Cyberthreats are growing, and with NIS2 the security requirements for e-commerce have tightened for many. But how do you know if your company is truly prepared? Here’s a look at four of the questions we’re most often asked - and that every e-commerce organisation should be asking right now.
The cyberthreat against Danish companies has risen sharply in recent years. Across the EU, cyberattacks on businesses and public authorities increased by 16% in 2024 alone. At the same time, ENISA points out that sectors like transport, logistics and retail — core areas of e-commerce — are among the most frequently targeted. This is one of the reasons behind the EU’s tightened requirements in the NIS2 directive.
In Denmark, the Centre for Cyber Security has raised the threat level for destructive cyberattacks from LOW to MEDIUM, driven by an unstable global security situation — something that inevitably spills over into the cyber domain.
The combination of a rising threat landscape and stricter regulations like NIS2 naturally means we’re seeing increased focus on IT security among our clients and in the market overall. The questions we hear most often sound like this: How do we ensure compliance? How do we prevent vulnerabilities in our code? Who’s watching while we sleep? And what happens if we get hit?
In this article, we dive into each of those four questions and offer our perspective. Security should create confidence and peace of mind — turning it into a business-enabling discipline rather than just another external requirement.
“How do we ensure compliance?”
With NIS2 and stricter GDPR requirements, compliance has moved all the way up to the executive level. For many, there’s a real fear of failing an audit or losing a key customer if they can’t document that their security measures are in order.
It’s partly about having the right policies written down, but even more about proving that they’re actually being followed. From risk assessments and access management to incident response plans and supplier controls. The requirements are extensive, which is why more companies are turning to partners who can help translate legal obligations into day-to-day practices.
At Vertica, we work closely with clients already subject to NIS2, and we see firsthand how compliance can shift from being a frustration to becoming a trust-building competitive advantage. Compliance is built into our delivery model, which in practice means our clients can pass the tests and audits they face, and avoid putting their business at risk due to missing documentation.
“How do we avoid errors in our code?”
Cyberattacks rarely unfold the way Hollywood likes to imagine them - with a lone hacker hammering away at a keyboard until they magically slip into the Pentagon’s backend.
What you don’t see on screen is that attackers usually get in through tiny cracks in the code: a missing validation, a forgotten update, a flawed plugin. That’s why the development process is so critical when it comes to cybersecurity.
For the same reason, it has (fortunately) become far more common for companies to build good security practices into the development process from the very beginning, rather than bolting on a security layer at the end.
At Vertica, we lean on the principles of the Secure Software Development Life Cycle (SSDLC), where security is part of every single sprint. That means all developers are trained and tested in security on an ongoing basis, but the principles apply to anyone building digital solutions. If security isn’t built in from day one, you’ll never patch your way to compliance.
“How can we protect ourselves around the clock?”
Attacks don’t wait for office hours. In fact, many of the most serious incidents strike at night or during weekends, when they have time to spread before anyone notices.
That’s why the question “Who’s watching while we sleep?” has become central for many organisations. Today, more companies are implementing automated 24/7 monitoring as a baseline requirement, because you can no longer rely on the hope that nothing bad happens late on a Friday evening. With proper monitoring, developers are alerted automatically the moment something looks wrong, so they can act quickly - no matter the hour.
To put it plainly: without monitoring on your solutions, you’re blind during the hours when attacks often hit the hardest. That’s why Vertica has a staffed team keeping watch over our clients’ solutions, ensuring we can respond swiftly to any potential security breach.
“What do we do if we’re hit by a cyberattack?”
No one can guarantee you’ll never be targeted. If someone has promised you that, they’ve overpromised. The real question is how quickly you can get back on your feet - and how severe the consequences will be.
This is where preparedness and recovery procedures make all the difference. Having a backup is one thing; having tested that it can actually be restored fast enough to keep customers largely unaffected is something else entirely. Many companies only discover the weak spots when it’s too late and the damage has already taken hold.
At Vertica, we see how strong incident readiness can be the difference between a few hours of disruption and a business-critical outage. We have both the procedures and the hands-on experience to restore affected systems, contain the damage and keep the business running. That means downtime is minimised, and in many cases, your customers won’t even notice anything happened. In e-commerce, where every hour can cost millions, that difference shows up directly on the bottom line.
Cybersecurity has become the foundation of the business
Cyberthreats aren’t slowing down. On the contrary, both statistics and real-world experience show that attacks are becoming more frequent, more sophisticated and more expensive to deal with. At the same time, the NIS2 directive introduces requirements that far more companies now need to meet.
It can feel like a heavy burden. But the truth is that companies that take security seriously also stand stronger in the market. When you can document compliance, you build trust with customers, partners and authorities. When your development processes are solid, you reduce the risk of critical outages. And when monitoring and incident response are in place, you can keep the business running - even if an attack hits.
In other words, security isn’t just a defensive mechanism, it’s a competitive advantage. It’s the foundation that allows you to grow, innovate and take new digital steps without being held back by fear of the next incident or the next audit.
So the question is no longer whether your company can afford to invest in cybersecurity. It’s whether you can afford not to.
.webp)
