Overflowing Offers on Cybersecurity – How Do We Seize Them and Ensure Progress?

By Jan Stentoft, Professor, Department of Business and Sustainability, and Tina Højrup Kjær, Project Manager, Odense Robotics.

Cybersecurity is not just a technical discipline for the few. It is a business-critical area that demands attention, investment, and collaboration. The growing number of cyberattacks in recent years has paralyzed everything from large global corporations to smaller local companies across all sectors. When production lines come to a halt, orders can’t be fulfilled, and customer trust is lost, it’s not just an IT issue—it’s a real threat to a company’s survival.

This is why the Danish Industry Foundation has made significant investments to strengthen cybersecurity in Danish businesses—especially in SMEs. Through projects like "Cybersecurity and Business Continuity" (www.cyber-smv.dk) at the University of Southern Denmark and "Cyber Safe Robotics" under the Odense Robotics cluster, cybersecurity is made tangible, accessible, and value-creating. This happens in close collaboration with the companies themselves. Solutions must be developed in practice and jointly—not at desks by individuals working in isolation.

We are facing an invisible threat with visible consequences. For many businesses, cybersecurity remains something they "should" take care of—when time allows. But the reality is: it can't wait. Attacks are becoming more sophisticated, and it's rarely random who gets hit. SMEs are especially vulnerable, both because they are often less digitally equipped and because they frequently serve as suppliers to larger players—becoming entry points into more complex value chains.

When a new CNC machine or robot is purchased, there are rarely any doubts—it is necessary for production efficiency. But when it comes to investing in cybersecurity, doubts arise: What exactly are we getting for our money? It’s a valid question. But the same question can be asked about fire insurance. We hope we never need it, but we sleep better at night knowing the company is better prepared if the worst happens. Cybersecurity should not be seen as a cost but as a means of ensuring resilience and competitive advantage.

In a time of increasing geopolitical instability and uncertain markets—such as those influenced by the trade strategies of the Trump administration—digital robustness becomes even more important. A company that can deliver reliably, securely, and without operational disruptions stands stronger with both customers and partners. Cybersecurity is not just about protection. It’s just as much about demonstrating that you are a trustworthy and professional player in the supply chain.

Many initiatives are underway in Denmark to enhance SME competitiveness. However, it can be difficult for companies to navigate the many available tools and opportunities. New research on SME digitalization has examined digitalization as a dynamic capability—a company's ability to adapt, renew, and reshape its resources and competencies in response to environmental changes. Dynamic capabilities consist of three primary activities: Sensing (identifying opportunities), Seizing (mobilizing resources to exploit these opportunities), and Transforming (adjusting and adapting resources and competencies to implement solutions). On a scale from 1 to 5, where 1 is ‘to a low degree’ and 5 is ‘to a high degree,’ a national survey of Danish manufacturing SMEs showed an average of 2.48 for Sensing, and 2.21 for both Seizing and Transforming. A 2.48 is not impressive, but a 2.21 suggests that SMEs struggle to mobilize resources and implement solutions. Thus, there is a need to strengthen SMEs’ Seizing and Transforming capabilities.

SMEs are interested in cybersecurity but often lack the time due to day-to-day operations. It may therefore be worthwhile to scale back Sensing activities in favor of strengthening Seizing and Transforming. And we must consider how to help SMEs mobilize resources—and support them in implementing solutions that enhance their resilience and competitiveness.

Given the challenges faced by SMEs, help is available. Across the country, local business promotion organizations, regional business hubs, clusters like Odense Robotics, industry organizations such as the Confederation of Danish Industry and SMVdanmark, and GTS institutes like FORCE Technology and the Danish Technological Institute offer concrete training programs, workshops, and advisory services.

Projects funded by the Danish Industry Foundation are focused on delivering knowledge where it’s needed—in the production hall, in the office, and in the boardroom. But it requires companies to act. Because cybersecurity efforts demand leadership support and an acknowledgment that digital security is part of modern business development.

The next major security breach might happen tomorrow—or never. But that’s not the question. The question is how best to equip businesses—and how to ensure that investments in cybersecurity are seen for what they are: a license to operate in a digital age.

SMEs can be supported in securing resources for cybersecurity through a combination of financial aid, technical advice, and practical training. Financial support may include grants or tax deductions aimed at cybersecurity technologies and insurance, making it easier for companies to prioritize security without overburdening their budgets. Technical advice can come in the form of free or subsidized access to cybersecurity experts who can help with risk assessments, security policy development, and ongoing security checks.

Training is crucial—so SMEs can be offered access to e-learning courses and workshops that raise employee awareness about threats such as phishing and ensure that management understands the importance of allocating resources to security.

Networks and knowledge-sharing can strengthen SMEs’ understanding of cybersecurity by allowing them to share experiences and solutions with other companies, creating a community of knowledge and support. Additionally, access to standardized tools like antivirus software, backup solutions, and vulnerability scanning systems can be offered free or at reduced cost.

Practical contingency exercises—where companies test their response plans against various types of cyberattacks—can ensure they not only have theoretical knowledge but also hands-on experience in managing threats. Cybersecurity is about common sense. And it’s something we will only truly succeed at if we lift together—and take real action.