The sudden appearance of large, unidentified drones in the skies above Copenhagen and Oslo on Monday night forced Denmark and Norway’s busiest airports to suspend operations for nearly four hours, stranding thousands of passengers and renewing fears over the vulnerability of Europe’s transport and energy systems.
Danish Prime Minister Mette Frederiksen described the event as “the most serious attack on Danish critical infrastructure to date,” according to both The Times and Reuters. The intrusion, which halted departures and landings and triggered flight diversions across Scandinavia, comes amid a spate of incursions attributed to Russian forces or their proxies in Poland, Romania, and Estonia.
Authorities reported that multiple drones approached the airport from different directions, switching lights on and off before vanishing. Police officials later said they refrained from shooting them down for fear of igniting fires amid aircraft and fuel depots. “It’s an actor who has the capabilities, the will, and the tools to show off in this way,” Chief Superintendent Jens Jespersen told reporters.
Flemming Drejer, head of Denmark’s intelligence service, warned that the country faced a “high threat of sabotage,” The Times reported. Officials also suggested the drones may have been launched from vessels in the busy Øresund Strait between Denmark and Sweden.
While Frederiksen did not explicitly blame Moscow, she noted that the incursion “fits in with the developments we have observed recently with other drone attacks, violations of airspace, and hacker attacks on European airports,” according to Reuters. Ukraine’s President Volodymyr Zelensky went further, asserting that Russia was responsible, though without providing evidence. The Kremlin dismissed any such claims as “unfounded.”
Russian Ambassador Vladimir Barbin suggested that the incident reflected “a clear desire to provoke NATO countries into a direct military confrontation with Russia.”
Security officials across Europe have warned that hybrid operations — ranging from drone flights to cyber intrusions and disinformation campaigns — are blurring the line between sabotage and outright attack. The closures in Copenhagen and Oslo follow this month’s cyber-related outage at Collins Aerospace, which disrupted airport systems across Heathrow, Brussels, Berlin and Dublin. That event, as Insurance Business noted, exposed how third-party dependencies can paralyze multiple hubs simultaneously, leaving insurers to parse complex questions of contingent business interruption and cyber liability.
For airlines and airports, the operational impact was immediate: diversions, cancellations, and widespread delays. For insurers, the deeper concern is accumulation risk. Political violence, cyberattack, war, and contingent business interruption coverages are already under scrutiny, and incidents that straddle those categories highlight potential gaps.
Coverage disputes often hinge on technical wording. As IB observed in our report on the Collins Aerospace outage, “Whether that responds turns on details that feel lawyerly until the day they don’t.” In a cross-border incident involving both drones and cyber elements, losses could fall between policies — or trigger exclusions tied to state attribution.
Reinsurers will be particularly alert to aggregation. Multiple airports closing from a coordinated act raises questions of whether the event is treated as one occurrence or many. Clash scenarios — where cyber, aviation, and political risk policies all respond — underscore why underwriters have been pushing for clearer definitions around “series of incidents” language.
The Copenhagen incident coincided with European Commission plans to accelerate work on a “drone wall” — a coordinated network of sensors, jammers, and interceptors stretching along the EU’s eastern frontier. “For those who still doubted the need to have a drone wall in the European Union, well, here we get another example of how important it is,” Thomas Regnier, a Commission spokesperson for defence policy, told reporters, according to Euronews.
The project, which now includes Denmark alongside Estonia, Latvia, Lithuania, Finland, Poland, Romania and Bulgaria, aims to bolster detection and response. Funding could draw from a €150 billion (£130.9 billion) EU defence loan program, with Poland set as the largest beneficiary.
NATO leaders cautioned that attribution remains uncertain. But officials in Brussels said the pattern of intrusions in recent weeks points strongly to Russian probing of Europe’s defences. “Here, we see a clear pattern: Russia is testing the European borders, also probing our resolve and undermining our security throughout,” Anitta Hipper, a Commission spokesperson, told Euronews.
For insurers, brokers, and risk managers, the message is clear: hybrid attacks no longer target only Ukraine’s skies. They are disrupting the infrastructure of NATO and EU states themselves. Whether labelled terrorism, sabotage, or war, these incidents carry implications for cyber, aviation, and political risk portfolios alike.
As Frederiksen put it, “What we saw last night is the most serious attack on Danish critical infrastructure to date.” For Europe’s insurance sector, the challenge will be to translate that severity into wordings, capital models, and resilience planning that acknowledge a new and rapidly evolving risk frontier.
