Executive
OUR SHARED CYBER DEFENCE IS MORE IMPORTANT THAN EVER BEFORE
Nordic Business
The war in Ukraine, the surging number of cyber-attacks from other nations and global unrest have made Danish citizens and politicians aware that the security threat against Denmark is real and concrete.
“Investing in new equipment and personnel to protect Denmark isn’t sufficient. The threat today is hybrid, fragmented and, not least, digital, which is why we propose four key focus areas that politicians should prioritise in the upcoming defence negotiations,” says Jacob Herbst, CTO of Dubex A/S, member of the National Cyber Security Council and chairperson of the Danish ICT Industry Association’s policy board for cyber security.
The current defence is underfunded and has built up a large technological debt, and many critical public systems need to be adequately secured. At the same time, cyber security lags behind in many companies, and the competencies required to solve security challenges don’t exist. In its defence policy proposal, the Danish ICT Industry Association, therefore, recommends four strategic focus areas to strengthen Denmark’s cyber defence and resilience.
1. Strengthening public IT systems and critical infrastructure
According to the Danish Government IT Project Council, a large proportion of critically important public IT systems don’t have satisfactory IT security, and several state authorities don’t live up to the minimum technical requirements for IT security. Most recently, the National Audit Agency has expressed strong criticism in a report on the IT preparedness of 13 systems that are critical to society. Regions and municipalities need to catch up when it comes to IT security.
“In a digitalised country like Denmark, cyber security in public IT systems is vital for us to function as a country and to ensure the citizens’ trust in the public sector. We need to invest in better cyber security to be better prepared for all types of cyber-attacks,” says Jacob Herbst.
The Danish ICT Industry Association suggests the following:
- A markedly increased level of investment in public IT systems and infrastructure.
- Mandatory cybersecurity training courses in the public sector.
- Increased coordination between authorities across states, regions, and municipalities.
- Increased focus on public-private collaboration (OPS).
2. Strengthening cyber defence in Danish companie
Danish companies are increasingly the target of cyber-attacks and cybercrime, negatively impacting Danish society and our digital cohesion. Many companies also carry out tasks that are critical to society. More than half of Danish companies have been affected by at least one security incident in the past 12 months, and analyses show that the IT security level is too low in more than 40% of Danish SMEs. In addition, 16% of the observed Russian cyber-attacks during the war in Ukraine targeted Denmark and the Nordic region.
“Companies need to take the threat seriously and live up to their responsibility. We must not and cannot accept that a large part of the Danish business sector will stop functioning if they are hit by cyber-attacks. It is, therefore, a major task to upgrade the IT security of especially small and medium-sized Danish companies,” Jacob Herbst says.
The Danish ICT Industry Association suggests the following:
- A public-private partnership that collects and shares knowledge on cyber threats and incidents.
- Targeted efforts to raise the minimum level of security in SMEs.
- The changed mandate for CFCS includes requirements of increased efforts concerning civil society.
- A rapid and efficient Danish implementation of the NIS2 Directive.
3. Training in cyber security competencies
According to DIGITALEUROPE, a shortage of 200,000 cyber security experts exists in Europe. The Council for Digital Security estimates that by 2030 Denmark will see a shortage of 15-20,000 full-time resources within cyber- and information security.
“We won’t get far with our national cyber security if we don’t have enough skilled people to solve the tasks. More than one in three Danish IT companies are currently looking for employees with cyber competencies, so trained and upskilled in cyber security,” Jacob Herbst says.
The Danish ICT Industry Association suggests the following:
- Urgent investment in the education of more cyber specialists in Denmark.
- Increased integration of cyber security knowledge in relevant (IT) education programmes.
- Increased supplementary training or continuing education in cybersecurity.
- Establishing ‘IT security driver’s licences.
- Training, recruitment and retention of IT and cyber security competencies in the Danish Defence.
- Ensuring that we attract and retain more international students and talents within cyber security.
Most read
FACTS
The Danish ICT Industry Association helps its members, the industry, and society grow daily. We’re passionate about creating a digital society for everyone. A global society that’s growing, and in which Denmark stands as a beacon because we utilise technology for the benefit of the climate, the economy and the individual.We let the enthusiasts among our members set the direction for a better future. This benefits Denmark, the business sector, the individual citizen and our member companies.
Read more at www.itb.dk