Cybersecurity

As businesses and governments become increasingly vulnerable to cyber attacks, everyone should take cybersecurity seriously. We have solid experience in helping and advising Danish and international organisations on cybersecurity and management-based digital risk control. We are also ready to help you.

Digitisation is deeply embedded in every part of society, business life and everyday life. And the use of digital technologies is essential for governments and businesses to perform their core tasks and remain competitive. The EU has designated the 2020s as the “Digital Decade” with the ambition to make Europe global forerunner in digitisation. It places greater cybersecurity demands on businesses and draws attention to the key role of management. 

We advise your organisation on cybersecurity

We have in-depth experience in cybersecurity, information security and data security. We are ready to help your organisation with our specialist and up-to-date knowledge of trends and best practices - both in Denmark and internationally. We are co-authors of the only recognized board guide on cybersecurity in Denmark and have a wide network of leading cybersecurity experts around the world which we are continuously expanding. 

You may expect our advice to include, inter alia, an assessment as to whether your organisation complies with current rules, recommendations as to which specific measures you should take, and assistance in the event that your data and digital assets are attacked. If technical assistance is needed, we cooperate with leading specialists.

Examples of our services:

  • Strategy and management: maturity analysis of the cyber risk management measures taken by the management and the organisation, management responsibility for cybersecurity, and the management’s establishment of a framework for the cybersecurity efforts.
  • Regulatory: existing and future cybersecurity regulation for specific sectors, industries and technologies, GAP analysis between the current organisational measures and cybersecurity requirements and scope and jurisdiction in case of cross-border activities and groups.
  • Risk management: best practices and statutory requirements for cyber risk management, including risk management models, risk understanding, risk appetite, risk assessments, controls, audits, reporting and governance (lines of defence).
  • Contracts: supply contract risk assessments and security requirements, standards, reporting, audits, documentation, liability, insurance, force majeure etc. in contracts. Also checking compliance with legislation, guidelines and current standards such as the ISO27000 series, the CIS controls and sector- and technology-specific frameworks. 
  • Insurance: assessment of insurance terms and coverage, including in light of the organisation's risk profile and appetite.
  • Preparedness: response in the event of security incidents, including handling of data breaches and reporting of incidents to the supervisor, preservation of evidence, sanctions, cross-border implications, management liability, liability for damages, insurance, and disputes.
  • Training: mandatory training sessions for management and staff members and continuous updating of the executive board and the board of directors on cyber-related issues.

Feel free to contact us if you want to discuss a possible cooperation or need cybersecurity advice.

...

 

NIS2 and DORA - requirements for management-driven digital risk management 

The new cybersecurity rules require Danish companies and authorities to increase their resilience to cyber attacks, including in relation to management-driven risk control.

The NIS2 Directive and the DORA Regulation are essentially about requirements for digital risk management by managers and organisations. While IT security is not a new thing, Danish companies have not had many years to understand and manage digital risks. Whether it is a good idea to regulate risk management in detail  can be debated. But the reality is that organisations have been too slow to grasp the magnitude of the risk - also at management level - and this has to be taken into account in the regulation.

...

Role and responsibility of management 

Few organisations can meet the upcoming cybersecurity requirements today. The cyber threat is constantly changing, and the risk of cyber attacks has increased dramatically in just a few years. Many executives are unfamiliar with cyber risk management. In addition, many organisations do not have a management-driven cybersecurity strategy or a common understanding of how to articulate and manage digital/cyber risks - from a technical, operational, organisational, financial, and contractual perspective.

The efforts to increase the cybersecurity level before entry into force of NIS2 and DORA are expected to be difficult and extensive.

Danish companies and authorities should start now preparing for the new 2024 cybersecurity rules by establishing, first of all, whether they are subject to the new rules and, if so, to check if they are compliant.

Ultimately, the senior management - i.e. the board of directors and the executive board - are responsible for providing the framework for protection of the organisation’s digital business. 

Contact

Christel Teglers

Christel Teglers

Partner (Copenhagen)
Dir. +45 38 77 46 93
Mob. +45 61 61 30 34
cht@kromannreumert.com
Søren Skibsted

Søren Skibsted

Partner (Copenhagen)
Dir. +45 38 77 43 83
Mob. +45 24 86 00 19
ssk@kromannreumert.com
Meet the team

Content from the practice area

See all content from the practice area

News service