Helen Evert, Account Manager for Financial Lines at IIZI Estonia highlights how even advanced IT organisations remain vulnerable, urging a rethink of trust in today’s digital landscape.
We often assume that IT service providers are immune to cyber-attacks, but this assumption warrants serious reconsideration in light of the evolving threat landscape. Helen Evert, Account Manager for Financial Lines at IIZI Estonia highlights how even advanced IT organisations remain vulnerable, urging a rethink of trust in today’s digital landscape.
Rethinking Trust in IT Security
In today’s rapidly evolving digital landscape, the transition to digital technologies brings both opportunities and significant risks. As companies increasingly rely on digital infrastructure, they become more vulnerable to cyber threats. Surprisingly, IT and cybersecurity companies, which are expected to have the best level of security, are often the most vulnerable. This is because they possess valuable digital assets and infrastructure, making them prime targets for cyberattacks. The age of digital transition is marked by a growing number of cyberattacks, which can have devastating consequences for businesses.
A Real-Life Story – Tietoevry in Sweden
In January 2024, Finnish IT company Tietoevry was hit by a ransomware attack – one of their several data centres in Sweden was exposed. This caused serious IT outages for their clients across Sweden, Finland, and other countries. Among them were organisations from the healthcare sector, local and national government services, retail, and the largest Swedish cinema chain, totalling around 120 affected entities.
The estimated loss for Tietoevry is over 100 million EUR. The discount retail chain Rusta lost over 10 million EUR in sales because its online store was down for a month. Rusta is planning to initiate arbitration proceedings to seek compensation from Tietoevry.
Tietoevry has allegedly neglected its customers’ data security and possibly overlooked several vulnerabilities in simulated cyber-attacks – one of them was that the passwords were too easy. The company itself denied the allegations.
A Real-Life Story in Estonia
In March 2024, Estonian technology company Hansab – which provides ATM and payment terminal services for Swedbank, LHV, and Luminor – was hit by a cyber incident. Some of the company’s internal IT systems were disrupted, forcing Hansab to temporarily isolate parts of its network and switch certain processes to manual operation.
Although cash machines, online banking, and card payments continued to work, the incident highlighted how vulnerable even critical service providers in the financial sector can be. The company worked closely with the Estonian Information System Authority (RIA) to contain the attack and restore its systems.
Hansab confirmed that no customer funds were lost and that banking services remained operational, but the event triggered concerns about the resilience of financial infrastructure. It also demonstrated how quickly a cyber incident at a single IT service provider can raise questions of public trust and continuity in essential services.
IT Companies Frequently Experience Cyber Attacks
IT and technology companies are expected to have a good level, maybe even the best, level of cyber security. These companies are often targeted due to the valuable digital assets and infrastructure they possess. Companies who are or might be connected or providing services to governmental, critical infrastructure or vital services are often targeted, because it is useful for another country and often politically motivated.
For the Tietoevry case, it was discovered that the Russian ransomware group Akira was behind the attack. This is sold as ready-made malware to break into an organisation’s network to spread malware and steal as much information as possible. It is remarkable and unusual that no ransom demands have been received or communicated with Tietoevry.
For all the technology-minded readers, the vulnerability was discovered in the remote access VPN component of security software. This technique was not new for Akira attacks.
The 2024 incident at Hansab in Estonia showed that even when services do not collapse entirely, the suspicion of a malicious intrusion can leave long-lasting effects. More than a year later, the company is still investing time and resources into closer monitoring and upgrading of its systems – a reminder that the true cost of a cyberattack is not limited to the first days of disruption, but continues as companies work to rebuild trust and resilience.
One of the lessons learned is that anyone can be affected, even large and reputable IT companies.
Can All risks be mitigated?
Tietoevry has suitable insurance in place for these types of attacks. It is expected to be one of the largest insurance claims in the Nordics.
Hansab has mitigated the risks with insurance and technology, but working with financial institutions can result in contractual and civil fines that often cannot be recovered from insurance policies. This highlights a critical gap: even if companies invest in security and transfer part of the risk through insurance, they remain directly exposed to the legal and financial consequences of service interruptions.
Cyberattacks can significantly impact companies’ operations and financial results. Managing IT security and cyber risks is extremely important in today’s digital world. Legal disputes and claims following an attack can add additional costs and stress for companies.
Restoring Trust is the Hardest Part
Despite the unpleasant and unexpected nature of every cyberattack, the stark reality is that they occur more frequently than we care to acknowledge. Companies under attack often feel a sense of guilt and shame, especially in the eyes of the public, clients, and media.
Beyond reputational damage, this can translate into real business consequences: customers may switch to competitors, investors can lose confidence, and regulators might start investigations. For example, after the Tietoevry attack, its retail client Rusta openly criticised the company and began arbitration proceedings for lost sales. In Estonia, Hansab had to reassure banks and the public that cash withdrawals and card payments were safe, even though parts of its systems had been disrupted. These cases show that the hardest part of a cyberattack is not always fixing the systems, but restoring trust among stakeholders whose confidence has been shaken.
Safeguarding Digital Assets is a Must
As we navigate the age of digital transition, it is crucial for companies to recognise the inherent risks and take proactive measures to safeguard their digital assets. Cybersecurity must be a top priority, with continuous investment in robust security measures and comprehensive insurance coverage.
It is not only about buying more firewalls or antivirus licenses, but about building resilience: knowing your critical systems, stress-testing suppliers, preparing recovery plans, and keeping stakeholders informed. Approximately 30 – 40% of cyber incidents are directly linked to a cyber-attack on the service providers systems – meaning that one IT-service under attack can quickly cascade into dozens of client organisations, disrupting their operations, causing financial losses, and triggering contractual disputes all at once. Tietoevry ransomware attack affected around 120 client organisations, from hospitals to retail, while the Hansab incident in Estonia disrupted systems supporting banking services and forced the company to strengthen monitoring and resilience long after the initial attack.
Recent incidents – from Tietoevry’s data centre outage to Hansab’s disruption of banking services – show that even trusted technology partners can be compromised. Investing in cybersecurity and risk transfer is essential, but it is equally important to accept that technology alone will not stop every attack. The companies that recover fastest are those that combine strong technical defences with clear crisis communication, contractual risk management, and continuous monitoring of vulnerabilities.
Are IT Service Providers Really Vulnerable to Cyber Attacks? has a simple answer: yes – and when they are, the consequences reach far beyond their own systems.
HORIZON Risk Thought >> Fast Forward
The complexity of today´s risk environment is changing at an accelerating pace, making risk management even more challenging. We have created HORIZON, firstly as a print publication and now as a page for sharing the latest insights about ongoing transformations. Our risk specialists will continue to provide their expertise and knowledge to shine a light on the challenges of the future.
Helen Evert
Account Manager for Financial Lines
IIZI Estonia
T +372 5824 3096
