Insights
Strategic perspective, operational guides, and webinars from the FM CyberSecurity team.
Follow new insights on LinkedIn
Four of us on the floor at Arrow ECS Norway's Summer Cloud Festival in Oslo. A big thanks to the Arrow crew for a great event.
Breakfast briefing for C-level. CrowdStrike, Tenable and Aikido in the same room, with examples from delivery at Norwegian enterprises. MESH Youngstorget, 08:30.
Breakfast briefing with Tenable for C-level executives. Exposure management across cloud, endpoint and OT. MESH Youngstorget, 08:30 to 10:00.
Tenable came by our Oslo office this week. Guy March took the sim for a lap on Silverstone and clocked 1:36.052.
This week's Cyber Index roundup: 30+ stats on AI agents accessing data beyond scope, ransomware recovery times, identity breaches, MySQL exposure, and the exception economy.
May 2026 ships 137 CVEs and no zero-days. Domain controllers go first for Netlogon and DNS Client RCEs, both CVSS 9.8 and unauthenticated.
This week's Cyber Index roundup: 30+ stats on ransomware disclosure rates in Q1 2026, AI ROI gaps, credential resale, identity at machine speed, and SMB fraud losses.
FM publishes through a Cloudflare Workers MCP server, gated by Microsoft Entra. No admin login, no user table, no CMS, no /forgot-password page.
How leadership teams move from compliance uncertainty to documented control, evidence that holds up under investor, customer, or regulatory due diligence.
Practical compliance steps for the new EU directive, what to do this quarter, and what can wait.
A look at how CrowdStrike's agentic SOC changes the economics of 24/7 monitoring for SMBs.
Cyber Index #54 roundup: AI and ML credentials leaked at scale, gen AI initiatives missing KPIs, ransomware up 7% month over month, iOS injection attacks up 1,151%.
April 2026 ships 163 CVEs, two zero-days, eight Criticals. A SharePoint spoofing flaw is already exploited, and a CVSS 9.8 unauthenticated Windows IKE RCE goes in the same first wave.
Cyber Index #50: AI-generated email attacks grow 5x, 87% of AI coding PRs introduce vulnerabilities, 937 wireless CVEs in 2025, and mid-market confidence paradox.
Cyber Index #49: 86% refuse ransom payments, 90 zero-days exploited in 2025, third-party breaches cascading to 5.28 victims per vendor, deepfake voice calls everywhere.
VG Dine Penger interviewed Fredrik Standahl on starting a cybersecurity firm in Norway and the niche's hiring boom.
Cyber Index #48: 27-second eCrime breakout, AI-first firms recover 80 days slower, $150B in cyber VC, 32M phishing emails, insider risk cost hits $19.5M.
Norwegian Cybersecurity Cluster profiled FM CyberSecurity's founders and our first months building the firm in Oslo.
Cyber Index #47: 3-hour Akira ransomware, APIs top KEV at 43%, over-privileged AI hits 76% incident rate, 72-minute breach-to-exfil, LATAM attacks doubled.
Cyber Index #46: time to exploit drops from 745 to 44 days, 63% of alerts go unaddressed, 22% meet AI readiness standards, 80% tradecraft shift to stealth.
Cyber Index #45: AI fraud up 1210%, malicious email every 19 seconds, 1 in 5 devs give AI agents unrestricted access, callback phishing up 500%.
Cyber Index #44: UK cyber jobs up 194%, AI code 15-18% more vulnerable, OT protocol attacks up 84%, 76% of security pros emotionally exhausted.
Cyber Index #42: 99% of orgs hit by AI attacks, 70% of CISOs budgeting 10%+ for AI, AI code 1.7x more issues, SMS toll fraud explodes 78%.