Main Contacts
Kalle Hynönen
Kalle Hynönen, Partner
kalle.hynonen@krogerus.com
+358 (0)50 544 8981
Contact Kalle Hynönen
Pessi Honkasalo
Pessi Honkasalo, Partner
pessi.honkasalo@krogerus.com
+358 (0)44 052 4000
Contact Pessi Honkasalo
Share
Article 26 November 2025

Data Symposium 2025 highlighted the regulation and trends around AI, data and cyber

Krogerus Data Symposium, one of Finland's largest events focusing on data and AI regulation and utilisation, was held on 5 November 2025 at Musiikkitalo in Helsinki. The event focused on Europe's digital competitiveness and the EU's comprehensive data, AI and cybersecurity regulation framework, examining their practical implications. In this article, we take a closer look at one of the main themes of the event: cybersecurity, what to expect in the future and how to manage cyber risks.

"Data Symposium's theme reflected the calls to balance the EU's tech regulations in a manner that supports innovation and competitiveness, while ensuring security and an equitable operating environment", describe Kalle Hynönen and Pessi Honkasalo, Partners at Krogerus' Technology, Data & IP practice, and continue: "As the leading Finnish legal advisor in technology and data matters, we want to provide a platform that offers attendees valuable insights and opportunities to exchange ideas, share experiences and discover opportunities for collaboration in the data, AI and cybersecurity space."

Together with our distinguished guest speakers the forum addressed key topics including, for example:

  • smart digital regulation for a competitive Europe, with Dr. Aura Salla, MEP,
  • tech and geopolitics, with Stefan Lindström, Consul General, Ambassador, Consulate General of Finland in Houston,
  • agentic AI – from hype to reality, with Minna Frände, Head of Legal Affairs at Microsoft (Finland, Norway and the Baltics),
  • cyber risk management and crisis response, with Steven Hadwin, Counsel at A&O Shearman,
  • what’s next in cybersecurity, with Marcus Murray Truesec's Founder, and
  • European tech sovereignty, with Pascal Belmin, Head of EU Aviation and Regulatory Affairs at Airbus Group.

What's next in cybersecurity and what should companies focus on?

This year, Data Symposium addressed emerging cybersecurity considerations in today's AI-driven world. Marcus Murray, founder of Truesec, introduced the attendees to the topic, with his speech on the cybersecurity landscape and what to expect next in cybersecurity.

"Europe accounts for nearly 22% of all global ransomware and data-leak victims, making it the second-most-targeted region after North America. Europe is a prioritised target – legal pressures, such as GDPR and fines, as well as Europe's concentration of valuable companies, make the region lucrative for cybercriminals", describes Marcus Murray.

According to Marcus Murray, ransomware attacks still make up to 92% of e-crimes and data thefts only 8%. However, there are new e-crime techniques emerging. These include, for example, deepfakes, AI tooling and vishing, where the attackers make voice‑phishing calls that coax victims to share their credentials or download harmful software.

"In 2025, the cybersecurity landscape is often shaped by geopolitical agendas – disinformation, theft, espionage and sabotage, are only a few examples of the tools being used. Cyber has become a naturally integrated component in hybrid warfare. Kinetic attacks are timed and coordinated with cyberattacks, and hacktivist groups align their attacks with their government's political agenda. Attacks are often timed with elections and protests to amplify anti-EU narratives", says Marcus Murray.

Marcus Murray predicts that in the future, AI will become highly effective in vulnerability discovery and exploitation to the point where it will identify unknown issues in software far beyond what humans can do today. He also predicts that identity will become a critical asset, as attacks targeting identity providers and SSO supply chains continue to rise. Cybersecurity will also expand into space and IoT infrastructure, with satellites and connected devices becoming increasingly attractive targets.

“If you, as an organization, want to protect yourself, you must join the race. Cyber threats in Europe are evolving rapidly across e-crime, state actors, and hacktivists. The future of cybersecurity will be written by those who defend faster than others can attack. Leverage intelligence, invest in people and automation, and build resilience into your strategy”, concludes Marcus Murray.

How to manage cyber risks?

To conclude the cybersecurity section of Data Symposium, Steven Hadwin, Counsel at A&O Shearman, gave a speech on cyber risk management and crisis response.

"Historically we have conceived cyber security as a data issue and this has also been reflected in cybersecurity regulation, which has largely concerned data protection. However, we are seeing a much-needed shift: regulation has moved away from personal data and GDPR towards resilience, for example, through NIS2, DORA and CRA. General perception is also catching up, moving discussions towards revenue losses, disruptions to supply chains and loss of market share", says Steven Hadwin.

Cyber incidents can have far-reaching impacts. According to Steven Hadwin, key exposures from cyber incidents include consumer litigation as well as contractual disputes, since disruptions caused to customers can give rise to significant contractual claims for losses. Regulators may also carry out a lengthy investigation of the incident, to understand the root cause and if the regulated entity met its security and resilience-related obligations. Large fines and other sanctions are possible, such as non-financial enforcement penalties, including ongoing supervision, suspensory orders and removal of regulatory permissions.

Steven Hadwin highlighted several key fundamentals to cyber risk management, including:

  • Tabletop exercises: simulate cyberattacks to map out weaknesses.
  • Incident response plan and playbooks: plan ahead to ensure that the organisation knows what to do when an incident arises.
  • Policy reviews and optimisation: review and test the organisation's policies with different teams.
  • Cyber insurance review: provide appropriately broad disclosures to the insurance company, to optimize the likelihood of your policy responding when you need it most, cover potential risks and reduce the effects if an incident occurs.
  • Management training and awareness: boards and executives need a deep understanding of cyber risks and how to manage them.
  • Third party advisors: make sure that the organisation's third-party advisors, including lawyers, are up to speed on the organisation's current situation and risks before, not after an incident.
  • Business continuity and disaster recovery planning: identify risks and their implications, and how to mitigate them.

"We are all part of building a more secure and resilient world", says Steven Hadwin and encourages using pre-emptive strategies to cyber risk management.

Additional information and next event

We are already looking forward to organising the next Krogerus Data Symposium and will release more information later on. In the meantime, please feel free to contact our Technology, Data & IP team with any questions. We would be delighted to continue the Symposium's discussions with you!

Share:
Similar articles
Energy new 1

Mitä uusiutuvan energian sääntelykentässä tapahtuu tällä hetkellä?

Newsletters and Publications
Krogerus img 01

Krogeruksen Insolvenssi-iltapäivä nosti esille ajankohtaiset talous- ja insolvenssiteemat

Newsletters and Publications
Lighted stairs

Reilun pelin rajat – dupe-ilmiö orjallisen jäljittelyn ja maineen norkkimisen näkökulmasta

Newsletters and Publications