Staff perspective:  

Key takeaways from Forum International de la Cybersécurité 2025 in Lille!

Kista Science City’s Sakarias Strand attended Forum International de la Cybersécurité 2025 (InCyber Forum) in Lille as the only Swedish delegate. In this firsthand report, he highlights Europe’s leading cybersecurity strategies, emerging trends, and practical innovations—and explores how Sweden can accelerate its own cybersecurity readiness by learning from front-runners like France and Belgium.   

   

4 April, 2025   

As I sat backwards on the high-speed train from Lille to Charles de Gaulle, laptop balanced on my knees, the moment felt symbolic. The movement mirrored the difference I often sense when returning to Sweden’s cybersecurity conversation. While France charges ahead with integration, collaboration, and AI-driven innovation, Sweden seem stuck—awaiting clearer guidance, focused on compliance checklists and vendor comparisons. 

Held in Lille, France’s rising capital of cybersecurity, InCyber Forum gathered over 20,000 attendees from 103 countries, plus another 4,000 online. It was a dense, intense, expertly curated three-day event. Attendees sat on floors, feverishly taking notes, absorbing intelligence you simply won’t find on Google. Many talks enforced strict photo bans—for good reason. 

It was an honor to be the only Swedish delegate, invited by Business France as part of their France 2030 program. Being there in person—surrounded by global frontrunners and firsthand innovation—offered a rare window into how fast the field is evolving. 

photo credit: InCyber Forum

France leads by doing: Cybersecurity as a national priority  

France isn’t just theorizing cybersecurity—it’s funding, implementing, and operationalizing it. The 2021–2025 National Cyber Plan has already spawned 50 consortiums, with new cyber unicorns emerging through state-backed incubators like Cyber Booster. The result is a highly curated cyber economy where integration trumps invention, and commercialization—not just research—is the benchmark of success.  

Through initiatives like the France 2030 export program and a growing network of national Cyber Campuses, France connects government, defense, academia, and industryThe goal isn’t just to study threats—it’s to actively deploy integrated, scalable solutions. In parallel, France is realigning cybersecurity education with industry needs, prioritizing hands-on skills and real-world problem-solving that prepares graduates to meet live threats from day one. 

The key difference from Sweden? French actors aren’t waiting for another strategy paper—they’re already running. 

A standout trend at the forum was the mature integration of AI-driven solutions—often without explicitly marketing themselves as ‘AI.’ Rather than pushing consulting or certifications, exhibitors showcased integrated technologies built on open-source intelligence. Behind the scenes, Large Language Models (LLMs) support tasks like vulnerability triage, risk modeling, OSINT, and attacker simulations. 

Belgium’s NIS2 certification framework: A model for Europe  

While France leads on integration and support structures, Belgium is gaining attention for its regulatory-first NIS2 approach. Since October 2024, more than 4,500 Belgian organizations have registered under a new classification system that sorts them by criticality. Each category comes with specific obligations and certification levels, giving companies a clear picture of what’s expected. This structure improves national oversight and is already viewed as a potential blueprint for harmonizing cybersecurity rules across the EU. 

Instead of vague timelines or ad-hoc requirements, Belgium has mapped out a clear seven-step compliance journey—from registration and incident reporting to board-level training and third-party certification. 

Supporting this is CyberFundamentals (CyFun®), a national framework from the Centre for Cybersecurity Belgium (CCB). It helps organizations navigate risk-based security levels with tools like self-assessment templates, sector-specific guidance, and optional audits. The approach lowers the threshold for smaller players while setting higher expectations for the most critical ones—creating a common playbook for SMEs, regulators, and essential service providers alike. 

Meanwhile in Sweden, NIS2 transposition remains pending—expected by summer 2025 at the earliest. With the European Commission already launching infringement procedures against 23 Member States, one hopes we finalize NIS2 before NIS3 comes knocking. 

Looking ahead 

InCyber Forum offered a glimpse of the future—and revealed who’s already living it. The contrast with Sweden is striking. While Swedish actors often await clearer national directives before acting, countries like Belgium and France are already moving. They collaborate across sectors, fund scale-ups, and embed cybersecurity into their national growth strategies. 

One thing became increasingly clear at the forum: cybersecurity is no longer about checklists or compliance alone. The threat landscape is fluid and weaponized. AI is now standard in both defense and attack. Deepfakes spread disinformation at speed. State and non-state actors blend tactics, and no company is too small to target. 

Yet some of the most valuable moments didn’t happen in official sessions. They emerged on the expo floor, in hallway conversations, and online follow-ups.

Sakarias Strand, Kista Science City, Project Manager for Sweden Secure Tech Hub

I return to Stockholm with a long list of promising contacts and collaborations—proof that insights often surfaces between the sessions. 

As I’m writing this, I see Sweden’s new National Cybersecurity Strategy for 2025–2029 being released.  It’s a timely document, with encouraging signals: stronger public-private collaboration, clearer responsibilities, and an ambition to align with Europe’s evolving threat landscape. If taken seriously, it can serve as a lever for real change—and a crucial boost in resilience, especially for SMEs.  

Sweden has the talent and ambition to lead. But we need to move faster. The question isn’t whether we catch up—it’s whether we can afford not to. As we consider our next steps, we must ask ourselves: Are we prepared to treat cybersecurity as both an economic multiplier and security imperative? In a world of frenemies, deepfakes, and digital sabotage, neutrality isn’t an option. Compliance is a great tool—if our only threat is the government. But it’s not.  

It’s time to catch up! 

Text: Sakarias Strand, Kista Science City