Denmark · cyber landscape

The Danish threat landscape — numbers, context, and what matters in 2024

Live data compiled from national sources to ground your view of risk in Denmark — report volumes, fraud vectors, SME readiness and critical infrastructure exposure.

Reports (latest year)

NCIK total

YoY growth

Report volume

Losses (2023)

0 kr.

Banking, card, romance & investments

Avg breach cost (global)

IBM 2024

2019–2024 trend

Danish IT-crime reports keep climbing

CFCS shows a step-change from 27k (2022) to 35k (2023). NCIK reports 39,824 for 2024 — another ~14% YoY. The rise tracks increasing smishing/vishing/phishing volumes and better reporting.

Want to stay ahead of cyber threats?

Get insights, alerts, and best practices delivered directly to your inbox.

Fraud vectors

Smishing more than doubled in 2023

Reports with SMS as contact mode jumped from 3,403 (2022) to 7,822 (2023). Vishing rose to 4,340; phishing emails to 2,027.

SMEs

Readiness snapshot (2023)

• Backups: 94%
• Risk analysis: 59%
• Insufficient security: 40%

About 2 in 5 SMEs say their baseline security is not sufficient despite widespread backups and risk analysis.

Resilience

Backup & hosting posture — quick check

Backups that actually save you

One copy offline or immutable (7–30 days). Cloud immutability or tape both fine.
Prove restore: monthly drill for a critical app; track RTO/RPO achieved.
Separate credentials & MFA from production; block backup console from the internet.

Identity & access edges

Phishing-resistant MFA for admins; break-glass accounts stored offline.
Help-desk flows that cannot reset MFA with just email/phone knowledge.
JIT admin rights and session recording on sensitive consoles.

Supplier blast radius

No shared admin accounts with MSPs; per-user, least-privileged access.
Contract for logs & notifications; require evidence of isolation controls.
Segment management networks; default-deny to infrastructure and backups.

Practice outage (not only breach)

Runbook for island-mode; print it. Validate comms when SSO is down.
Pre-approve decisions for takedown / geo-blocking / mail quarantine.
Have an offline channel to reach executives and the incident team.

Use this checklist to brief leadership quarterly. Aim for one measurable improvement per quarter across backups, identity, suppliers and drills.

What the numbers say

Reports of IT-related economic crime rose from 27,038 (2022) to 35,254 (2023), then to 39,824 (2024). The increase mirrors a surge in SMS, phone and email lures. In June 2024, the destructive-attack threat level moved to MEDIUM, reflecting a tougher European environment.

Fraud mechanics: channel is the campaign

Smishing more than doubled in 2023; vishing and phishing also rose. High digital adoption and recognizable identity/payment flows make Denmark attractive to criminals using turnkey kits.

From fraud to outage

In May 2023, 22 Danish energy companies were attacked; several shifted to island-mode. Access flowed through networking gear into ICS boundaries — the exact seam defenders are hardening.

Real money moves

Banks and authorities estimate DKK 464m in losses in 2023 across payment, netbank, investment and romance scams. Global benchmarks put an average breach at USD 4.88m in 2024.

Signals for 2025 planning

Expect SMS first-contact to stay hot; treat it as the main funnel and blunt with filtering & takedown.
Harden identity edges; push phishing-resistant MFA and secure help-desk flows.
Assume supplier compromise; require auditable backup isolation and default-deny access.
Practice outage, not just breach; drill island-mode and comms blackout.

Method notes & limits

We use official Danish sources for volume, composition and readiness; IBM for global breach cost context. Category shares come from the latest widely cited breakdown (2021). Losses reflect specific scam tallies and exclude indirect costs.

Sources