Cyberattacks widespread - SMEs need to protect themselves better 

Even though more than 25% of Danish SMEs have experienced cyberattacks, one third of them do not have plans for how to protect themselves against attacks. Two types of fraud are becoming increasingly widespread.

Cybercrime is something Danish businesses have gotten used to





Some 27% of small and medium-sized Danish companies (2-249 employees) have been the subject of a cyberattack. If we look at the largest of the companies in the 50 employees or more category, as many as 43% of them have been the victim of a cyberattack. These are the results of a study by Danske Bank of 900 Danish SMEs.

According to 40% of the companies, cyberattacks pose a threat to the company to some or a high degree, which makes it alarming that one third of the companies do not have a plan for how to protect themselves against such attacks.

We can advise on how SMV's can protect themselves

A successful cyberattack can paralyse your business completely. That is why the senior management of every Danish company – big or small – should focus on establishing a plan for how to handle cybercrime. As their banker, we want to help our customers be protected against financial cybercrime. We regularly advise our customers on how to best protect themselves, and we offer insurance cover against various types of cybercrime.

Niels Bang-Hansen

Head of Business Banking, Denmark, Danske Bank

The two most widespread types of cybercrime

CEO fraud
In the case of CEO fraud, a fraudster tricks an accounting assistant into transferring a large amount of money by pretending to be the CEO of the business. The assistant is asked to make the transfer quickly and discretely, and it may concern for example an acquisition.

The accounting assistant receives an email in the CEO’s name, usually at a time when the CEO is away. In many cases, the email is followed by a phone call from a credible person asking the assistant to speed up the payment process.

The most skilled CEO fraudsters even hack into the CEO’s email account. As a result, they are familiar with the CEO’s language and know what is going on in the business. In other cases, fraudsters purchase a domain name that is very similar to that of the business.

Changes in account details
In this case, the fraudster claims to be a supplier sending a notification of a change in account details. The request seems harmless because it appears to come from someone you know well. And it is often not discovered until much later when the real supplier calls to ask why a given invoice has not been paid.



How to protect the company and employees 

  • Make sure everyone is aware of the threat
  • Make sure systems, that allow employees to verify express transfers or changes in account details, are in place
  • Establish business procedures that require an employee to verify instructions from a manager, for example by having another manager confirm them
  • If a supplier asks for changes in account details, always follow up by calling the supplier on the usual phone number
  • Consider having two employees jointly approve large transfers and emphasise the importance of being alert in these situations
  • Consider which kinds of information about employees you should share on your external website. Is it necessary to provide their email addresses, for example
  • Consider whether you should publish information about your suppliers on your external website