More than half of Danish critical infrastructure executives think they should ditch “risky” suppliers over cybersecurity concerns

Copenhagen, Denmark: 7 April 2026 - Digital sovereignty is a major concern for Danish critical infrastructure executives, according to new report from DNV Cyber. More than half (54%) say they rely on third party suppliers from countries where geopolitical tensions are rising, and a similar proportion (52%) would support moving their digital supply chain to allied nations.  

These findings highlight growing concern among Danish critical infrastructure leaders about their organization’s ability to control their own digital destiny and reduce reliance on foreign technology providers as global geopolitical tensions rise.  

“Recent developments in geopolitical sentiment need not mean that Danish companies must ban suppliers from non-allied countries. But they must evolve how they manage supply chain risk in a changing geopolitical world. The global landscape is more volatile, but the fundamentals of good risk management remain the same: What has changed is not the logic, but the stakes,” says Stefán Kristjánsson, Head of Sales, Denmark, at DNV Cyber 

How Cyber Resilient is Denmark? draws on a survey of 200 executives within Danish critical infrastructure organizations and 500 members of the public. The report explores the level of understanding of the threat cyber-attacks represent to the nation. Critical infrastructure industries include energy, transportation, water, healthcare, financial services, and other systems vital for society, the economy, and national security.    

DNV Cyber’s research highlights supply chain cybersecurity as a rapidly emergent risk to Denmark’s critical infrastructure. Supply chains are an attractive target for cyber-attacks as they provide a potential single-entry point to multiple organizations and systems, including to critical infrastructure organizations.  

This matters because supplier related cyber incidents can affect organizations far beyond the original target. For example, Denmark’s 2024 ransomware attack on IT Hotellet, a local hosting and data center provider supporting Odense University Hospital, where attackers gained access via a supplier connection and disrupted hospital operations.  

As supply chain security risks increase, DNV Cyber’s research reveals that Denmark’s critical infrastructure executives are less likely than their peers in other Nordic nations to believe that a cyber-attack targeting key external providers would have an immediate or substantial impact on their organization’s operational capabilities. This comes despite fewer than half (46%) expressing confidence in their organization’s supply chain security.  

This tension arises because, while executives recognize the broader risks posed by third-party suppliers and geopolitical instability, they remain optimistic about their own organization’s ability to manage these threats—potentially underestimating the complexity and interconnectedness of modern supply chains.  

“In many cases, organizations’ confidence in supply chain security is not supported by clear visibility into supplier security or shared preparedness for incidents. This creates a blind spot. Supply chain attacks succeed because digital systems are tightly interconnected, responsibility is fragmented, and vulnerabilities often remain hidden until disruption occurs,” adds Kristjánsson.

Recommendations: Strengthening cyber resilience in Denmark 

The report How Cyber Resilient is Denmark? sets out six recommendations to strengthen Denmark’s cyber resilience:  

1.Ground public confidence in a realistic understanding of cyber resilience 
Align public expectations with the realities of cyber incidents, recovery times, and disruption to prevent loss of trust during major events.  

2. Improve visibility of third parties to map and reduce vulnerabilities 
Strengthen oversight of suppliers and thirdparty dependencies to reduce hidden exposure in the digital supply chain.  

3. Clarify cyber responsibility among executives and the public 
Establish clear ownership of cyber resilience across government, critical infrastructure providers, and citizens.  

4. Collaborate more closely to ensure resilience is a joint endeavour 
Strengthen coordination and informationsharing across sectors to reflect the interconnected nature of cyber risk.  

5. Build skills and technical expertise and make effective use of AI in cyber defence 
Address capability gaps by investing in talent, skills development, and advanced technologies to counter increasingly sophisticated threats.  

6. Focus on the bigger picture 
Treat cyber resilience as a strategic and societal issue—not only a technical or regulatory one—and embed it in leadership, governance, and longterm planning.  

 

About the research 

How Cyber Resilient is Denmark? is published by DNV Cyber and forms part of a broader research programme examining cyber resilience in critical infrastructure across the Nordic region.  

The Denmark focused research draws on:  

  • A survey of 200 senior executives in Danish critical infrastructure organisations, including energy, transport, water, healthcare, and financial services  
  • A survey of 500 members of the Danish public 
  • Indepth interviews with leaders and experts in cyber security and resilience from institutions like Danish Industry (Dansk Industri), Ørsted, the Danish Health Data Authority (Sundhedsdatastyrelsen), AL Sydbank A/S, Green Power Denmark, and DNV Cyber.  
  • The research was developed in partnership with FT Longitude (a Financial Times company). Fieldwork was conducted between November 2025 and January 2026.  

 

About DNV Cyber 

DNV Cyber is a leading cyber security services provider, empowering organisations with complex needs to become safer and more resilient. With a global team of more than 500 cyber security specialists and over 30 years of experience in IT and operational technology security, DNV Cyber safeguards what is critical—enabling businesses and societies to thrive.  

 

About DNV 

DNV is an independent assurance and risk management provider operating in more than 100 countries. Through its broad experience and deep expertise, DNV advances safety and sustainable performance, sets industry standards, and develops solutions that address global transformation challenges.