com or connect with us on LinkedIn at Nordic Business Journal Official.
Subscribe to our weekly Security Briefing for Nordic C-suites—delivering actionable intelligence on threats, regulatory developments, and best practices every Tuesday.
Sources: Swedish Security Service (Säpo) Annual Report 2024-2025; Military Intelligence and Security Service (MUST) Annual Assessment 2026; Nordic Cyber Summit 2024; Fastly Security Research Report Nordics 2025; Jamestown Foundation analysis.