Preparedness and the requirements for critical communications have been in place for a long time, but recent disruptions and growing uncertainty have made their importance far more tangible. Organisations increasingly need to ensure their ability to operate in situations where they cannot rely on external systems or assumptions of global availability. Secapp’s year 2025 reflects this shift through the lens of critical communications and independence.
In 2025, the media¹ also highlighted on a broad scale what has been at the core of Secapp’s work from the very beginning: preparedness and critical information must reach the right people quickly and reliably – even when situations do not unfold according to plan. It has become clearer than ever that preparedness and operational continuity are no longer seen as separate security themes, but increasingly as part of everyday leadership and decision-making.
Several simultaneous changes were driving this development. Disruptions and threat scenarios became more diverse, their impacts expanded from isolated events to entire supply chains, and regulation tightened at the same time. The EU’s cybersecurity directive (NIS2), as well as national legislation and certification requirements, encouraged organisations to develop preparedness in a more systematic and verifiable way.
Key highlights for Secapp in 2025 included:
- Secapp’s role as a critical communications and preparedness solution strengthened in demanding operating environments.
- International customer references and pilots progressed in healthcare, industry, and public authority environments.
- Partnerships and procurement channels expanded, lowering the threshold for adoption – especially in the public sector.
- Internal development and controlled growth strengthened Secapp’s operational capability and business.
Independence and self-reliance moved to the forefront
At the same time, the discussion increasingly focused on the importance of independence and self-reliance. In disruption scenarios, organisations cannot assume that critical capabilities will always be available from outside Europe or Finland. The functionality and control of key systems must be ensured even under exceptional circumstances.
Amid these developments, a contradiction also became apparent: while the importance of preparedness is understood more broadly, practical readiness in many organisations has not yet reached the same level as the requirements.
– 2025 clearly showed that organisations’ interest in investing in preparedness has grown. We saw it in increased security budgets, in the media and public debate, in rising enquiries and in broader adoption – just to name a few examples, says Secapp CEO Kari Aho.
The gap between requirements and practice is still real
Although preparedness appeared on leadership agendas more often in 2025, there are still gaps in practical readiness. In many organisations, operating models remain partly tacit knowledge, and documented plans or exercises are insufficient relative to the demands of the operating environment.
– For many organisations, preparedness is still largely tacit knowledge. And even when operating models are documented, only a small share have practiced them in real life, Aho notes, referring for example to a study by Technology Industries of Finland, according to which fewer than 10% of organisations have practiced crisis situations and related plans in practice.
The international Business Continuity Institute (BCI) study, BCI Emergency & Crisis Communications Report 2025, supports this observation. According to the report, the most common reason for not achieving the desired response in a crisis is the inability to reach staff or other key recipients: 61% of respondents identify this as the single biggest challenge. At the same time, only around 25% of organisations report using a dedicated solution specifically designed for critical communications or crisis management.
Exercises reveal true operational capability
Tighter regulation has made the gap between preparedness requirements and organisations’ real operational readiness more visible. In Finland, NIS2 requirements have been incorporated into the Cybersecurity Act, and preparedness legislation as well as occupational safety obligations also steer organisations toward documented and verifiable operating models. Aho emphasises that these requirements are not merely separate obligations—they are an excellent tool for ensuring business continuity and personnel safety.
In 2025, the role of safety exercises came up in discussions more often than before, but it has not yet become a widely established practice. Exercises are, however, an effective way to identify where plans, communications, and collaboration can be taken to the next level – or, in the worst case, where they still fail to meet practical requirements.
Secapp itself also participated during the year in the Finnish nationwide Taisto exercise. The exercise revealed several concrete areas for improvement in critical communications and operating models, and reinforced the understanding of how significant tested capability is in disruption situations.
Reachability, reliability, and responsiveness in disruption scenarios
Last year highlighted more clearly than before what critical communications require in practice. In disruption situations, communications must work reliably and support decision-making under pressure.
According to Aho, Secapp has intentionally invested in these core requirements in recent years. Reliability, resilience, and the ability to operate even in disruption scenarios have guided both product development and operating model design.
– In critical communications, the most important thing is trust. When you start dealing with an organisation’s core processes and sensitive information, you must be able to trust the provider and the people behind it. Only after that do you evaluate the reliability of the technology, Aho says.
Omnichannel delivery and reachability are essential in critical communications. In a disruption scenario, you cannot assume that everyone can be reached in the same way or through the same channel. That is why backup communications and multiple parallel channels are crucial.
– We can’t assume that every person will always be reachable through the same communication channel. Communication has to work even when one channel fails, and at Secapp we’ve built this in as a centralised solution, Aho says.
Capturing attention is also a key part of the overall capability. People are overloaded from many directions in everyday life, and a critical message must cut through.
– If the situation is truly serious, attention must be captured immediately – regardless of time of day or location. Even seconds can matter, Aho says.
These core requirements – trust, reachability, and rapid response – form the foundation of critical communications regardless of industry or organisational size.
International customer references
In 2025, Secapp advanced internationally through pilots, expansions, and new market openings.
Among the international initiatives, the pilot implemented with Arnprior Regional Health hospital was one of the year’s most significant individual customer references. Secapp was integrated into existing systems, and legacy infrastructure did not need to be replaced. Benefits were seen in responsiveness, preparedness, and reduced manual work. This was also a strong example of effective partnership with Canada-based Brightbuild FPS, which was responsible for the successful local deployment of the Secapp solution.
In industry, Secapp’s use expanded particularly in environments where personnel work in the field or across dispersed industrial sites. One of the world’s largest industrial gas producers, Linde, uses Secapp in the Baltic countries to support lone worker safety and rapid response. Swedish company Dafgårds is another example of an industrial environment where the solution supports safety and disruption readiness.
At EU level, Secapp was involved in environments where situational awareness and response extend across borders. GeoSphere Austria uses Secapp as part of the ARISTOTLE multi-hazard model, where alerts, acknowledgements, and situational updates related to weather phenomena and other natural hazards are coordinated at EU level.
New market openings and international collaboration
In the United Kingdom, Secapp deepened its collaboration with Nokia and progressed with a local telecom operator to improve crisis preparedness and information flow in railway environments. In 2025, the joint offering was presented to several UK train operating companies.
In Estonia, Secapp’s use continued under a framework agreement covering the entire healthcare system and ambulance services, and expanded further – especially in hospital environments. International collaboration also progressed with Telia and Senop Communications as reseller- and partnership-based operating models were advanced both in Finland and internationally.
In addition, Secapp formed a new international partnership with Sigma Wireless, and together the companies won a significant customer contract in Ireland related to safeguarding lives.
Partners and procurement channels lowered the threshold for adoption
In 2025, Secapp’s partnerships and procurement channels strengthened the overall buyability and deployment of the solutions. This was particularly important in environments where critical communications solutions are needed quickly and where lengthy procurement processes or heavy deployment projects are not feasible. One concrete example was the expanded cooperation with Atea Finland: during the year, Secapp also became available via Velora Verkkokauppa Plus, enabling procurement through pre-tendered channels especially for wellbeing services counties.
Secapp’s role increasingly became part of broader solution landscapes where critical communications connect with physical security, industrial processes, lone working, or private networks. In these environments, the solution is not a stand-alone system, but part of an operational whole that must also withstand disruption scenarios.
Cooperation with Telia and Nokia brought Secapp into private networks and container-based on-premise environments, enabling Secapp to operate locally if needed – even without internet connectivity – emphasising high preparedness and independence from external factors.
With Detector and Certego, Secapp complemented gas monitoring, control room, and personnel safety solutions in situations where communication and value-added services must work seamlessly alongside other systems. Certego, for example, played a significant role in the expansion of Secapp use within the Prison and Probation Service of Finland.
The role of resellers strengthened further, and for example the 2024 reseller LukkoLuket continued strong delivery. In educational and healthcare environments, cooperation with Eastsec was further developed, leading, among other things, to the City of Kouvola deciding to deploy the safety app across all schools and daycare centres.
Through partnerships, Secapp has been brought into operating environments where the requirements for critical communications are high and operational resilience is essential for smooth day-to-day operations.
Internal development enabled controlled growth
Alongside external requirements and international expansion, Secapp’s own operational capability also developed in 2025. The team grew, as did the strong spirit of collaboration, which the entire organisation is committed to strengthening further.
– On a big-picture level, last year we achieved almost all of our goals – whether related to new development initiatives, partner operations, or customer accounts. There were a few bumps along the way, but the overall trend was clearly that we met – and even exceeded – our targets in a challenging global environment. That motivates us and helps us keep moving forward, Aho says.
Technology development continued on a broad front. In 2025, progress was made in areas including:
- Voice and video connection launched alongside an alert to support personal safety.
- Expanded security controls and improved password practices.
- Extended APIs and stronger automation in integrations.
- Performance optimisation as user volumes increased.
- More precise location data handling for use cases where location is essential.
- Ability to deliver Secapp more lightly as a “partner- or customer-deployed container” for local environments and on-premise implementations.
- In addition, we began exploring how AI could be used securely as part of preparedness and situational awareness.
Entering 2026 from a strong foundation
From Secapp’s perspective, the year was strong overall. International initiatives, deepening partnerships, and expanding customer environments were also reflected in business development through profitable growth:
- In 2025, Secapp’s revenue was €5.6 million.
- The number of users grew to approximately 150,000 across multiple industries and market areas.
- Usage remained highly active, including more than 10 million alerts sent.
- Secapp’s organisation grew in a controlled manner, with headcount rising to 46 employees.
Secapp enters 2026 at a time when preparedness requirements are no longer open to interpretation. They are visible in regulation, in customer expectations, and in real-life disruption scenarios. At the same time, there is growing demand for solutions that do not remain at the level of plans, but work when they are truly needed.
Sources:
1 How Finland prepares for crises – the new security strategy speaks more directly about preparedness for war, Yle, 16 Jan 2025
1 If a crisis hits, most of Finland’s infrastructure is in the hands of companies – only a few are properly prepared, MTV News, 5 Nov 2025
1 EU adopts blueprint to better manage European cyber crises and incidents, Council of the European Union, 6 Jun 2025
1 Danish PM: airport drone incursion a ‘serious attack’ on critical infrastructure, The Guardian, 23 Sep 2025
Preparedness and the requirements for critical communications have been in place for a long time, but recent disruptions and growing uncertainty have made their importance far more tangible. Organisations increasingly need to ensure their ability to operate in situations where they cannot rely on external systems or assumptions of global availability. Secapp’s year 2025 reflects this shift through the lens of critical communications and independence.
In 2025, the media¹ also highlighted on a broad scale what has been at the core of Secapp’s work from the very beginning: preparedness and critical information must reach the right people quickly and reliably – even when situations do not unfold according to plan. It has become clearer than ever that preparedness and operational continuity are no longer seen as separate security themes, but increasingly as part of everyday leadership and decision-making.
Several simultaneous changes were driving this development. Disruptions and threat scenarios became more diverse, their impacts expanded from isolated events to entire supply chains, and regulation tightened at the same time. The EU’s cybersecurity directive (NIS2), as well as national legislation and certification requirements, encouraged organisations to develop preparedness in a more systematic and verifiable way.
Key highlights for Secapp in 2025 included:
- Secapp’s role as a critical communications and preparedness solution strengthened in demanding operating environments.
- International customer references and pilots progressed in healthcare, industry, and public authority environments.
- Partnerships and procurement channels expanded, lowering the threshold for adoption – especially in the public sector.
- Internal development and controlled growth strengthened Secapp’s operational capability and business.
Independence and self-reliance moved to the forefront
At the same time, the discussion increasingly focused on the importance of independence and self-reliance. In disruption scenarios, organisations cannot assume that critical capabilities will always be available from outside Europe or Finland. The functionality and control of key systems must be ensured even under exceptional circumstances.
Amid these developments, a contradiction also became apparent: while the importance of preparedness is understood more broadly, practical readiness in many organisations has not yet reached the same level as the requirements.
– 2025 clearly showed that organisations’ interest in investing in preparedness has grown. We saw it in increased security budgets, in the media and public debate, in rising enquiries and in broader adoption – just to name a few examples, says Secapp CEO Kari Aho.
The gap between requirements and practice is still real
Although preparedness appeared on leadership agendas more often in 2025, there are still gaps in practical readiness. In many organisations, operating models remain partly tacit knowledge, and documented plans or exercises are insufficient relative to the demands of the operating environment.
– For many organisations, preparedness is still largely tacit knowledge. And even when operating models are documented, only a small share have practiced them in real life, Aho notes, referring for example to a study by Technology Industries of Finland, according to which fewer than 10% of organisations have practiced crisis situations and related plans in practice.
The international Business Continuity Institute (BCI) study, BCI Emergency & Crisis Communications Report 2025, supports this observation. According to the report, the most common reason for not achieving the desired response in a crisis is the inability to reach staff or other key recipients: 61% of respondents identify this as the single biggest challenge. At the same time, only around 25% of organisations report using a dedicated solution specifically designed for critical communications or crisis management.
Exercises reveal true operational capability
Tighter regulation has made the gap between preparedness requirements and organisations’ real operational readiness more visible. In Finland, NIS2 requirements have been incorporated into the Cybersecurity Act, and preparedness legislation as well as occupational safety obligations also steer organisations toward documented and verifiable operating models. Aho emphasises that these requirements are not merely separate obligations—they are an excellent tool for ensuring business continuity and personnel safety.
In 2025, the role of safety exercises came up in discussions more often than before, but it has not yet become a widely established practice. Exercises are, however, an effective way to identify where plans, communications, and collaboration can be taken to the next level – or, in the worst case, where they still fail to meet practical requirements.
Secapp itself also participated during the year in the Finnish nationwide Taisto exercise. The exercise revealed several concrete areas for improvement in critical communications and operating models, and reinforced the understanding of how significant tested capability is in disruption situations.
Reachability, reliability, and responsiveness in disruption scenarios
Last year highlighted more clearly than before what critical communications require in practice. In disruption situations, communications must work reliably and support decision-making under pressure.
According to Aho, Secapp has intentionally invested in these core requirements in recent years. Reliability, resilience, and the ability to operate even in disruption scenarios have guided both product development and operating model design.
– In critical communications, the most important thing is trust. When you start dealing with an organisation’s core processes and sensitive information, you must be able to trust the provider and the people behind it. Only after that do you evaluate the reliability of the technology, Aho says.
Omnichannel delivery and reachability are essential in critical communications. In a disruption scenario, you cannot assume that everyone can be reached in the same way or through the same channel. That is why backup communications and multiple parallel channels are crucial.
– We can’t assume that every person will always be reachable through the same communication channel. Communication has to work even when one channel fails, and at Secapp we’ve built this in as a centralised solution, Aho says.
Capturing attention is also a key part of the overall capability. People are overloaded from many directions in everyday life, and a critical message must cut through.
– If the situation is truly serious, attention must be captured immediately – regardless of time of day or location. Even seconds can matter, Aho says.
These core requirements – trust, reachability, and rapid response – form the foundation of critical communications regardless of industry or organisational size.
International customer references
In 2025, Secapp advanced internationally through pilots, expansions, and new market openings.
Among the international initiatives, the pilot implemented with Arnprior Regional Health hospital was one of the year’s most significant individual customer references. Secapp was integrated into existing systems, and legacy infrastructure did not need to be replaced. Benefits were seen in responsiveness, preparedness, and reduced manual work. This was also a strong example of effective partnership with Canada-based Brightbuild FPS, which was responsible for the successful local deployment of the Secapp solution.
In industry, Secapp’s use expanded particularly in environments where personnel work in the field or across dispersed industrial sites. One of the world’s largest industrial gas producers, Linde, uses Secapp in the Baltic countries to support lone worker safety and rapid response. Swedish company Dafgårds is another example of an industrial environment where the solution supports safety and disruption readiness.
At EU level, Secapp was involved in environments where situational awareness and response extend across borders. GeoSphere Austria uses Secapp as part of the ARISTOTLE multi-hazard model, where alerts, acknowledgements, and situational updates related to weather phenomena and other natural hazards are coordinated at EU level.
New market openings and international collaboration
In the United Kingdom, Secapp deepened its collaboration with Nokia and progressed with a local telecom operator to improve crisis preparedness and information flow in railway environments. In 2025, the joint offering was presented to several UK train operating companies.
In Estonia, Secapp’s use continued under a framework agreement covering the entire healthcare system and ambulance services, and expanded further – especially in hospital environments. International collaboration also progressed with Telia and Senop Communications as reseller- and partnership-based operating models were advanced both in Finland and internationally.
In addition, Secapp formed a new international partnership with Sigma Wireless, and together the companies won a significant customer contract in Ireland related to safeguarding lives.
Partners and procurement channels lowered the threshold for adoption
In 2025, Secapp’s partnerships and procurement channels strengthened the overall buyability and deployment of the solutions. This was particularly important in environments where critical communications solutions are needed quickly and where lengthy procurement processes or heavy deployment projects are not feasible. One concrete example was the expanded cooperation with Atea Finland: during the year, Secapp also became available via Velora Verkkokauppa Plus, enabling procurement through pre-tendered channels especially for wellbeing services counties.
Secapp’s role increasingly became part of broader solution landscapes where critical communications connect with physical security, industrial processes, lone working, or private networks. In these environments, the solution is not a stand-alone system, but part of an operational whole that must also withstand disruption scenarios.
Cooperation with Telia and Nokia brought Secapp into private networks and container-based on-premise environments, enabling Secapp to operate locally if needed – even without internet connectivity – emphasising high preparedness and independence from external factors.
With Detector and Certego, Secapp complemented gas monitoring, control room, and personnel safety solutions in situations where communication and value-added services must work seamlessly alongside other systems. Certego, for example, played a significant role in the expansion of Secapp use within the Prison and Probation Service of Finland.
The role of resellers strengthened further, and for example the 2024 reseller LukkoLuket continued strong delivery. In educational and healthcare environments, cooperation with Eastsec was further developed, leading, among other things, to the City of Kouvola deciding to deploy the safety app across all schools and daycare centres.
Through partnerships, Secapp has been brought into operating environments where the requirements for critical communications are high and operational resilience is essential for smooth day-to-day operations.
Internal development enabled controlled growth
Alongside external requirements and international expansion, Secapp’s own operational capability also developed in 2025. The team grew, as did the strong spirit of collaboration, which the entire organisation is committed to strengthening further.
– On a big-picture level, last year we achieved almost all of our goals – whether related to new development initiatives, partner operations, or customer accounts. There were a few bumps along the way, but the overall trend was clearly that we met – and even exceeded – our targets in a challenging global environment. That motivates us and helps us keep moving forward, Aho says.
Technology development continued on a broad front. In 2025, progress was made in areas including:
- Voice and video connection launched alongside an alert to support personal safety.
- Expanded security controls and improved password practices.
- Extended APIs and stronger automation in integrations.
- Performance optimisation as user volumes increased.
- More precise location data handling for use cases where location is essential.
- Ability to deliver Secapp more lightly as a “partner- or customer-deployed container” for local environments and on-premise implementations.
- In addition, we began exploring how AI could be used securely as part of preparedness and situational awareness.
Entering 2026 from a strong foundation
From Secapp’s perspective, the year was strong overall. International initiatives, deepening partnerships, and expanding customer environments were also reflected in business development through profitable growth:
- In 2025, Secapp’s revenue was €5.6 million.
- The number of users grew to approximately 150,000 across multiple industries and market areas.
- Usage remained highly active, including more than 10 million alerts sent.
- Secapp’s organisation grew in a controlled manner, with headcount rising to 46 employees.
Secapp enters 2026 at a time when preparedness requirements are no longer open to interpretation. They are visible in regulation, in customer expectations, and in real-life disruption scenarios. At the same time, there is growing demand for solutions that do not remain at the level of plans, but work when they are truly needed.
Sources:
1 How Finland prepares for crises – the new security strategy speaks more directly about preparedness for war, Yle, 16 Jan 2025
1 If a crisis hits, most of Finland’s infrastructure is in the hands of companies – only a few are properly prepared, MTV News, 5 Nov 2025
1 EU adopts blueprint to better manage European cyber crises and incidents, Council of the European Union, 6 Jun 2025
1 Danish PM: airport drone incursion a ‘serious attack’ on critical infrastructure, The Guardian, 23 Sep 2025
