Cyber threats and geopolitical concerns dominate the Danish FSA agenda
As geopolitical tensions rise and cyber threats become more sophisticated, potentials for a "kill switch" are increasing and destabilising Danish firms. Firms must look to protect themselves against danger caused by a single system vulnerability or deep third-party dependence.
Written by a human
In brief:
- The Danish FSA has released results from its annual survey and has found geopolitical events and cyber threats to be the biggest challenges for the industry; this is the first time the two have been placed on equal footing
- Despite heightened fears, 73% of surveyed firms still express high or very high confidence in financial system stability over the next three years
- The potential for a ‘kill switch’ is sweeping the industry, leading to the permanent or temporary shutdown of critical software
A recent annual survey by the Danish Financial Supervisory Authority (Finanstilsynet) (FSA), surveying 30 financial sector players, has found that geopolitical events and cyber threats are now viewed as equally likely to materialize and equally difficult to manage. It’s the first time the two risk categories have landed on the same level in the survey’s history.
Discussing the findings, Niki Saabye, Head of the Danish FSA’s Economic Secretariat stated:
“Companies are finding that cyberattacks and geopolitical tensions are increasingly linked…cyberattacks are being used as weapons in international conflicts, and companies indicate that dependence on foreign IT suppliers increases vulnerability.”
Flip the “Kill Switch”
29 out of 30 respondents flagged cyber threats and geopolitical events as the dominant risks facing the financial system. Here, the concern is not just about traditional cyberattacks; risk managers are increasingly worried about IT supplier dependency and the potential for a so-called “kill switch”. This refers to a mechanism that could temporarily or permanently disable a critical application, software, or IT system. In this case, cyber risks, tariffs, and trade restrictions are all seen as tools that can be weaponized to stir geopolitical conflict, making the line between financial risk and national security increasingly blurred.
A multitude of cyber threats exist on firms’ radars, including IT infrastructure failures, legacy system vulnerabilities, and cybercrimes like phishing, fraud, extortion, and data theft. AI-related vulnerabilities are also climbing up the risk register, with firms flagging the emerging threats tied to AI development and the cybercrime paths it may open.
The geopolitical risk
29 out of 30 respondents flagged cyber threats and geopolitical events as the dominant risks facing the financial system. Here, the concern is not just about traditional cyberattacks; risk managers are increasingly worried about IT supplier dependency and the potential for a so-called “kill switch”. This refers to a mechanism that could temporarily or permanently disable a critical application, software, or IT system. In this case, cyber risks, tariffs, and trade restrictions are all seen as tools that can be weaponized to stir geopolitical conflict, making the line between financial risk and national security increasingly blurred.
A multitude of cyber threats exist on firms’ radars, including IT infrastructure failures, legacy system vulnerabilities, and cybercrimes like phishing, fraud, extortion, and data theft. AI-related vulnerabilities are also climbing up the risk register, with firms flagging the emerging threats tied to AI development and the cybercrime paths it may open.
The case for resilient infrastructure and how Global Relay can help
As threats grow, firms cannot afford to treat cyber and compliance as separate workstreams. The Danish FSA’s findings are a timely reminder that operational resilience is no longer a back-office concern – it sits at the heart of financial stability.
For firms reassessing their risk exposure, it’s as important to look outside the house as it is in. The starting point here is asking harder questions of third-party technology vendors. With cyber threats and geopolitical risk increasingly intertwined, the chain of third-party dependencies you – and, in turn, your vendors – rely on is now a direct extension of your own vulnerability. Understanding your tech stack is critical to understanding where gaps may lie, and to protecting your business. Some questions worth putting to any critical provider:
- How is the service being delivered, and how many third parties (or fourth parties) are working behind that delivery?
- What do their business continuity and disaster recovery plans look like, and how recently were they tested?
- What is their cloud dependency – which providers do they use, where are they located, and could they survive a regional or service-level outage?
- Where is your data stored, and under what jurisdiction, and what do data access rights look like within that jurisdiction?
- Are there any planned mergers, acquisitions, or investments that could affect service continuity? E.g. for firms looking to acquire or take on investment from private equity
Similarly, firms should be looking at the technology they use to ensure it is up-to-date, properly implemented, and deeply secure. Legacy and unloved systems are frequently cited as a critical cause of vulnerability.
Beyond due diligence, the nature of your vendor’s architecture matters. Providers who build their own technology, rather than stitching together acquired or outsourced solutions, offer a meaningfully different risk profile. When something goes wrong, a vertically integrated vendor knows exactly where the problem is and has the power to fix it. A vendor reliant on a web of third parties may not… or it may take longer to find out where things went wrong.
The “kill switch” risk flagged by Danish FSA respondents makes this especially pressing. If a critical supplier is subject to trade restrictions, geopolitical pressure, or a foreign-state-linked cyberattack, firms with deep third-party dependencies could find themselves with limited recourse. Resilient infrastructure, such as Global Relay’s, which is built in-house, privately owned, and operationally tested – is increasingly a strategic differentiator, not just a procurement checkbox.
In an environment where a single vulnerability can cascade into a serious security, data, and regulatory risk, the question is no longer whether to prioritise operational resilience. It’s whether you can demonstrate it.
To find out more about how Global Relay delivers operationally resilient and secure technology, you can find out more here.
