Sonat

In many companies, the work on information security awareness begins with requirements stemming from ISO certification. But for Sonat, it is rather part of their core business.
– We’ve used ISO 27001 as a “handrail” in our journey toward increased digital security, says Johan Svensson. But it hasn’t been the driving factor. For us, this is a critical part of the digital transformation.

Awareness as a Key Component of the Framework

Improving information security must happen on many levels. Sonat is implementing a framework that includes everything from role definitions to technical elements and supplier requirements. Within that framework, raising employee awareness plays a central role.
– We have employees in many countries and time zones. It’s simply not feasible to gather everyone for in-person briefings. When we came across Junglemap, we saw that NanoLearning could be a practical solution.

Now that Sonat has used NanoLearning for a year, Johan Svensson sees it’s working. There’s more activity in internal digital Q&A forums, a healthier level of suspicion, and employees who pause to ask questions. Security is also discussed in larger company-wide digital meetings to reinforce that the message is getting through.
– We see that there’s more talk about security now—both internally and with our customers, he says.

Part of the Security Culture

Sonat has also used Junglemap’s phishing simulations, which have delivered important lessons to those who clicked the wrong links. The initial reaction is often embarrassment, but that’s followed up by a cultural focus on de-stigmatization and learning, encouraging people to report mistakes openly.

– We’ve received great support from Junglemap on how to make it easy for employees to report issues, says Johan Svensson. And this is all part of a broader company culture.

One success factor in the security work has been the IT department’s deep involvement—with specialists who also understand the business well. That proactive approach has led to information security becoming embedded in the organization’s management system, and it's now a recurring agenda item for the leadership team.

Security as a Customer Dialogue Asset

For Sonat, cybersecurity is seen as a competitive edge in discussions with both new and existing clients. Being able to reference a proven method of educating employees on information security is a clear strength. That said, client awareness varies widely—from those with strict demands to those unfamiliar with any security requirements.
– Many companies take action only after an incident occurs. For us, preventive work is key—internally and in collaboration with partners and clients.