National Bank of Denmark survey finds high cyber resilience in Danish financial infrastructure but identifies gaps in extreme scenario planning and post quantum readiness

The National Bank of Denmark published an analysis of a sector survey assessing resilience to cyberattacks and other operational incidents among key actors operating Denmark’s critical financial infrastructure, which processes on average more than DKK 700 billion in transactions daily. The survey points to a generally high level of maturity, but with variations across institutions and areas and clear scope for further improvements. Priority gaps include gaining a better overview of data traffic, strengthening protective controls such as access control and network segmentation, preparing for the implementation of quantum-safe encryption, and improving supplier management through executable exit strategies that allow replacement of critical providers without disrupting operations. While respondents report established business continuity, system and data recovery, and crisis management arrangements, preparedness is not always sufficient for the most severe yet plausible scenarios, and some firms still need stronger top-management engagement and ownership of continuity and recovery planning. The survey was conducted at the end of 2024 on a self-assessment basis, covering 19 participants including systemically important banks and mortgage credit institutions, data centres and financial infrastructure companies. The results will be used as input to the Financial Sector Forum for Operational Resilience and discussed with relevant actors as part of the National Bank of Denmark’s oversight of key payment and settlement systems, with individual feedback and anonymised benchmarks provided to each respondent.