Banking Resilience: Building Cyber Incident Response in the Finnish Financial Sector

Abstract

Cybersecurity incidents in the financial sector pose systemic risks to economic stability and societal continuity. Despite extensive regulatory oversight and generally high cybersecurity maturity, recent incidents in Finland have revealed persistent weaknesses in incident response and recovery. Using a recent incident at the Nordic bank Nordea as a descriptive case, the study examines governance structures, role allocation and skills coordination during cybersecurity incidents at the sectoral level. The research data consist of document analysis of public incident-related material and six semi-structured interviews with cybersecurity professionals experienced in the financial sector. The analysis is informed by established cybersecurity governance and incident response frameworks. The data were analysed using thematic analysis to identify key patterns and gaps in incident response practices. The findings indicate that while preventive controls in the Finnish financial sector are well-developed, effective incident response is constrained by rigid structures, fragmented accountability, and limited application of skill-based roles. Incident response is frequently managed within functional silos, reducing shared situational awareness and slowing adaptive decision-making. The study contributes to cybersecurity and crisis management literature by contextualising the European Cybersecurity Skills Framework within financial-sector incident response and highlighting the importance of continuous learning, clear role coordination, and flexible governance mechanisms.