The Danish insurance and pension industries have outlined eight concrete proposals to strengthen cybersecurity, given the country's particular vulnerabilities in this area, according to Insurance and Pension Denmark (I&P Denmark).

The eight proposals include creating a Nordic-Baltic cyber centre in Denmark, simplifying cybersecurity recommendations for small and medium-sized enterprises (SMEs), ensuring legislation addresses risks and includes appropriate deadlines, and that cybersecurity begins with people.

The other four proposals focus on strengthening areas, including the regulation of cloud providers and security in IT products, critical infrastructure and security of supply, advice and support to companies in the fight against the cyber threat, and cyber conscription, which it said is an investment in Denmark's security.

I&P Denmark noted that Denmark is highly digitalised, with key infrastructure, businesses, and daily life all relying on effective digital systems.

The association stated that many key activities in society rely on digital systems, meaning that its societal resilience and cohesion are “extra vulnerable” to cyber attacks, as well as having a “close link” to the insurance and pension industry's services and investments.

I&P Denmark deputy director, Sigrid Floor Toft, said: “We represent an industry that is thoroughly digitalised, and where the exchange of data between customers, suppliers, other financial companies and the public sector is completely natural.

“Cybersecurity is important in our industry. But it also requires that we have a sky-high cross-disciplinary level of security in Denmark, and therefore, we have prepared a number of proposals that we believe can further tighten cybersecurity in Denmark.”

I&P Denmark noted that the Danish government is working on a new national cyber and information security strategy, which is necessary due to cybersecurity challenges across the private and public sectors, despite many years of “strenuous efforts”.

Floor Toft said that there was a “need” to identify the vulnerabilities Denmark has in the cyber area and strengthen the prevention and advice of Danish companies.

For example, she suggested that SMEs have “great development potential”, with more than 40 per cent not having a “sufficient” level of digital security today and needing help to get it.

The insurance and pension industry also suggested there should be higher requirements and better regulation of cloud providers, for cloud solutions to become safer to use in the future.

The association said that in recent years, many Danish companies have increasingly outsourced their IT operations and become "very" dependent on cloud service providers, which has, in turn, created challenges as part of the market is unregulated and dominated by large US tech companies.

According to I&P Denmark, there is also a need to strengthen cybersecurity awareness and skills.

It stated that this would include, among other things, enhancing the structure for and understanding of training individuals with cybersecurity expertise.

It said that then, legislation in the cyber area must be targeted at risks so that it contributes to a greater extent to creating security for the state and companies, rather than just compliance.

“We look ahead to a time when the cyber threat will only become more complex to handle, and we must be prepared for that,” Floor Toft added.

“Therefore, we must take a 360-degree look at the challenge and strengthen both the security of supply and the level of information to companies, as well as educate more people with specialist skills in the field.”

---