There are frequent reports of cyber intrusions in everyday media. Attacks in the cyber domain have become commonplace and even USA with the world’s largest military falls short in deterring all hostile actors from conducting actions such as espionage and theft in the cyber domain. Considering the hardship of a superpower like the USA of deterring hostile action in the cyber domain, the question arose of how a small state such as Sweden aspire to solve this problem. The aim of this thesis was to describe Swedish strategy by using an analytical framework based upon N.J. Ryan’s theory of successful cyber deterrence. The results show that only deterrence by association can be clearly identified within current Swedish strategy. The current action plan for information and cyber security does not contain processes that changes this fact. Försvarsberedningens rapport om motståndskraft expresses that norms exist for the cyber domain and work continues to develop them further. This entails that the components of deterrence by norms and taboos is part of Swedish strategy, although not clearly expressed in the current version. To deter by punishment or denial, actions are needed to provide credibility. There are no clear threats of retaliation in the strategy, nor is it clearly expressed what capabilities Sweden possesses to act defensively or offensively within the cyber domain.