Alarming Stats on Cybersecurity

According to data from the Ministry of Digitalisation, 113,600 serious cyberattacks took place in Poland in 2024 alone. NASK (Poland’s Research and Academic Computer Network) reported over 130,000 cyber incidents during the same year. These figures underscore the growing sophistication and frequency of cyber threats across Europe.

Moreover, a staggering 68.9% of surveyed companies confirmed experiencing at least one cybersecurity incident in 2023, marking an increase of 5 percentage points compared to 2022. This data, sourced from Vecto's Cybersecurity in Polish Companies annual report, highlights the pervasive nature of these threats. Despite these risks, only 26.4% of companies have established procedures to handle security attacks and incidents, leaving a vast majority vulnerable to potential breaches.

2025 Key Cybersecurity Threats

As we look ahead, several critical cybersecurity challenges will dominate in 2025:

• Artificial Intelligence (AI): While AI offers powerful tools for defence, it is equally effective as a weapon for cyberattacks. The dual use of AI requires organisations to adopt advanced AI-driven security solutions;
  
  
• Ransomware: The relentless rise of ransomware continues to be a major concern, with attackers increasingly targeting sensitive data and critical infrastructure;
  
  
• Internet of Things (IoT) Vulnerabilities: The proliferation of IoT devices creates new vulnerabilities, as many of these devices lack robust security features, making them prime targets for attackers;
  
  
• Cloud Security: As organisations increasingly migrate to cloud environments, securing these platforms becomes a top priority to protect sensitive data and ensure operational continuity;
  
  
• Quantum Computing: While still in its early stages, quantum computing poses a significant future risk to cryptographic security, potentially rendering current encryption methods obsolete;
  
  
• Shortage of Cybersecurity Specialists: Poland’s ability to meet the demand for cybersecurity professionals is critically low, covering only about 15% of the demand. Europe faces a shortage of around 400,000 cybersecurity specialists, exacerbating this challenge;
  
  
• Regulatory Compliance: Meeting the requirements of new regulations such as DORA, NIS-2, and the AI Act – among others – will be a major challenge for organisations in 2025. These frameworks aim to enhance resilience but require significant investment in compliance measures.

No System Is 100% Secure

The key takeaway for organisations is that achieving 100% security against cyberattacks is impossible. Instead, companies must focus on building resilience by implementing effective solutions and planning for incident response.

Steps to Take if an Attack Occurs:

• Establish Incident Response Plans: Ensure that clear procedures are in place to detect, contain, and recover from attacks;
  
  
• Invest in Advanced Security Solutions: Utilise AI-driven and next-generation security technologies to stay ahead of emerging threats;
  
  
• Enhance Employee Awareness: Conduct regular training to educate employees on recognising and responding to phishing attempts and other cyber threats;
  
  
• Strengthen Regulatory Compliance: Align organisational practices with evolving regulations to minimise legal and financial risks;
  
  
• Collaborate with Experts: Partner with cybersecurity specialists to conduct regular audits and vulnerability assessments.

Conclusion

The cybersecurity landscape in Poland and Europe is evolving rapidly, driven by technological advancements and increasingly sophisticated threats. While it is impossible to eliminate all risks, organisations can mitigate their impact through strategic investments in security infrastructure, comprehensive planning, and collaboration with experts. In a world where cyberattacks are a constant, resilience is the best defence.

---

Penteris data protection and cybersecurity expert Bartosz Jankowski recently participated in a major cybersecurity conference in Katowice, Poland: "iŚląskie. Cyberbezpieczeństwo i AI dla samorządu, administracji i biznesu. Czyli co nas czeka w 2025 roku?”(iSilesia. Cybersecurity and AI for local government, administration, and business. What awaits us in 2025?). The conclusions raised during the conference are both insightful and thought-provoking.