Blog

A selection of articles and commentaries from OneMore Secure.

Blog series on NIS2 and the cybersecurity law

NIS2 and the Swedish Cybersecurity Act are not a desk exercise. They are a reality check. They don't care how polished your policy is when the network falters, two key personnel are absent, and the supplier says "back after lunch". Then only one question remains: do you have capability or just folders?

That's why I've written a blog series that fills a gap I've noticed in the debate: it translates NIS2 into controls, vulnerabilities and capabilities. Not just "compliance theatre", but what can actually be measured, practised and demonstrated.

The unique aspect? Each article takes a requirement and makes it human and practical with a clear metaphor (no lists of fifteen items or buzzwords). You get a compass for what truly matters: leadership responsibility, incident alerts, continuity, supply chain, vulnerabilities, measurable impact, cyber hygiene, authentication – the whole chain. And it comes with a vision I believe more need: that NIS2 can become a competitive advantage once we stop counting PDFs and start building muscle memory.

Read it if you want NIS2 to feel less like a "must" and more like "now I get it".

NIS2 Article 21.2 a:

When risk analysis becomes fire protection, not just a folder

Read the article

NIS2 Article 21.2 b:

Incident management that works when things get tough

Read the article

NIS2 Article 21.2 c:

Continuity is the emergency generator you have to test run

Read the article

NIS2 Article 21.2 d:

The supply chain is a cold chain, not a shopping list

Read the article

NIS2 Article 21.2 e:

Security in purchasing and development: build the lock before you move in

Read the article

NIS2 Article 21.2 f:

The test button on the smoke alarm: when security must be proven, not assumed

Read the article

NIS2 Article 21.2 g:

Basic cyber hygiene: kitchen hygiene so guests feel safe to eat

Read the article

NIS2 Article 21.2 h:

The key cabinet: when cryptography is routine, not magic

Read the article

NIS2 Article 21.2 j:

The front door: strong authentication without password panic

Read the article

NIS2 Article 23:

When the alarm chain must work, not just hang on the wall

Read the article

OneMore Secure

Securing supply chains - a practical guide

This guide helps organisations strengthen their cybersecurity in the supply chain through structured risk management, setting requirements, and monitoring.

The method is divided into three areas:

  • Understand the risks - Map and analyse security risks in the supply chain.

  • Gain control – Create and maintain security requirements for suppliers.

  • Build resilience – Develop continuous security improvements and incident management.
Read the article

Robert Willborg

Digital herd immunity

The path to sovereignty, autonomy and cyber hygiene.

Robert Willborg

The most underestimated protection mechanism

The most underestimated protection mechanism isn't a product.

Robert Willborg

It's not the threats that bring us down

It's the vulnerabilities.

Robert Willborg

Shadow AI isn't a trend

It's a leak behind the wall.

Robert Willborg

When security becomes human

About science, digital ecosystems and the pursuit of what really works.

Robert Willborg

When the climate is the problem

It's easy to say "humans are the weakest link".

Robert Willborg

The invisible interest

The invisible interest: why "security costs" is an economic fiction.

Robert Willborg

Digital sovereignty

Digital sovereignty is not about geography but about control

Robert Willborg

From uncertainty economy to trust

A story about an industry that lost its compass.

Robert Willborg

Airworthiness for the digital society

NIS2 wants us to fly safely, not fill in paperwork.

Robert Willborg

EU Data Act

When the EU builds "emergency exits" in your data corridors (and no one's read the signs yet).

Robert Willborg

When cybersecurity becomes "risk theatre"

How we replace make-up with real resilience.

Robert Willborg

Stop calling it "personal cyber hygiene"

Personal cyber hygiene isn't private; it's performed by individuals but owned and demonstrated by the organisation.

Robert Willborg

Stop feeding the documentation dragon

NIS2/cybersecurity law is becoming part of everyday life.