This thesis investigates how mature the information security and cybersecurity of selected organizations in Sweden is today. The multiple cyberattacks on Sweden in recent time and Russia’s full-scale invasion of Ukraine have put a new focus on this question. There is also new legislation both nationally and from the European union which adds pressure to work in solidarity with other member states.
Based on a maturity-based document study, it was found that the selected sectors are not mature enough, as supported by prior research. No organization in public administration reaches the required level set by The Swedish Civil Contingencies Agency. Prior inquiries in the area show that the same issues have been prevalent in the last ten years. The analysis showed that a lack of engagement from management and a need for more support and guidance were the two of the biggest reasons for the low level of maturity. The data further showed inefficiency at the government level in working with these questions and that the delegation of tasks seldom came with a mandate to act. There is a lack of competencies at every level, which further cements the low level of maturity found in public administrations offices, the health care sector, front-based IT systems in the defense sector, institutions of higher education and to a small part, private businesses, the finance sector and water plants.