糖果派对

By Professor Jan Stentoft, Department of Business and Sustainability, 糖果派对, Associate Professor Vincent Keating, Center for War Studies, 糖果派对, Associate Professor Marco Peressotti, Department of Mathematics and Computer Science, 糖果派对, and Assistant Professor Peter Mayer, Department of Mathematics and Computer Science, 糖果派对.

A lack of proper cybersecurity measures in both private businesses and government agencies in Denmark is becoming a bigger problem – partly because society is becoming more digitalised. The Danish Centre for Cybersecurity currently rates the threat level for Denmark as very high. This is due to rising geopolitical tensions and the risk that hostile state actors could exploit cyber weaknesses to target Danish organisations or disrupt the country’s economic and political stability. Cyberattacks have become more precise, often involving ransomware that locks computer systems or data breaches. These attacks target critical infrastructure such as energy supply, healthcare and transport. Danish companies and institutions are also at risk from supply chain attacks, where hackers gain access through third-party suppliers – many of which are outside the control of Danish authorities.

How do we make sure that both public and private organisations take the cybersecurity threat landscape seriously? For some, cybersecurity is guided by the Network and Information Security Directive, NIS2, which is expected to take effect from 1 July 2025. This EU regulation builds on the original NIS Directive and is designed to address the growing cyber threats facing network and information systems. The aim is to ensure a more consistent and effective approach to cybersecurity across the EU and strengthen the resilience of critical sectors in member states.

NIS2 expands cybersecurity requirements for the sectors and businesses it covers and introduces stricter rules for risk management, incident reporting and cooperation between EU countries. Among other things, the directive requires more businesses to put strong security measures in place and report cyber incidents to the relevant authorities within a short time limit. In Denmark, NIS2 is expected to have a big impact on public and private actors in sectors like energy, healthcare, transport and finance.

But why shouldn’t all businesses have to follow cybersecurity rules? After all, the regulations are specifically designed to help businesses defend themselves against cyberattacks. An attack can bring a business to a standstill for days, weeks, months or years depending on its severity and whether a ransom is demanded by hackers. By comparison, the Danish Veterinary and Food Administration helps keep food safe, protects animal welfare and supports public health while building consumer trust in food products. It regulates the production, import and sale of food across all businesses in the industry to ensure that they comply with applicable standards and legislation. It also informs consumers and businesses about rules and recommendations on food safety, nutrition and animal welfare, which helps ensure a safe and healthy environment for businesses, people and animals in Denmark. Contaminated food can cost lives and put businesses at risk. Similarly, poor cybersecurity can threaten a company’s survival and lead to job losses.

A national cybersecurity agency would help us improve prevention, response and oversight. Cyberattacks are developing fast and can seriously impact businesses and society in the form of financial losses, critical data leaks, reputational damage and loss of public trust in digital services. Such an agency could focus on training in preventive measures and security standards, and ensuring quick responses to urgent threats. By bringing these capabilities together under one agency, Denmark could take a more proactive and dynamic approach to cybersecurity.

A cybersecurity agency could serve as a knowledge hub and resource for both public and private organisations. Many companies, especially small and medium-sized enterprises, lack the necessary resources and expertise to protect themselves against cyberattacks. Advice, training and tools can make it easier for companies to strengthen their cybersecurity. This is especially important as supply chain attacks and breaches involving subcontractors are becoming more common. Even businesses that do not seem like obvious targets still need strong cybersecurity measures and contingency plans. Every company must understand the cybersecurity requirements they need to set when working with both Danish and international suppliers and subcontractors.

A cybersecurity agency could also help build greater public trust. Today, most services are digitalised, and people rely heavily on technology in their daily lives. This makes it important to ensure trust in the security of data and systems. People need to feel confident that the systems are safe for digitalisation to continue to benefit society. By clearly communicating and managing cybersecurity, a cybersecurity agency could help citizens feel safe when using digital solutions.

Of course, setting up a new agency would involve extra costs and some added bureaucracy. But the costs of not investing in cybersecurity could be far higher through financial losses, decline in public trust, damage to critical infrastructure and loss of sensitive public and private data. A coordinated, strategic approach to cybersecurity would be a long-term investment in Denmark’s security and stability.

A cybersecurity agency could carry out oversight tasks such as random security audits to assess security levels. Other activities could include certification schemes, training and advisory services, incident reporting and issuing directives, fines or sanctions. Implementing these kinds of regulatory functions, while also making resources available to meet the goals, will help ensure that Danish companies take cybersecurity more seriously and live up to their responsibility to protect themselves, their business partners and society from cyberattacks.

Setting up a cybersecurity agency would be a natural and necessary step in Denmark’s digitalisation process. The agency would not only strengthen the country’s capacity to handle today’s complex cyber threats, but also prepare it to tackle future challenges. By creating a central agency to coordinate efforts, promote cooperation with international partners and raise public awareness of cybersecurity, Danish companies would be better prepared to combat cybercrime. Cybersecurity is not just a technical challenge, but also an organisational and managerial task. We need to treat it as a societal necessity that requires a holistic and targeted approach.

This feature was published in Jysk Fynske Mediers Erhverv+, on Thursday, 6 February 2025.