Improving Cybersecurity Incident Response Capabilities in the Finnish Financial Sector: From Compliance to Resilience
Karrila, Jade (2025)
2025
Tietojohtamisen DI-ohjelma - Master's Programme in Information and Knowledge Management
Johtamisen ja talouden tiedekunta - Faculty of Management and Business
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Hyväksymispäivämäärä
2025-12-01
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:tuni-2025113011083
https://urn.fi/URN:NBN:fi:tuni-2025113011083
Tiivistelmä
This thesis examines how cybersecurity incident response capabilities can be improved in the Finnish financial sector by analyzing governance, communication, and skills coordination during cyber incidents. The study was motivated by the Nordea 2024 distributed denial-of-service attacks, which revealed challenges in resilience and communication despite the sector’s high cybersecurity maturity. The main research question addresses how the Finnish financial sector can improve its incident response capabilities.
The study employs a qualitative, descriptive case study strategy based on a systematic literature review, document analysis, and six expert interviews. The theoretical foundation draws from cybersecurity governance frameworks, including ISO/IEC standards, NIST SP 800-61r3, and the European Cybersecurity Skills Framework.
Findings indicate that while preventative measures are advanced, communication rigidity, fragmented accountability, and limited integration of learning processes hinder agile incident response. The thesis highlights that effective incident response requires continuous learning, adaptive situational awareness, and clear role coordination. The study contributes by contextualizing the ECSF within financial-sector cybersecurity and by offering a novel framework for aligning competencies with governance structures to strengthen organizational resilience.
The study employs a qualitative, descriptive case study strategy based on a systematic literature review, document analysis, and six expert interviews. The theoretical foundation draws from cybersecurity governance frameworks, including ISO/IEC standards, NIST SP 800-61r3, and the European Cybersecurity Skills Framework.
Findings indicate that while preventative measures are advanced, communication rigidity, fragmented accountability, and limited integration of learning processes hinder agile incident response. The thesis highlights that effective incident response requires continuous learning, adaptive situational awareness, and clear role coordination. The study contributes by contextualizing the ECSF within financial-sector cybersecurity and by offering a novel framework for aligning competencies with governance structures to strengthen organizational resilience.