Norwegian Financial Supervisory Authority finds financial sector preparedness sound but flags high cyber threats and third party vulnerabilities

The Norwegian Financial Supervisory Authority has published its 2026 risk and vulnerability analysis, concluding that Norway's financial infrastructure is robust and secure overall and that firms' operational stability and the availability of payment services in 2025 were satisfactory and in line with recent years. At the same time, it says the financial sector faces a high digital threat level that is being reinforced by geopolitical tensions, requiring preparedness to be developed continuously. The assessment highlights organised criminal groups, state threat actors and wider use of artificial intelligence as key drivers of the risk environment. Artificial intelligence is described as creating both opportunities and new vulnerabilities, including faster and more automated identification and exploitation of technical weaknesses, which raises expectations for firms' digital defences and their capacity to implement large volumes of fixes and security updates. Supplier and value chain risk remains among the most critical vulnerabilities because extensive outsourcing, complex value chains and supplier concentration can transmit disruption across multiple firms, while the geopolitical situation adds uncertainty around dependencies on international suppliers. The authority also points to new rules requiring firms to manage third party risk, identify suppliers that are critical to their operations and maintain exit options as part of risk management.