Over 100 Finnish cybersecurity decision-makers report: Employee training remains the top investment, even in the AI era(New bulletin)

According to a survey commissioned by Elisa*, over 90% of large enterprises in Finland believe that cyber threats have increased in recent years. Finnish companies are preparing to protect their employees against increasingly realistic phishing attempts through training. Business leaders trust the cybersecurity expertise of the Finnish authorities, but not many are confident in political leaders at the national or EU levels. Three quarters of respondents also expect cybersecurity investments to grow in the coming years.

The clear number one area for investment is employee training, with 73% of companies planning to invest more in this area. The reason is obvious: 83% of companies view phishing as the most significant cyber risk, with malware (61%) and data breaches (58%) seen as the next biggest risks.

"Phishing has long been a tool in criminals' toolkits, but the methods and channels they use are evolving. This autumn, we've seen scammers making contact with employees through Teams about 'technical support issues'. To maintain readiness among employees, training must be continuous rather than occasional", says Sakari Pihlhjerta, who heads Elisa's cybersecurity business.

Behind training, companies' shopping lists include access management and identity protection, cloud services and data security, and AI-related cybersecurity. Just under half of respondents are planning to invest in these areas. "AI is a growing theme in Finland, but it is only fourth on the list. Well-trained people and identity management are the main ways we can defend against threats in the AI era", Pihlhjerta adds.

Impressively, 85% of cybersecurity decision-makers trust the Finnish authorities when it comes to cyber issues, with Traficom's National Cyber Security Centre receiving particular praise; however, only 37% of respondents have trust in cybersecurity expertise at the EU level. Increased regulation may reflect this trust gap.
"At worst, increased regulation can create an either-or situation in companies: you can comply with regulations, or you can rapidly react to changing threats, but there aren't enough resources for both. The positive thing is that there is a lot of trust in the Finnish authorities, and cooperation between the public and private sectors works well in Finland", explains Pihlhjerta.

In addition to increased regulation, assessing the financial value of cyber risks and the poor economic situation were viewed as the most significant challenges in developing cybersecurity.

*Elisa conducted a comprehensive survey in the first half of 2025, asking business leaders responsible for cybersecurity about their organisation's cyber readiness and future investment needs. Most of the respondents represented large enterprises operating in Finland. In addition to the survey (n=101), the study was supplemented by 11 qualitative interviews.

More information and interview requests:

Elisa Mediadesk, [email protected], tel. +358 50 305 1605

Elisa is a pioneer in telecommunications and digital services, and our mission is a sustainable future through digitalisation. With over 140 years of experience, we provide sustainable solutions for over 2.8 million consumer, corporate and public administration customers in our core markets of Finland and Estonia, as well as in over 100 countries internationally. In Finland, Elisa is the market leader in telecommunications, and internationally, we offer digital software services. Elisa employs over 6,700 professionals in over 20 countries, and revenue in 2024 was EUR 2.2 billion. Elisa Corporation shares are listed on the Nasdaq Helsinki. elisa.com