Permanent funding is necessary for implementing the Cyber Security Strategy

The Ministry of Transport and Communications proposes a permanent increase of EUR 4.7 million from 2026 onwards for measures set out in the Cyber Security Strategy. This increase is to be included in the 2026 Budget, and the funding will be targeted at the most important and urgent priorities of the Cyber Security Strategy and its implementation plan. Budget funding is proposed for the operations of the National Cyber Security Centre (NCSC-FI) at the Finnish Transport and Communications Agency Traficom, partly replacing the current funding allocated through the National Emergency Supply Agency.

Finland’s Cyber Security Strategy was revised in 2024 to respond to the changing operating environment. Cyber threats continue to develop, and the authorities estimate that the threat level will remain elevated in the future. At the same time, citizens’ trust in digital services must be maintained. The aim of the strategy is to ensure that cybersecurity is an integral part of Finland’s comprehensive security.

“Cybersecurity efforts are a constant race against cybercriminals. Finland has a highly competent Cyber Security Centre, a well-built cybersecurity strategy, excellent cooperation between authorities and effective cyber exercises. This ongoing work protects Finland – and it also requires continuous funding,” says Minister of Transport and Communications Lulu Ranne.

“The implementation of the Cyber Security Strategy requires adequate and long-term funding to ensure the continuity of society’s vital functions under all circumstances,” says National Cyber Security Director Rauli Paananen.

The appropriation proposed in the 2026 Budget for the implementation of the Cyber Security Strategy will be used for efforts such as maintaining and developing situational awareness in cybersecurity, safeguarding the national capacity to detect cyber threats, identifying vulnerable systems and ensuring the continuity of cyber exercises. The appropriation is also necessary for the smooth and effective implementation of the EU Cyber Resilience Act (CRA), which aims to enhance the security of network-connected devices, software and systems placed on the market.

Among other objectives, the aim of the draft budget is to ensure funding for those National Cyber Security Centre services that detect the most serious cyber threats directed at Finland. These services are essential for the crisis resilience of society, as they protect the continuity of both business services and the authorities’ operations, and support the needs of national defence and crime prevention.

At present, the National Emergency Supply Agency funds the Cyber Security Centre’s ongoing services with approximately EUR 2.5 million annually. As part of a comprehensive review of emergency supply legislation, changes are being proposed to the Agency’s operations and funding model, which will also affect the services of the Cyber Security Centre. With its draft budget, the Ministry of Transport and Communications seeks to safeguard the availability and development of society’s most critical cybersecurity services in the future as well.

National Audit Office and the Safety Investigation Authority recommend sufficient resources for cybersecurity measures

In its audit report published on 13 August 2025, the National Audit Office of Finland (NAOF) recommends that the Ministry of Transport and Communications and the Ministry of Finance should strive to ensure that the development targets in cybersecurity are prioritised, where necessary, across administrative boundaries, and that the measures assessed to be the most important are allocated the resources required for their implementation.

In its investigation report on the data breach targeting the City of Helsinki, the Safety Investigation Authority, Finland (SIAF) has likewise recommended that the Ministry of Finance and the Ministry of Transport and Communications should examine how the detection of information security shortcomings in public administration can be improved at the national level so that public actors would have sufficient capabilities to detect and remedy such shortcomings. The investigation report was submitted to the Government on 17 June 2025.

What’s next?

The Government will discuss the draft budget in its budget session on 1–2 September 2025. Thereafter, the Ministry of Finance will finalise the Government’s budget proposal, which will be submitted to Parliament on 22 September. Parliament will adopt the Budget in December.    

Enquiries:

Rauli Paananen, National Cyber Security Director, rauli.paananen(at)gov.fi, tel. +358 295 342212

Timo Kievari, Director of Unit, timo.kievari(at)gov.fi, tel. +358 295 342620

Anssi Kärkkäinen, Deputy Director-General, National Cyber Security Centre, Traficom, anssi.karkkainen(at)traficom.fi, p. +358 295 345594