Thirty percent of Polish companies have experienced a cyberattack. It's unclear how many businesses have fallen victim to cybercriminals. Losses worldwide amount to billions of dollars.
January 2025 – Municipal Services Plant in Szczecin, Eurocert; March – Ministry of Interior and Administration Hospital in Kraków, Smyk; April – District Employment Office in Żory; June – Poznań Pathomorphology and Cytology Laboratory; July – Herbapol, PWN; August 14 – Marma, a foil manufacturer. These are just a few examples of companies, institutions, and offices that have been targeted by cyberattacks, and the public has been informed of them. The number of unreported incidents is certainly much higher.
This week, the BBC Daily Business podcast channel released a podcast titled “Is Cybercrime the Biggest Threat to Business.” Cybersecurity experts from around the world unanimously agree: targeted attacks on companies, institutions, and critical infrastructure are becoming a scourge and a daily challenge for security services and businesses. In the last few days alone, criminals have breached the IT systems of a major telecommunications company, Colt, in London; a subsidiary of the Welcome Finance lending group in South Korea; a company managing an oil and gas pipeline network in Pakistan; and a pharmaceutical manufacturer in the US. In each case, there was an attempt to take over infrastructure and encrypt data in order to blackmail victims into paying ransom to unlock their systems.
Advertisement See also Selected for you: 10% discount on school accident insurance, with code 02346
According to the report “Economic Impact of Cyberattacks,” prepared by VeloBank's chief economist team, global losses from ransomware attacks on companies are estimated at 1-10% of global GDP. Calculating the costs is difficult because the calculation involves a number of items: business interruption, production restoration, infrastructure reconstruction costs, and often ransom. Additionally, there are indirect costs: reputational damage, lost contracts, damaged customer reputations, and potential claims from victims as a consequence of the attacks. The IMF estimates direct losses at $28 billion.
There are no statistics for Poland, but the scale of damage caused by cybercriminals must be significant, as research shows that we are among the world's leading countries in the number of attacks against businesses. Eurostat data – quite historical, as it dates back to 2022 – shows that as many as 30% of Polish companies employing more than nine people have reported such incidents.
“Polish companies report more cybersecurity incidents than the EU average, particularly in terms of hardware and software failures. These incidents are significantly more frequent than in other EU countries, while other types of problems are at a similar level,” reads the VeloBank report.
Hybrid War on NATO's Eastern Flank
The most common incident in Poland and the EU was hardware or software failure resulting in the unavailability of ICT services. 27.4% of Polish companies reported such incidents, compared to the EU average of 18.7%. Data destruction or corruption due to hardware or software failure was the second most frequently reported incident. In Poland, it affected 7.5% of companies, compared to 3.9% in the EU. Ransomware and DoS attacks were slightly fewer than in the EU – 2.9% of companies reported them in Poland, compared to 3.5% in the EU.
VeloBank analysts point out that other countries on NATO's eastern flank also report a high percentage of companies reporting cybersecurity incidents. Geographic location is key to understanding why Polish companies are experiencing such frequent cyberattacks. Eset reports that 9% of malware incidents reported in the first half of 2025 were detected in Poland. Only the US and Turkey recorded more cases.
“Ukraine, Germany, and France also recorded high shares (7.5% each), confirming that Central and Western Europe remain areas of intense cybercriminal activity. The 20 countries with the highest share accounted for over 93% of global detections, indicating a strong concentration of threats in selected regions with a high degree of digitalization, the presence of critical infrastructure, or active involvement in armed and hybrid conflicts,” the VeloBank report states.
Poland's good position in cybersecurity rankings
It's encouraging that Poland also ranks relatively high in cybersecurity rankings. MIT Technology Review magazine ranked us 6th in the 2022/23 Cyber Defense Index—behind Australia, the Netherlands, South Korea, the USA, and Canada.
VeloBank economists emphasize that “in the case of South Korea, which is ranked third, and Poland, which is ranked sixth, geopolitics played a significant role in the number of points awarded in the ranking. Both countries were recognized for effectively repelling attacks from neighboring countries – North Korea and Russia. Poland was recognized, among other things, for the activities carried out by the Cyberspace Defense Forces Component Command.”
In its 2024 report, the international telecommunications organization ITU ranks Poland among developing countries in terms of its security ecosystem. Among those listed here are Israel, among others. The ITU criticizes Poland for its lack of a sufficiently developed cybersecurity infrastructure, both legal and regulatory.
Million-dollar ransom costs
As mentioned, Poland lacks statistics on the losses businesses suffer from cyberattacks. Recently, we have data on individuals – published by the National Bank of Poland for a year – which demonstrates the enormous scale of damage caused by criminals. The annual cost of criminal activity exceeds PLN 0.5 billion. Individual losses, statistically speaking, are not significant – the average is PLN 8,000. The situation is similar for individual losses for businesses. VeloBank attempted to estimate the average cost of a cyber incident in Poland, using Statista data.
“The cost of the cyberattack, data destruction, or loss was PLN 32,000. This sum may not seem that high, but remember that it means that some companies are facing losses reaching many millions of zlotys,” the report's authors conclude.
In the recent attack on a Polish company, the criminals allegedly demanded a ransom of USD 900,000.
According to Sophos research, 42% of victims who paid ransoms transferred up to 100,000 PLN to cybercriminals, a third of companies transferred over 500,000 PLN, and 8% paid over 5 million PLN. Thirty-nine percent of attacked companies chose to pay the ransom. Unfortunately, 6% of companies still lost all their data.
Cyberattack insurance. Only 14% of Polish companies have it.
One way to protect yourself against losses caused by cyberattacks is to purchase insurance. In Poland, only 14% of companies are insured, compared to 71% in Denmark, 46% in Sweden, and 42% in Ireland. In France, the percentage of insured reaches 40% and in Germany, 32%. Of course, there are countries where this percentage is even lower than in Poland. These include Bulgaria, Lithuania, Hungary, Romania, and other countries in our region of Europe, where only a few percent of companies use such insurance.
How to minimize the risk of a cyberattack
- Investments in modern security technologies: next-generation firewalls, XDR/ERD (Extended Detection and Response) software that complements or even replaces antivirus software operating exPost on updated malware signatures, intrusion detection and prevention systems (IDS/IPS), and threat analysis tools (SIEM, SOAR, and even AI-driven platforms to ensure the security of SOC-supervised operations).
- Regular software updates. Implementing security patches (patch management) eliminates software vulnerabilities.
- Employee training: Regular training on identifying threats like phishing and spear-phishing, which are the most common cause of ransomware infections.
- Data backup. According to the 3-2-1 rule, companies should have three copies of their data on two different media, with one copy stored off-site.
- Incident response plan. This plan should include rapid response, loss minimization, and communication both internally and externally, for example, with regulators and customers.
- Access management. Limiting access to data and IT systems to only those employees who need it significantly reduces the risk of attacks.
- Cybersecurity insurance. This policy can cover some of the costs associated with incidents, such as data recovery, customer compensation, and business interruption costs.
- Real-time threat monitoring
- Audit and penetration testing. Implementing the SecurityByDesign IT project implementation concept within an organization is also a good practice. This allows for the consideration of security issues for implemented products, services, or functions from the initial stages, and additionally imposes the obligation to successfully conduct penetration testing of the solution before production launch.
- Cooperation with regulatory authorities and the police. Companies should cooperate with national and international bodies, such as CSIRT NASK, CSIRT KNF, and the Central Bureau for Combating Cybercrime.
Scamming Out! 2.0
Bankier.pl and “Puls Biznesu” have launched the Scamming Out! campaign for the second time – an information and educational campaign aimed at increasing public and decision-making interest in the growing threat posed by cyber fraudsters. We invite you to follow the campaign on both platforms and on the dedicated website: scammingout.pl.
Bankier.pl
