Report on the cyber security resilience of the public sector

04-11-2022

Report no. 3/2022

The purpose of Rigsrevisionen’s study is to assess whether the government has put in place adequate contingency plans for selected critical IT systems to ensure that the public sector can sustain critical services in the event of major IT incidents. We have also looked at guidance and support on cyber and information security provided by Digitaliseringsstyrelsen (Danish Agency for Digital Government). 

Rigsrevisionen’s assessment is that the authorities have failed to provide a satisfactory level of cyber security resilience for the 13 critical IT-systems included in this study. The resilience of one of the authorities, where Rigsrevisionen looked at several IT systems, is particularly unsatisfactory. The consequence of inadequate resilience is a risk that the public sector, in the event of an IT breakdown or loss of data, will be unable to sustain critical services or that services will be seriously disrupted. 

Rigsrevisionen initiated the study in October 2021 at the request of the Danish Public Accounts Committee.

Read the introduction and conclusion (PDF)