Blog

A selection of articles and columns from OneMore Secure.

Blog series on NIS2 and the Cybersecurity Act

NIS2 and the Swedish Cybersecurity Act are not just theoretical exercises. They are a reality check. They don't care how polished your policy is when the network falters, two key personnel are unavailable, and the supplier says "back after lunch". Then only one question remains: do you have capability or just binders?

That's why I've written a blog series to fill a gap I've noticed in the debate: it translates NIS2 into controls, vulnerabilities and capabilities. Not just more "compliance theatre", but what can actually be measured, practised, and demonstrated.

What's unique? Each article takes a requirement and makes it human and practical with a clear metaphor (no lists of fifteen items or buzzwords). You get a compass for what really matters: management responsibility, incident alerts, continuity, supply chain, vulnerabilities, measurable impact, cyber hygiene, authentication – the whole chain. And you get it with a vision I believe more need: that NIS2 can become a competitive advantage when we stop counting PDFs and start building muscle memory.

Read if you want NIS2 to be less of a "must" and more of a "now I get it".

NIS2 Article 20:

When the captain isn't allowed to leave the bridge

Go to article

NIS2 Article 21.2 a:

When risk analysis becomes fire protection, not just a binder

Go to article

NIS2 Article 21.2 b:

Incident management that works when the storm hits

Go to article

NIS2 Article 21.2 c:

Continuity is the emergency generator you must test run

Go to article

NIS2 Article 21.2 d:

The supply chain is a cold chain, not a shopping list

Go to article

NIS2 Article 21.2 e:

Security in procurement and development: build the lock before you move in

Go to article

NIS2 Article 21.2 f:

The test button on the smoke alarm: when security must be proven, not assumed

Go to article

NIS2 Article 21.2 g:

Basic cyber hygiene: kitchen hygiene so guests feel safe to eat

Go to article

NIS2 Article 21.2 h:

The key cabinet: when cryptography is routine, not magic

Go to article

NIS2 Article 21.2 i:

The key card: staff, access and assets

Go to article

NIS2 Article 21.2 j:

The front door: strong authentication without password panic

Go to article

NIS2 Article 23:

When the alarm chain must work, not just hang on the wall

Go to article

OneMore Secure

Securing supply chains - a methodological guide

This guide helps organisations strengthen their cybersecurity in the supply chain through structured risk management, requirement setting and monitoring.

The method is divided into three areas:

  • Understanding risks – Map and analyse security risks in the supply chain.

  • Gain control – Create and maintain security requirements for suppliers.

  • Build resilience – Develop continuous security improvements and incident management.
Go to article

Robert Willborg

Digital herd immunity

The path to sovereignty, autonomy and cyber hygiene.

Robert Willborg

The most underestimated protection mechanism

The most underestimated protection mechanism is not a product.

Robert Willborg

It's not the threats that bring us down

It's the vulnerabilities.

Robert Willborg

Shadow AI is not a trend

It's a water leak behind the wall.

Robert Willborg

When security becomes human

About science, digital ecosystems and the pursuit of what actually works.

Robert Willborg

When the climate is the problem

It's easy to say "the human is the weakest link".

Robert Willborg

The invisible interest

The invisible interest: why "security costs" is an economic fiction.

Robert Willborg

Digital sovereignty

Digital sovereignty is not about geography but control

Robert Willborg

From an economy of uncertainty to trust

A story about an industry that lost its compass.

Robert Willborg

Airworthiness for the digital society

NIS2 wants us to fly safely, not just fill in paperwork.

Robert Willborg

EU Data Act

When the EU builds "emergency exits" in your data corridors (and no one's read the signs yet).

Robert Willborg

When cybersecurity becomes "risk theatre"

How we replace the makeup with actual resilience.

Robert Willborg

Stop calling it "personal cyber hygiene".

Personal cyber hygiene isn't private; it's carried out by the individual but owned and proven by the organisation.

Robert Willborg

Stop feeding the documentation dragon

NIS2/the Cybersecurity Act is becoming part of everyday life.