A Q&A with ANNE MARIE ENGTOFT MELDGAARD

Disrupting Ransomware Through Tech Diplomacy

Countries need to be nimbler to combat increasing and evolving cybercrime threats.

Matt Chase Illustration for FP Analtyics

As the Danish Tech Ambassador, Anne Marie Engtoft Meldgaard is working to deploy every available tool to combat the ever-evolving cyber threat landscape—not just for Denmark but for the European Union and beyond. In a conversation with FP Analytics, Meldgaard talked about what Denmark hopes to achieve during its EU Council presidency—including stronger cyber deterrence, increased collaboration with the private sector, a more strategic approach to fighting ransomware, and a quicker adoption of new technologies like artificial intelligence and quantum computing to outpace malicious actors. The following transcript has been edited for length and clarity.

FP Analytics (FPA): How has the cybersecurity landscape in Denmark and across the EU evolved in recent years?

Anne Marie Engtoft Meldgaard (AMM): I think for Denmark, for Europe, and for most of the West, the cyber threat level is very high, and it is increasing in scope and complexity. We see that cyberattacks cross borders and destabilize cyberspace, and as we grow increasingly dependent on digital infrastructure—and especially digital critical infrastructure—the threat is rising.

The Danish Centre for Cyber Security, which is part of the Danish government, [in 2024] raised the threat level for destructive cyberattacks against Denmark from low to medium. This is based on Russia’s increased willingness to use destructive hybrid tactics against European NATO member states. And we also found from the Centre’s report that it deemed the threat from cybercrime and cyber espionage against Denmark to be very high.

There’s no doubt that we are living in a very difficult time when it comes to effectively deterring and really overcoming some of these challenges, which is why we are steadfast in our belief that we need to have more international cooperation to counter that threat. We believe it’s more important than ever that we hold perpetrators accountable and implement international rules and norms.

Right now, Denmark has the EU Council presidency, and one of our priorities during this time is to strengthen cyber deterrence: attribution, sanctions, and prosecution. We also want to increase our collaboration with the private sector to have a better understanding of the threat landscape and increase information sharing, which is why during the Danish presidency, we’re organizing several high-level in-depth conversations between cyber diplomats and the private sector to bridge cyber diplomacy and cybersecurity. And we also want to prepare for the impact of quantum computing and AI on cybersecurity.

For us, that means focusing on how to leverage the EU’s Cyber Diplomacy Toolbox. Though it has many of the right tools, it does need to be strengthened in its implementation, for example when it comes to ransomware. While the lens we’ve been seeing ransomware through has been very much financial, we also see that threat actors are targeting critical infrastructure and sectors like health care and defense, which means that ransomware incurs more than just a huge financial cost and becomes a burden to society—it is also a socioeconomic and geopolitical challenge.

FPA: What challenges do Denmark and the EU face in countering these cybercrimes—particularly ransomware?

AMM: There are three overall. One is that the number of cyber criminals is increasing massively and the cost of ransomware is going up every year. The International Counter Ransomware Initiative is one of the most successful cyber coalitions and places for action. Yet, we do see ransomware going up in scale, because there is still a huge upside for criminals to benefit from it. Two, while the implementation of the EU Cyber Diplomacy Toolbox has improved significantly, we need to do more. We believe the EU needs a more strategic approach using the full range of instruments, and we must carefully design our responses to address the motivation behind an attack and reduce incentives. And three, how do we strengthen the preventive measures, resilience and capacity building? Because we know there are huge spillover effects into the EU when our neighborhood is at risk. We’ve done a lot when it comes to countering ransomware, but we must do so much more, because it’s a problem that is not going away anytime soon.

FPA: One of the drivers of these ransomware attacks is the emergence of safe haven countries. How is Denmark working with international partners to address safe havens for ransomware groups and strengthen international law on cybersecurity?

AMM: We continue to see a rising cyber threat from Russian actors, and most of our efforts in the EU are thinking about how to address the cyber threats coming, especially from Russia. That is going to be a continued focus when we look at how to use the EU Cyber Diplomacy Toolbox, how to effectively use sanctions and litigation. Safe havens very likely make it easy and possible for cybercriminals to operate within Russia.

I think with the International Counter Ransomware Initiative we’ve seen some key measures emerge. We know that LockBit was a huge cybercriminal group, but after massive sanctions and an indictment from the United States, that actually changed. Whether it’s still operating under a new name or in new structures, it nevertheless means that we do have the measures at our disposal to go after those who are breaking the law.

FPA: As Denmark’s tech ambassador, you’re in a unique position—engaging with industry in Silicon Valley and beyond while also engaging with the public and nonprofit sectors. What role do you see private-public partnerships playing in preventing and responding to cybercrime and strengthening digital resilience, and what more needs to be done moving forward?

AMM: Of all the engagements I have with the industry across every possible topic, the collaboration on cybersecurity and cyber defense is probably the strongest, most well-aligned, interest-aligned and based on shared-values we have. Overall, I think we’ve come a tremendous way; the recognition of who’s doing what is becoming more evident. Ukraine has provided lessons in terms of how to strengthen real-life cyber collaboration between the public and private sectors, how to make sure we’re ready to deliver through action and stand for our values, and how to deploy our technologies.

It’s been in the DNA of the Danish tech diplomacy since its inception to strengthen collaboration between the public and private sectors in Denmark and Europe and globally. We do that in Brussels and transatlantically through strategic conversations to find a common shared interest politically. I do this with the Cyber and Tech Retreat I chair with Australia, where 40 of the world’s leading tech nations meet in Silicon Valley to discuss cyber. And then we do it more practically, like with the Tallinn Mechanism, which is a clearinghouse for the cyber support we’ve been giving Ukraine that also comes from the private sector. The Joint Cyber Defense Collaborative that the U.S. Cybersecurity & Infrastructure Security Agency started [to unify public and private cyber defense] is another really great example of doing that more in practice. In the EU context, we’re looking more at how to get strong, stable mechanisms that allow for day-to-day operational engagement.

FPA: What risks and opportunities do emerging technologies such as quantum computing and AI present when it comes to ransomware attacks and cybercrime?

AMM: There is a massive acceleration in the proliferation of cybercrime from automated text generation, spyware, and commercial cyber intrusion capabilities. Then there’s the question: Is AI going to write its own malware? There’s a whole suite of challenges. We see that AI is lowering the barriers for malicious actors and providing tools readily available. And that combination is potentially a really big risk. I do think it is helpful that Microsoft has been a long-standing partner of ours, along with many others, because a lot of AI development is happening within these companies. So, I hope we will see strong collaboration on addressing the emerging cyber threats.

With quantum computing, we’re not seeing potential consequences as fast, but obviously there’s the whole encryption question, and we are working on post-quantum encryption and quantum key distribution at the EU level with partners. We’re looking at it in NATO as well. This is strengthening collaboration between the EU and NATO to make sure that when it comes to tackling these challenges, we can do it together. That’s why Denmark chaired the first year of the NATO Transatlantic Quantum Community to make sure there’s an alignment.

FPA: How do governments and the private sector keep up in terms of defensive capabilities with the emergence of these new technologies?

AMM: We don’t need more cybersecurity products—we just need more cyber secure products. As we are in this great race toward developing both AI and quantum, governments need to be cautious to make sure we do it in a responsible manner. As I said in the beginning, we’re seeing that with ransomware, it’s not only the financial cost: It is now threatening the resilience, the stability, the integrity of our critical infrastructure. The same will be true for new and emerging capabilities if we don’t address them from the very beginning. How to create cybersecurity infrastructure as we roll out both quantum and AI is the work we have ahead of us. These are some of the conversations I’m hoping to have both at the U.N. General Assembly in September 2025 and over the course of the next year.

FPA: With respect to ransomware specifically, what do you think the top priorities for governments, industry, and multilateral institutions should be to turn the tide in the years ahead?

AMM: First, we need to mobilize across our countries and find a way to act with more nimbleness. Figuring out how to really use sanctions and prosecution in a way that targets the ones who are the key malicious actors is most important. Second, we really need to start being much more serious about capacity building, including for developing countries. We’ve seen over the past couple of years, governments being completely stifled in their ability to deliver even basic, simple services to their citizens because of ransomware attacks. A chain is only as strong or as weak as the weakest link. That requires us to think much harder about how to pursue capacity building and work much closer together across industry and government.

Anne Marie Engtoft Meldgaard is Denmark’s Tech Ambassador, spearheading Techplomacy, an initiative that elevates technology and digitalization to a crosscutting foreign and security policy priority of the Danish government. Prior to her appointment, she worked at the World Economic Forum in Geneva (2017–2020), where she led work on the Fourth Industrial Revolution and Global Public Goods. She has also worked as a political advisor in the Danish Parliament.