Cybersecurity

Denmark is at the forefront when it comes to the use of technology and digital solutions. This brings about great opportunities – but also makes Denmark an obvious target for IT crime. Consequently, there is a great need for research and training in cybersecurity to ensure that technology continues to create value for people.

Denmark is known for being one of the most digitized countries in the world. Most citizens communicate digitally with authorities and the healthcare system through applications such as e-box, borger.dk and so on.

In addition, Denmark is among the countries that have the highest number of smart devices per capita. All our devices – from watches and home security systems to speakers, coffee machines and indoor climate control – can be connected to the internet, so we can control everything from an app on our mobile phone. In 2018, every European owned an average of 5.6 smart devices that were connected to the internet. That number is expected to increase to 9.4 by 2023, according to German market and consumer database Statista.

And it is not only in our private sphere that we are digitized. Danish companies are well on board and offer apps and websites, just as many have moved production, email and digital office tools to the cloud. According to the Center for Cyber Security, 80 per cent of Danish companies that employ more than 100 employees make use of cloud computing, where the software solutions are located on the web rather than on the company's own servers and computers.

Each website, email, app, or smart device, provides a potential access point for IT criminals. They use these access points to enrich themselves through various forms of theft, fraud, and extortion.

The Center for Cyber Security assesses the threat from cyberespionage and cybercrime against Denmark as being very high.

When IT criminals manage to penetrate our systems it can prove to be a costly affair: American research firm Cybersecurity Ventures estimates that the total costs related to cybercrime in 2022 will amount to seven trillion US dollars worldwide.

The aim is there therefore to always be one step ahead of the IT criminals to avoid attacks.

At DTU, researchers contribute with solutions that can increase cybersecurity both today and in the future when the quantum computer becomes a reality.

 

Analysis

American research firm Cybersecurity Ventures predicts that the total damages caused by cybercrime in 2022 will cost 7 trillion US dollars worldwide – and that the total bill will grow to 10.5 trillion US dollars in 2025.

Additional, attacks on a company or organization's IT systems can damage their reputation, and attacks can result in fines if the 'victim' has not complied with the IT security requirements set out by the EU.

According to IBM, the average bill for a cyber intrusion in 2021 was US$4.35 million. This is up 12.7% compared to 2020. 19% of the cases were due to compromised login credentials, while phishing accounted for 16%.

Legislation

In May 2022, the EU adopted a new directive relating to security requirements for critical digital infrastructure, NIS2. It places high demands on cyber security in essential and important companies in several industries such as energy, transport, finance, health and water.

Among other things, companies are required to invest more in cyber security and report significant attacks to an authority within 24 hours. Violation of the rules can trigger a fine of up to 10 million euros or 2 per cent of the company's global annual turnover.

The member states have 21 months to implement the directive.

Report

The consequences of cybercrime are becoming more serious and more extensive as the physical and digital worlds merge. This is the conclusion of the Defense Intelligence Service in their annual report for 2022, which assesses the threats against Denmark.

The Center for Cyber Security, which is part of the Defense Intelligence Service, has similarly set the risk of cybercrime to the highest threat level, and the activity from foreign criminal networks is currently considered 'extremely high'. The most serious threat comes from ransomware attacks, while cybercriminals' opportunities for collaboration, task sharing and specialization enhance the threat.

The head of the center, Thomas Flarup, has stated that cyber attacks are among the most significant risks Danish companies face.