The impending accession of Finland and Sweden to the North Atlantic Treaty Organisation (NATO) holds the potential to drive market growth and consolidation in the Nordic region’s cyber security services sector.
The membership path of the two military unaligned states to NATO is already producing unprecedented levels of mergers and acquisitions activity across Nordic borders as leading industry actors push to scale-up their size, profiles and expertise.
NATO’s 28 member states have approved Finland’s accession to the Alliance. Sweden ’s formal membership awaits ratification from Turkey and Hungary , both of which are expected to approve its membership before September. Sweden ’s accession took a major leap forward at the NATO summit in Vilnius on 11 July, when the Turkish government agreed to endorse its application.
The prospective windfall for cyber security actors is the expectation of new business, contracts and strategic partnerships between companies and leading national defence organisations in Finland and Sweden.
The primary catalyst in the bolstering of demand for cyber security services will be the heightened need on the part of Finland and Sweden to procure advanced next generation technologies to bring their national cyber defence capabilities in to line with NATO standards.
The need for increased spending on cyber defences by Finland and its Nordic neighbours is pressing, particularly against the backdrop of Russia channelling its intelligence gathering efforts into the “virtual realm”, said Antti Pelttari, the director of Supo (Suojelupoliisi), Finland’s national security intelligence service.
“The war in Ukraine combined with the decision by Finland and Sweden to join NATO are influential factors behind the rise in the use of cyber espionage by Russia that is targeting government departments, defence agencies and private companies in the two countries. Russia is relying less on traditional human intelligence gathering and investing more resources into cyber espionage and cyber-led attacks,” Pelttari said.
Sweden’s long-term military and national security budgeting, covering 2023 to 2030, will see the country invest in the region of €1.2bn to enhance its national cyber defences over this period. By contrast, Finland’s forward-looking defence and national security budgeting indicates spending of around €800m to revamp its national cyber defence infrastructure and capabilities over the same term.
The promise of more business and lucrative contracts spin-outs from the Nordic military and national security domain has greatly sharpened the appetite for strategic partnerships among the Nordic region’s leading cyber security firms. The potential for growth in contracts was a pivotal motivator in cementing the joint cross-border collaboration between Finland’s Digia and Arbit Cyber Defence Systems (ACDS), headquartered in Copenhagen.
In a non-equity deal, Digia and ACDS are pooling their expertise and certified cyber security technologies to chase larger defence, national security and civilian related cyber security contracts.
The elevated scale afforded by the alliance was instrumental in Digia and ACDS securing a €6m contract to build a secure Information Exchange Gateway (IEG) for the Finnish Defense Forces (FDF).
The contract includes the supply of a secure IEG communication system, software and equipment, said Jussi Tammelin, the director of Digia’s defense unit. The IEG communication system is based on Digia’s customised Linja software and Arbit’s data diode.
“Our collaboration with Arbit will reinforce the capabilities of our defence and security sector services in the Nordic countries. The cooperation improves the competitiveness of both companies in a Nordic and international context in relation to defence sector tenders and exports,” Tammelin said.
Danish and Nordic countries must do more to strengthen their cyber-defenses against the increasing threat from bad actors in the cyber domain, said Natasha Friis Saxberg, the CEO of IT-Branchen, Denmark ’s industry association for the ICT sector.
The new wave of cyber security mergers and acquisitions’ deals will help deepen the talent pool that will be needed in the future to defend against threats from Russia and other hostile bad actors in the wider cyber-sphere, Saxberg said.
“It is necessary to invest in cyber security and make it a central element of national defence. Companies in the cyber security field that are using acquisitions and partnerships to grow is good for the industry and helps make the Nordic region a safer place,” Saxberg said.
The steady stream of merger and acquisition deals, that directly involve Nordic cyber security firms, is set to rise even further during the second half of 2023. Lyvia’s takeover of the Polish company IT Systems and Solution (ITSS) in June highlighted a more ambitious level of interest among Nordic cyber security actors to expand their reach to the Baltic Sea region, Central and Eastern Europe.
The acquisition of ITSS improves Lyvia’s reach into important markets in the Baltic Sea region, as well as Central and Eastern Europe, said Oleksandr Fomenko, the head of Lyvia’s central and eastern European division.
“ITSS is a major player in a fast-growing industry with top drawer end-to-end cyber security services and impressive IT infrastructure modernisation resources. It meets our plans to expand in the high-growth cyber security sector and expand our reach outside of the Nordic region,” said Fomenko.
DNV’s €98m purchase of Oslo-based Nixu was likewise motivated by a desire to tap in to expanding cyber-defence and national security budgets among the Nordic nations. Traditionally focused on serving customers operating in the energy, maritime, telecommunications and financial services’ sectors, DNV plans to use the acquisition to broaden its cyber technologies reach to national security.
“Together with Nixu, we can grow faster and have a more substantial impact in the cyber security sector than we could do alone,” said Remi Eriksen, DNV’s CEO.
The upsurge in merger and acquisitions’ activity has largely revolved around domestic consolidation and deals with a strong cross-border dimension. In Denmark, Columbus bought domestic actor ICY Security. In Norway, Netsecurity acquired Data Equipment to create a cyber security services company with projected annual revenues in 2023 of €75m.
Cross-border activity is increasingly featuring high-profile deals, as evidenced by Swedish group Truesec’s takeover of Danish cyber security firm Venzo Cyber Security in early June.
The driving force behind the Venzo bolt-on acquisition is to strengthen talent, capacities and more specialised cyber security services and product offerings to both the corporate and national defence sectors in Denmark and the Nordic region, said Truesec’s CEO Anna Averud.
“The deal greatly enhances the scope of the cyber defence products and services we provide. It expands our capability to help customers better defend cyber attacks. The pooling of our cyber specialists with Venzo will make a significant difference in creating a safer society for all organisations, government and private, across the Nordic region,” Averud said.