Swedish IT security company
We're a Swedish IT security company specialising in Microsoft 365 for small and medium-sized businesses. PIANOLA is our service that makes your security posture easy to understand and act on, surfaces what to take on first, and documents every step along the way.
We help leadership, IT, and any IT partner share the same picture of where Microsoft 365 stands today and what to take on next.
NIS2 from 2026, your biggest driver right now
The ten areas the directive requires, what PIANOLA handles for you continuously, and what remains the leadership's responsibility. Clear, honest, and straight to the point.
Interactive scenario analysis
Adjust annual revenue, headcount, and industry. The result shows an indicative cost range based on official industry reports, not an exact insurance or audit calculation.
€1M to €180M
10 to 2,000 employees
The model shows indicative business impact, not an exact insurance or audit calculation. The range is conservative and based on public industry figures.
Indicative cost range for an incident
€1.11M to €2.83M
Sources: IBM Cost of a Data Breach Report 2024 (global average 4.88 MUSD, 3.31 MUSD for organisations under 500 employees), Sophos State of Ransomware 2024, FBI IC3 Internet Crime Report 2023, Truesec Threat Intelligence, and Microsoft Digital Defense Report 2024.
What the threat actually looks like
Because your data is already replicated in the cloud, classic file encryption is uncommon. There are also no official figures for whole-environment encryption attacks against Microsoft 365, since that simply isn't how it plays out. The damage comes instead from extortion, leaked data, broken customer trust, and lost brand value, often without a single file being deleted. The cost range above is based on these real attack paths.
An attacker hijacks an ongoing email thread and redirects a payment. The direct cost is low compared to the damage to customer and supplier trust once it surfaces.
Source: FBI IC3 Internet Crime Report 2023 (21,489 BEC reports, ~2.9 billion USD in losses).
Stolen credentials or social engineering of the helpdesk give the attacker access to the entire environment. Your data is held for ransom under the threat of public leaks. The real cost shows up in negotiation, legal counsel, communications, and lost business.
Source: MGM Resorts SEC 8-K filing September 2023 (Scattered Spider, social engineering of the helpdesk).
Files from SharePoint and OneDrive are exfiltrated via legitimate API calls, often without leaving a visible trace. By the time the leak is reported, the damage to the brand is already done.
Source: Cyber Safety Review Board Report April 2024 on Storm-0558 (the incident was described as "preventable").
Here's what LUMRA brings to an organisation working in Microsoft 365.
Leadership, IT, and any IT partner all see the same picture of the Microsoft 365 environment. No competing versions of the truth between technical reports and board minutes.
Every finding becomes a concrete decision with reasoning, consequence, and a suggested owner. Anything de-prioritised stays on the record without cluttering the view.
Once you approve, PIANOLA applies the change in a controlled way. Once you've confirmed the change behaves as expected, you make it permanent. Everything is documented with a clear audit trail.
Three steps repeated continuously, month after month.
PIANOLA runs scheduled scans of your environment through the Microsoft Graph API. Changes are captured, classified, and surfaced as clear findings.
Risks are weighed against business impact and NIS2 relevance. PIANOLA highlights the three actions that deliver the biggest risk reduction right now.
The actions are applied in a controlled way or handled manually by you. The result is followed up in the next scan and becomes evidence for the auditor and insurer.
About the company
LUMRA is a Swedish IT security company that builds and operates PIANOLA. We specialise in Microsoft 365 security and serve small and medium-sized Swedish businesses and their IT partners.
Instead of one-off reports that go stale the day they're filed, we keep the conversation flowing year-round between leadership, IT, and your partner. PIANOLA is how we put that into practice: regular reports, a clear status view, and actions the service can apply directly or hand back to you.
What leadership and IT usually want clarity on before a first walkthrough.
LUMRA is the IT security company. PIANOLA is the service we build and operate. As a customer you sign with LUMRA and use PIANOLA in your Microsoft 365 environment.
No. PIANOLA works alongside your existing IT partner and complements the security work that's already happening. No platform or supplier changes are required.
Yes. PIANOLA adds structure and prioritisation on top of what you're already doing. It becomes clearer for leadership, easier to document against NIS2, and simpler to follow up on actions over time.
PIANOLA requires a Microsoft 365 licence that supports relevant security data, such as Business Premium or Enterprise, plus administrator consent for access via Microsoft Graph. No additional tools or PIANOLA-specific licences are needed.
A first walkthrough takes about an hour. After that you get a monthly report with three priorities to decide on. PIANOLA handles the rest in the background.
Microsoft 365 is where Swedish small and medium-sized businesses keep their business-critical data, identity, and communication. By specialising, we can go deeper and deliver clearer decision support than a generic security tool.
Get in touch
About an hour. No prep needed. You leave with a clear status view and a prioritised list to work from.