The recent ransomware attack on another HR system supplier — which disrupted hundreds of Swedish municipalities — is a stark reminder of how disruptive and damaging these incidents can be. Our thoughts are with everyone affected as they work through this challenging situation.
It’s natural that many HR leaders are now asking themselves a difficult but important question: How safe is our data?
Data security is a responsibility we all share, and one we take very seriously at CatalystOne. To provide clarity and reassurance, our CEO, Avtar Jasser, sat down with our Chief Information Security Officer, Christian Holthe, for a candid conversation about what happened, what it means for HR leaders, and the measures we have in place to safeguard your HR data.
Avtar: What exactly happened in Sweden, and why are so many organisations worried
Christian: An IT supplier to Swedish municipalities experienced a ransomware attack, causing major disruptions. Systems supporting everything from sick leave management to HR data went offline, and in some cases, personal data was severely compromised. Naturally, this raises questions for any organisation relying on digital HR systems.
Avtar: Could something like this happen to CatalystOne customers?
Christian: While no provider can claim to be completely immune to cybercrime, we’ve built CatalystOne’s security model to minimise both the likelihood and the impact of such an incident. Our approach is based on international best practice and continuous improvement. The recent events in Sweden don’t change our resilience – but they do reinforce the importance of transparency and vigilance.
Avtar: What makes CatalystOne’s security different?
Christian: There are several layers to our security strategy, and together they give us – and our customers – confidence that their HR data is safe:
- ISO 27001 certification
We are certified under the international ISO 27001 standard. That means our Information Security Management System isn’t just designed to protect your data – it’s independently audited on a regular basis. For you as a customer, this isn’t just a certificate on the wall: it’s a guarantee that we follow proven, globally recognised best practices. We treat compliance as a floor, not a ceiling, and we invite our customers to ask us questions and hold us accountable. - Resilience against ransomware
We take a “defence-in-depth” approach. That means multiple layers of protection: advanced endpoint security, network monitoring, and the use of immutable backups that cannot be changed or deleted by attackers. If a system is ever compromised, we can restore from clean backups – quickly and safely. In practice, this gives you peace of mind that even in a worst-case scenario, we can help you keep business moving. - Continuous monitoring
Security is not something we check once a year – it’s something we live every day. Our environments are monitored 24/7 by both our internal specialists and an external Security Operations Center. This means any unusual activity is picked up fast, and action is taken before it becomes a threat to you. In our partnership with customers, we see this vigilance as part of the value we provide: you shouldn’t need to worry, because we’re already watching. - Zero trust approach
Access to systems and data is tightly controlled through Single Sign-On, Multi-Factor Authentication, and role-based permissions. We follow the principle of “least privilege”, which means no one – not even our own employees – has more access than they absolutely need. For customers, this translates into a system where sensitive HR data is only visible to the right people, at the right time, and for the right reason. - Regular testing and training
Technology alone isn’t enough – people matter too. That’s why we regularly run penetration tests and security assessments to challenge our systems. At the same time, we invest heavily in ongoing training for our employees, because a well-informed team is the best line of defence. In our eyes, this is also a partnership: when you choose CatalystOne, you’re choosing a team that is continuously learning, testing, and improving on your behalf.
Avtar: How do you ensure business continuity if the unexpected happens?
Christian: We operate with redundancy and recovery in mind. Our disaster recovery plans are regularly tested, and we maintain immutable backups so that even in a worst-case scenario, we can restore operations securely and quickly. What this means for customers is simple: even if the unexpected happens, your HR processes can continue with minimal disruption.
Avtar: What would you say to customers who are worried right now?
Christian: First, we understand your concern. Incidents like this are reminders of how critical trust and security are in our industry. At CatalystOne, your data is not just numbers in a system – it represents your people. That’s why protecting it is our highest priority.
We see ourselves as more than just a vendor. We’re your partner – a Nordic partner, close to you and accountable to the same regulations you operate under. That closeness matters, because it means we share the same context, the same concerns, and the same commitment to protecting your organisation.
Avtar: Any final thoughts?
Christian: Yes – digital HR systems are essential for modern organisations, but they also need to be safe. Our promise is simple: CatalystOne is dedicated to being a secure, resilient, and responsible partner you can rely on – especially in moments like this.
