Escalating cybersecurity threats confront organizations across Värmland, a landlocked region in western Sweden, exposing critical gaps in regional cyber resilience. Method: Employing a mixed-methods qualitative approach—integrating structured questionnaires and in-depth interviews—the study systematically assessed cybersecurity preparedness and capacity-building needs among local enterprises and public-sector entities. Results: Findings reveal pervasive deficiencies, including low security awareness, acute shortages of qualified personnel, and insufficient resource allocation; additionally, region-specific challenges emerged, such as SMEs’ heavy reliance on external support and the absence of formal cross-sectoral coordination mechanisms. To address these, the paper proposes a context-sensitive Cybersecurity Capability Development Framework tailored to inland Scandinavian regions, structured along three interdependent dimensions: education pathways, collaborative governance, and tiered capacity empowerment. Empirical validation confirms its transferability across Sweden and analogous under-resourced regions. This work contributes both a theoretically grounded model and an actionable implementation blueprint for enhancing subnational cybersecurity resilience.

A rapidly growing number of cybersecurity threats and incidents demands that Swedish organisations increase their efforts to improve their cybersecurity capacities. This paper presents results from interviews and a prior survey with key representatives from enterprises and public sector organisations in the Swedish region of Värmland in Inner Scandinavia, examining their cybersecurity readiness and needs for education and competence development. We discuss the generalizability of our findings and the extent to which they may be specific to Sweden and Värmland, and we conclude by proposing efforts to strengthen cybersecurity competences in Inner Scandinavia.