SSAB makes its information security awareness as strong as steel

This project was delivered by Nixu, a DNV company. DNV, Nixu and Applied Risk joined forces to form DNV Cyber in 2024, creating one of Europe’s fastest growing cybersecurity services businesses.

SSAB, a global leader in high-strength steels and related services, has been DNV Cyber’s information security awareness customer since 2021. Headquartered in Stockholm, the steel manufacturer employs around 14,500 people across 50 countries, with production facilities in Sweden, Finland, and the US. SSAB is revolutionizing steelmaking with virtually zero fossil carbon emissions – paving the way for a greener future with a clear vision of a stronger, lighter and more sustainable world. 

Stronger security culture leads to reinforced cyber resilience 

In today's digital age, organizations are confronted with increasingly sophisticated and evolving cyber threats. For a large, multinational organization with operations across various regions and a diverse workforce – from factory employees to engineers and office staff – it is essential to develop the expertise and knowledge required to operate securely and protect critical assets. 

“With information security comes the need for security awareness training. We want our employees to have the right competence to face the challenges of a changing world. By providing training, we ensure employees are aware of the information security threats, improving the information security and resilience of the organization,” says Jukka Vuori, CISO of SSAB. 

“We are especially focused on providing continuous training. An essential part of this is training on how to recognize social engineering attempts, like phishing. It’s a business worth billions to the criminals. The less we encounter those, the better,” Vuori continues. 

In 2021, SSAB prioritized strengthening its information security culture through training. After implementing an awareness program in one part of the company, SSAB realized that it lacked in-house resources for running effective large-scale training. Therefore, SSAB partnered with DNV Cyber to expand its awareness program across the entire organization. 

We chose DNV Cyber for several reasons. DNV Cyber has deep expertise in our training platform and partners with its supplier. We also recognized DNV Cyber’s strong reputation in cyber security expertise and appreciated their service-minded approach and excellent communication competence, which were crucial for this project.

  • Jukka Vuori
  • CISO
  • SSAB

From the outset, the collaboration has aimed to enhance SSAB’s information security culture and mitigate risks associated with human behaviour. The program addresses SSAB’s information security training needs, also considering the challenge of engaging steel mill employees who use IT systems less frequently.

 

Notable results with versatile training methods 

The Information Security Awareness Program guides SSAB on its journey towards an improved information security culture. The comprehensive program, conducted in collaboration with DNV Cyber, aims to increase employees’ engagement and encourage them to consider security aspects in daily duties. 

“DNV Cyber has created a concept that skilfully combines shorter communication formats with standard training while considering the organisation's unique requirements. Together, we plan for the full year and think about the framework, topics, and means of training and communication. We also organize one massive training campaign each year on themes that we agree on in advance. Especially within the last couple of years, we have made information security more visible during Cyber Security Awareness Month,” says Vuori. 

In addition to planning, building and implementing the program, DNV Cyber’s consultants also measure and report on the progress of SSAB’s workforce based on the statistics they receive. The results have shown significant improvement in the employees’ vigilance.  

“SSAB collects annual feedback on the training. Our employees appreciate that the training is relaxed and that the scenarios are related to their work, highlighting what can happen in practice,” Vuori comments. 

“If you look at DNV Cyber’s operating model and the service package, you can see that DNV Cyber’s experts utilize the experience accumulated from various customer projects to deepen their knowledge so that it can also be implemented into other projects – thus benefitting all of DNV Cyber’s awareness customers.” 

 

Cyber security without boundaries: effective awareness practices extend to employees and their loved ones 

Vuori believes the collaboration with DNV Cyber will continue to bear fruit as also new projects have started alongside the awareness program. He sees this as a sign of SSAB’s confidence in expanding the partnership.  

“Working with professionals who know how to make our lives easy has given us peace of mind and allowed me to focus on managing the bigger picture. As some say, change in information security is constant; therefore, you shouldn’t rock a boat that sails smoothly.”  

Hanna Raitanen, who leads DNV Cyber’s Cyber Security Awareness Team, shares the same sentiment: “We are grateful for our long-term partnership and productive collaboration, sharing a mutual commitment to a robust and healthy security culture. We look forward to continuing our journey together, exploring new ways of engaging employees to embrace information security.”  

Lastly, Vuori highlights that good security practices are valuable both at work and at home. “Cybersecurity knows no boundaries. The knowledge we share with our employees can easily be passed on to their families and loved ones. We all have a social responsibility to spread awareness about cyber threats and other challenges.”

Put security controls in place to protect your data and assets and strengthen your cybersecurity posture.

Strengthen your security culture