The Nordic Financial CERT was established in 2017 as a collaborative initiative for strengthening cybersecurity.
Today, the organization brings together over 200 financial institutions – including leading players such as Nordea, DNB, and Danske Bank, plus the central banks in all five Nordic countries. The organization’s core activities include intelligence sharing, joint analysis of threats and incidents, coordination during major cyber events, and more.
As the threats and attacks grow in both volume and sophistication, we spoke with Nordic Financial CERT’s general manager, Morten Drægni, about the early challenges, current trends, and the future.
Nordic Financial CERT’s history dates to almost a decade ago – which disruptions were most prevalent then and how has the environment changed?
The threat landscape was markedly different from today. The most prevalent disruptions were malware campaigns (such as banking trojans), targeted intrusions by relatively well-defined threat groups, and disruptive attacks such as DDoS. Many threat actors operated their own infrastructure, which made attribution comparatively more straightforward.
Over the past 10 years, one of the most notable shifts has been the professionalization and commercialization of cybercrime. Threat actors have increasingly moved away from operating everything themselves toward a “cybercrime-as-a-service” ecosystem where access, tools, and services are bought and sold.
In parallel, certain groups have shifted from a dedicated focus on the financial sector to a more opportunistic approach. This has increased both the speed and scale at which attacks can be launched and lowered the barrier to entry for less sophisticated actors.
Nordic Financial CERT’s Trend Report 2026 lists AI among the future cross-strategic threats.
AI has become a central topic in both banking and cybersecurity. From a threat perspective, we are observing an increase in capacity rather than capability. AI enables threat actors to operate at greater scale and with higher efficiency. For example, phishing messages are generally better written and more convincing than before.
AI has made attacks more efficient, but we have not seen an increase in successful, high-impact breaches. However, some members report an increase in AI usage for fraud purposes, such as deepfake videos.
What are the effects of new regulation (such as DORA and the EU AI Act) on banks’ resilience?
Frameworks such as DORA, NIS2, and the EU AI Act reinforce expectations around governance, risk management, and operational resilience. While demanding, they contribute positively to resilience by strengthening focus on third-party risk, incident response, and accountability. They also contribute to shifting perceptions – what was seen as a pure technical domain 10 years ago now has matured into enterprise risk and an executive/board-level matter.
Which issues do you foresee gaining more traction and where is the human factor in the cybersecurity discussion?
AI and large language models will continue to play a prominent role. And the human factor remains central – while tooling evolves rapidly, people are still responsible for decisions, configurations, and responses. Building resilience is therefore as much about culture, collaboration, and competence as it is about technology.
What are some of the major milestones ahead for Nordic Financial CERT?
The ambition is to remain ahead of emerging threats, support members in preparing for multiple plausible futures, and contribute to a resilient and trusted Nordic financial system. One of our focus areas going forward will be to increase data sharing to combat financial crime in the finance sector.