The boundaries of conflict are shifting. Today, national security isn’t just tested on battlefields, but in boardrooms, research labs, and everyday digital infrastructure. This is the grey zone: a space between peace and war, where hostile actors use influence, manipulation, and stealth to undermine companies and institutions.

For an open, innovation-driven country like Sweden, that creates a growing dilemma. The same systems that support talent exchange, global research, and technological development are also becoming points of vulnerability — quietly targeted, tested, and exploited.

At Safeguarding innovation in uncertain times, we brought together the Swedish Security Service (SÄPO) and experts from national security, cybersecurity, and industry to examine what this new landscape means for Sweden’s innovation ecosystem. This article explores the central themes of the day, covering the threats undermining innovation, and how companies, policymakers, and researchers can respond to meet them.

Mr. Cooper Wimmer

What we must protect

According to the Swedish Security Service (SÄPO), the threats facing Sweden today are increasingly complex: diffuse, fast-moving, and often hidden in plain sight. They range from cybercriminals-for-hire to hostile foreign investments, from data leaks to manipulation campaigns designed to destabilize and undermine trust.

In this landscape, even simple tactics can cause outsised harm. And the traditional idea of national   no longer applies. What’s at stake is broader: economic independence, civil freedoms, and Sweden’s ability to innovate without compromise. The core challenge is speed — our protections aren’t evolving as fast as the threats we face.

The answer, according to SÄPO, isn’t to cut ties or close borders. It’s to raise awareness, clarify internal priorities, and approach international partnerships with eyes open. “De-risk, don’t decouple” was the message. That means asking three simple questions across every organisation: What needs protecting? From whom? And how?

From openness to strategic awareness

Sweden’s openness has long supported growth and collaboration, but that same openness is now being exploited at scale. Foreign powers aren’t just targeting systems — they’re systematically tracking individuals: students, researchers, and employees abroad who can provide access to sensitive knowledge and IP.

This warning came from Cooper Wimmer, Executive Vice President at Strider, who highlighted how IP theft has already had serious consequences. In the U.S., such breaches cost the economy between $350–500 billion in 2024 alone. One company raised $500 million, scaled quickly, and then collapsed after its innovation was stolen. Sweden risks facing similar outcomes unless awareness catches up to the threat.

“The defense isn’t retreat or isolation,” said Wimmer. “Sweden must move from openness-as-default to strategic awareness. That means using data, AI, and open-source intelligence to detect patterns, level the playing field, and protect innovation without cutting ties. Technology can help, but it’s mindset that makes the difference.”

In a world of manufactured chaos, trust is the first casualty

Some of today’s most powerful attacks don’t target systems — they target trust. Disinformation, conflicting signals, and manipulated narratives are now common tools used to confuse, destabilise, and devide societies.

Dr Gazmend Huskaj, Head of Global Cyber and Security Policy at the Geneva Centre for Security Policy, pointed to the COVID-19 pandemic as a key example. During those turbulent years, shifting policies and misinformation made it difficult for both public and private actors to navigate the crisis. And the result wasn’t only confusion. Many people disengaged entirely, creating a vacuum that opportunistic actors could exploit.

In an environment shaped by confusion and distrust, short-term fixes only add to the noise. What’s needed is long-term strategic clarity, stronger internal coordination, and a commitment to information hygiene. Because in a world where chaos is manufactured, resilience depends on the quality — not just the quantity — of the information we rely on.

Dr Gazmend Huskaj talking to another event participant
Dr. Gazmend Huskaj
Ms. Joanna Partyka giving her key note presentation
Ms. Joanna Partyka

Business as critical infrastructure

In today’s threat landscape, companies aren’t just protecting their assets — they’re helping protect Sweden. Businesses have become central to national security, and that makes them targets. These attacks rarely involve dramatic takedowns. Instead, they focus on people. Insider threats, disinformation, and subtle trust manipulation are now common tactics—used to undermine leadership, damage reputations, or destabilise supply chains.

This human-centred risk was a key focus for Joanna Partyka, Senior Security Advisor at Redpill Linpro. Too many organisations, she argued, still treat security as a checkbox—something to be ticked off rather than built in. She called for a mindset shift: one that embeds security into daily operations — from onboarding and reporting systems to supplier screening and insider threat detection.

Culture plays a crucial role in supporting this shift. Firewalls can’t stop a manipulated employee from causing harm. If resilience is to mean anything, it has to live inside the business.

Rethinking the cybersecurity industry

Not all vulnerabilities come from external threats. Some of the most persistent failures in cybersecurity are self-inflicted, and they continue despite decades of investment. Major breaches are still common. Even basic practices — like not reusing passwords — remain widely ignored, including within the industry itself. 

During a live demonstration at the event, ethical hacker and entrepreneur David Jacoby turned the spotlight on the industry itself. He argued that it often prioritises frameworks and technical fixes over real-world usability and human behaviour. Too many solutions are bolted on after the fact, misunderstood by users, or poorly aligned with the way people actually work. 

Instead of chasing the next innovation, organisations should focus on getting the basics right. That means smarter implementation, stronger leadership engagement, and building security in from the very start — not patching it on after the fact. 

From insight to action: Building resilience together

In one of the day’s final sessions, Kim Elman (Northwave Cyber Security), Angelica Holmgren (EY), and Dr Gazmend Huskaj explored how organisations can translate growing awareness into concrete action. The panelists outlined several practical actions that any organisation — large or small — can take to build long-term resilience:  

  • Design security into products from the start, rather than adding it later as a compliance step. 
  • Protect your most valuable assets—the “crown jewels”—with focused, effective security measures. 
  • Build a security-aware culture across teams, using incentives, training, and leadership support. 
  • Start small with threat intelligence sharing, in trusted networks, and scale as maturity grows.

For smaller organisations, the message was especially direct: assign responsibility, protect what matters most, and scale your security practices as the business grows. Because in the grey zone, no organisation is too small — or too irrelevant — to be a target. 

test
Ms. Angelica Holmgren and Mr. Kim Elman

Get involved

Safeguarding innovation is a shared responsibility. If you’re working at the intersection of tech, security, or national resilience and want to explore future initiatives with Kista Science City, reach out to Sakarias Strand at sakarias.strand@kista.com.