Cybersecurity has shifted from being a compliance exercise to becoming one of the defining strategic issues for financial services. That was the message from Mastercard’s Magnus Egeberg and Aikido Security’s Madeline Lawrence in Copenhagen this week, as they discussed how businesses must rethink resilience in an era of relentless digital threats.
“Cybersecurity is core to our business,” said Egeberg, chief executive of Mastercard Payment Services Norway, speaking at TechBBQ, an annual startup event held in the Danish Capital.
“There are 150 million places you can pay with a Mastercard around the world. We don’t want customers to worry about security—so we make it core to what we do.”
The scale of investment is striking. “We’ve invested $11bn since 2018,” Egeberg revealed. “That includes developing our own tools, buying technology, using third-party services, and acquiring fintechs.”
Among the recent acquisitions was Recorded Future, a threat-intelligence company bought for $2.65bn to strengthen Mastercard’s ability to track and disrupt attacks in real time.
The urgency is underlined by the scale of attempted breaches. “We are attacked 200 times a minute,” Egeberg added. “Your approach shouldn’t be to avoid attacks but to make sure they are not successful.”
For Lawrence, chief business officer of Aikido Security, the risks are growing as finance becomes ever more software-driven.
“As fintechs move online, they are ultimately software companies. The technology is more complex, but the question is simple: how can you secure everything you build, host and run? Even when you just tap a card, the API that connects it must be secure.”
Mastercard’s cyber culture
Both panellists stressed that attackers are moving faster than defenders. “The speed with which attackers adopt new tech is far more innovative because the rewards are great,” Lawrence warned. “You can have autonomous agents attacking through malicious packages at scale. The attack surface keeps growing.”
SMEs, which employ three-quarters of Europe’s workforce, are particularly exposed. Lawrence cited research by showing that 48% of cyberattacks target small and medium-sized enterprises, yet only 14% feel prepared.
“The responsibility for cyber falls on the developer or CTO. They just want to build products and keep the company alive. If you present security as homework, their eyes roll. But if you show it as sales enablement—helping close deals and build trust—they listen,” she says.
Egeberg agreed: “Cyber needs to be part of the culture of how you build your company. If your plan is to exist or sell to us, then security is one of the things we look at. It’s a competitive edge.”
The two also pointed to looming challenges in artificial intelligence and quantum computing. “All of a sudden you can have intelligences that break through and adapt,” said Egeberg. “The scale of how these threats can get smarter is concerning.” Lawrence – a former VC at Peak Capital – noted that Aikido is launching a tool to help developers test whether their apps are “post-quantum safe”.
Yet both speakers emphasised collaboration and transparency as the best defence. Mastercard shares global threat intelligence with European and local partners, while Aikido aims to “democratise security” for software developers and mid-market companies.
As Egeberg put it: “Understand the risk profile of your business and the data you are holding. That’s the foundation of good security. Then start managing the high risks. This is what I’d do if I was working in a fintech.”
