波兰网络安全行业市场前景及投资研究报告-培训课件外文版2024.5

DIGITAL

&

TRENDSCybercrimeandcybersecurityinPolandCHAPTER

01OverviewNumberofincidentsofdatabreachesinPolandfrom1stquarter2020to3rdquarter2022(in1,000s)NumberofdatabreachesinPoland2020-20224,0003,466.853,5003,0002,5002,0001,5001,0005003,128.472,943.52,862.841,019.06Q1'22919.25Q3'21809.04Q2'21534.08Q3'22473.99Q4'21256.66Q3'20241.46Q2'220Q1'20Q2'20Q4'20Q1'214Description:ThenumberofdatabreachesfluctuatedinPolandintheobservedperiod.Thesecondquarterof2020recordedthehighestnumberofdatabreaches.Inthethirdquarterof2022,thisnumberdecreasedtoover534thousand;however,itwas121percenthigherthaninthepreviousquarter.ReadmoreNote(s):Poland;Q12020toQ32022Source(s):SurfSharkNumberofcybercrimeincidentsinPolandin2022,bysectorCybercrimeincidentsinPoland2022,bysector2,0001,7981,8001,6001,4001,2001,0008008096505996005034004002002000CriticalinfrastructureOfficeStateadministrationMinistryInstitutionServicesandmilitaryOther5Description:Since2017,cybercrimeincidentshaveincreasedby270percentinPoland.In2022,thelargestnumberofcybercrimeincidentreportsinPolandinvolvedcriticalinfrastructureoperators,with1798registeredincidents.Thefollowingsectorswerepublicofficesandstateadministration.ReadmoreNote(s):Poland;2022Source(s):ZespółReagowanianaIncydentyBezpieczeństwaKomputerowegoCSIRTGOVMostcommononlinescamsandcyberattacksencounteredbyconsumersinPolandin2022MostcommononlinescamsandcyberattacksencounteredbyconsumersinPoland2022Shareofrespondents10%0%5%15%20%25%30%Non-receiptofgoodsafterpaymentFraudulente-mails26%21%TheftofdebitorcreditcardinformationTakingoverasocialmediaaccountTakingoverane-mailbyathirdpartyTheftofsensitivepersonalinformation20%15%9%7%6Description:In2022,themostcommononlinefraudthatconsumersinPolandencounteredwasnotreceivinggoodsafterpayment,andoneinfiverespondentsreceivedfraudulente-mails.

ReadmoreNote(s):Poland;January2022;1001respondents;18yearsandolderSource(s):BrandsIT.pl;IBRISMarketandSocialResearchInstitute;SantanderConsumerBankLeadersincybersecurityinPolandbetween2019and2023LeadersincybersecurityinPoland2019-2023Shareofrespondents2023201930%0%10%20%40%50%60%70%49%BanksArmyandpolice59%30%30%40%TechnologycompaniesTelecommunicationGovernmentalinstitutionsEnergysector22%15%9%13%31%5%5%Onlinestores8%4%5%Socialmedia3%Healthservice2%Industry21%Idonotseeanyoneasaleader15%7Description:Intheobservedperiod,theleadersincybersecuritywerebanks,thearmyandpolice,andtechnologycompaniesinPoland.ReadmoreNote(s):Poland;2020to2023;1084respondentsSource(s):InstytutBadańPollster;WarszawskiInstytutBankowości;ZwiązekBankówPolskichFrequencyofcontactwithcertaintypesofcontentontheinternetinPolandin2022FrequencyofcontactwithcontroversialcontentontheinternetinPoland2022ShareofrespondentsOnceamonthormore20%

40%Onceaweekormore0%LessthanonceamonthNever80%60%100%9%

3%120%Contentquestionableintermsofveracity65%23%ControversialcontentDistastefulcontent54%57%26%14%14%6%5%24%ContentthatdisturbsthesenseofsecurityContentsofconcern41%49%44%44%26%26%28%28%20%13%8%17%20%20%ContentsuspectedofaskingforphishingdataContentsuspectedofaskingforfinancialfraud8%8%8Description:In2022,65percentofPolishrespondents,atleastonceaweekormore,cameacrosscontentquestionableintermsofveracity.Followingwascontroversialcontentwith54percentofvotes.

ReadmoreNote(s):Poland;2022Source(s):Mindshare;WirtualneMediaValueanddynamicsofthecybersecuritymarketinPolandfrom2012to2024(inbillionzloty)ValueanddynamicsofthecybersecuritymarketinPoland2012-2024MarketvalueDynamics15.43181614121082.5232211014.413.92.111.71.8411.31.5610.81.39.79.21.656.2861.191.171.145.21.040.9940.920-1.6-2-4201220132014201520162017201820192020202120222024*9Description:In2022,thecybersecuritymarketinPolandwasvaluedat2.1billionzloty.Themarketisexpectedtogrowto2.52billionzlotyin2024,withanannualgrowthrateofeightpercent.ReadmoreNote(s):Poland;2012to2024;*ForecastDataforeachyearwascollectedfromseveralsourcesReadmoreSource(s):PMR;WirtualneMediaForecastofthecybersecuritymarketrevenueinPolandfrom2017to2028,bysegment(inmillionU.S.dollars)ForecastofthecybersecuritymarketrevenueinPoland2017-2028CybersecurityCyberSolutionsSecurityServices1,4001,159.321,2001,0001,073.39991.38876.17765.2732.86426.46800674.28663.56409.83598.37393587.1558.496004002000510.32365.85480.41443.68231429.83335.37394.53212.31364.85323.97178.08305.96309.43287.05281.15271.44244.74235.67212.68182.22145.8920172018201920202021202220232024202520262027202810Description:Therevenueisforecasttoexperiencesignificantgrowthinallsegmentsin2028.Thetrendobservedfrom2017to2028remainsconsistentthroughouttheentireforecastperiod.Thereisacontinuousincreaseintheindicatoracrossallsegments.Notably,theCybersecuritysegmentachievesthehighestvalueof1.2billionU.S.dollarsat2028.ReadmoreNote(s):Poland;2017to2028Source(s):CHAPTER

02CyberattacksNumberofcybercrimeincidentsinPolandfrom2017to2022CybercrimeincidentsinPoland2017-202230,00026,89925,00023,30921,56320,00015,00010,0005,000012,4056,23520185,8192017201920202021202212Description:Since2017,cybercrimeincidentshaveincreasedby270percentinPoland.In2022,morethan21.5thousandincidentswererecorded,a20percentdecreasefromthepreviousyear

ReadmoreNote(s):Poland;2017to2022Source(s):ZespółReagowanianaIncydentyBezpieczeństwaKomputerowegoCSIRTGOVNumberofcybercrimeincidentsinPolandfrom2020to2022,bycategoryCybercrimeincidentsinPoland2020-2022,bycategoryNumberofincidents20222021202005,00010,00015,00020,00025,00030,0002,1871,1481,366VulnerabilitySocialengineeringUnavailabilityPublication1,05390482631025431615811191Content174Attack

7496151Scanning

118612,604Virus24,17116,77713Description:Since2017,cybercrimeincidentshaveincreasedby270percentinPoland.In2022,mostincidentswerereportedinthevulnerabilityandsociotechcategories.Accordingtothesource,thevulnerability,whichidentified2,187incidentsinITresourcesunderstoodasICTsystemweaknesses,configurationerrors,andlackofappropriatesecuritypoliciesrelatedtoupdatingandverifyingcorrectlyimplementedICTsolutions.ReadmoreNote(s):Poland;2020to2022Source(s):ZespółReagowanianaIncydentyBezpieczeństwaKomputerowegoCSIRTGOVNumberofreportsofpotentiallyillegalonlinecontentinPolandfrom2020to2022,bytypeNumberofreportsofpotentiallyillegalonlinecontentinPoland2020-2022,bytype2020202120229,0008,0218,0007,0006,0005,0004,0003,0002,0001,00007,1286,7786,7374,5813,306460475374349372259ChildsexualabusematerialHard-corepornographyRacismandxenophobiaOtherillegalcontent14Description:In2022,thehighestnumberofreportsofpotentiallyillegalcontentonthePolishinternetconcernedchildsexualabusematerialandotherillegalcontentexceptforhard-corepornographyandracism/xenophobiacontent.ReadmoreNote(s):Poland;2020to2022;*ReportswereanalyzedbyDyurnet.pl.Itisateamthatreactstoreportsconcerningpotentiallyillegalcontentpublishedontheinternet,mainlyrelatedtosexualabuseofchildren.Theteamhasbeenoperatingsince[...]

ReadmoreSource(s):NASKNumberofcybersecurityincidentshandledbyCERT*inPolandfrom1996to2022CyberattacksinPoland1996-202245,00040,00035,00030,00025,00020,00015,00010,0005,00039,68329,48310,4206,4843,7393,1822,5162,4272,1081,9261,7961,0131,1961,2221,2921,0821,2191,2821,456741674

60550

75

100

105

12601996

1997

1998

1999

2000

2001

2002

2003

2004

2005

2006

2007

2008

2009

2010

2011

2012

2013

2014

2015

2016

2017

2018

2019

2020

2021

202215Description:ThenumberofcyberattacksinPolandincreasedfrom50incidentsin1996to39,683in2022.Since2011,thenumberofcybersecurityincidentshasbeencontinuouslygrowing.ReadmoreNote(s):Poland;1996to2022;*TheCERTPolskateamoperateswithinthestructuresofNASK(ResearchandAcademicComputerNetwork)-aresearchinstitutewhichconductsscientificstudies,operatesthenational.pldomainregistryand[...]

ReadmoreSource(s):CERTPolskaNumberofcybersecurityincidentshandledbyCERT*inPolandfrom2020to2022,bytypeCyberattacksinPoland2020-2022,bytypeNumberofincidents2022

2021

202015,000

20,00005,00010,00025,00030,00035,00040,00035,009Fraud25,4728,3103,4092,847MalwareIntrusions746354247317308311371188216211175148121121127174493342395568312760OffensiveandillegalcontentVulnerableservicesAccessibilityofresourcesIntrusionattemptsOtherInformationsecurityattackGatheringinformation16Description:Morethan39.6thousandincidentsviolatingthesecurityofthePolishinternetwereregisteredin2022.Fraud,includingphishing,gainedconsiderablepopularityamongcybercriminals.Themostcommonincidentswerealsomalicioussoftwareattackingtheinternetuserandabusivecontent,includingspam.ReadmoreNote(s):Poland;2020to2022;*TheCERTPolskateamoperateswithinthestructuresofNASK(ResearchandAcademicComputerNetwork)-aresearchinstitutewhichconductsscientificstudies,operatesthenational.pldomainregistryand[...]

ReadmoreSource(s):CERTPolskaNumberofcybersecurityincidentshandledbyCERT*inPolandfrom2020to2022,bysectorCyberattacksinPoland2020-2022,bysectorNumberofincidents2022202120204,00001,0002,0003,0005,0006,0007,0008,0009,0007,329Media8,3392,5686,093PostandcourierservicesWholesaleandretailtradeEnergy4,3384,3205005,4385,1251,4374,0841014,214NaturalpersonsBankingFinancialmarketsinfrastructureProduction2,4649599472,9442,8132,6501,0085634211,283571,821DigitalinfrastructurePublicadministrationOtherservices1,6061,016757429388496384251118150Healthcare117Description:39,683incidentsviolatingthesecurityofthePolishInternetwereregisteredin2022,increasingbynearly35percentcomparedtothepreviousyear.Mostclassifiedincidentswerereportedinthemediasector.However,over4.2thousandincidentswererecordedamongnaturalpersonsinPoland.ReadmoreNote(s):Poland;2020to2022;*TheCERTPolskateamoperateswithinthestructuresofNASK(ResearchandAcademicComputerNetwork)-aresearchinstitutewhichconductsscientificstudies,operatesthenational.pldomainregistryand[...]

ReadmoreSource(s):CERTPolskaNumberofcyberfraudincidentshandledbyCERT*inPolandfrom2020to2022,bytypeCyberfraudattacksinPoland2020-2022,bytype20202021202230,00025,62525,00022,57520,00015,00010,0005,00009,3537,6222,8816501112Masquerade282122531PhishingUnclassifiedUnauthoriseduseofresources18Description:In2022,thenumberofphishingsitesremainedveryhigh,withover25.6thousandregistereduniqueincidentsinPoland.Amongthecriminals,themostpopularweretwotypesofscams.ThemostpopulartypeofphishingwasusingtheimageofthecouriercompanyInPost.ThefollowingwasFacebook.ThismethodisbasedonimpersonatingtheFacebookaccountownerandsendingprivatemessagestopeoplewhoareaddedtothe'friends'listintheaccount,askingforatransferusingBLIK[...]

ReadmoreNote(s):Poland;2020to2022;*TheCERTPolskateamoperateswithinthestructuresofNASK(ResearchandAcademicComputerNetwork)-aresearchinstitutewhichconductsscientificstudies,operatesthenational.pldomainregistryand[...]

ReadmoreSource(s):CERTPolskaNumberofcyberabuseincidentshandledbyCERT*inPolandfrom2020to2022,bytypeCyberbullyingincidentsinPoland2020-2022,bytype202020212022400336350300250200150100502622396336268964100SpamHarmfulspeechChild/Sexual/ViolenceUnclassified19Description:In2021,registeredspamincidentsamountedto239,accountingforthehighestpercentageofcyberattacksonoffensiveandillegalcontentinPoland.Spamreferstounsolicitedbulkmessagessentthroughemail,instantmessaging,orotherdigitalcommunicationtools.Spamcanalsobeusedtocollectsensitiveinformationfromusersandhasalsobeenusedasatooltospreadvirusesandothermalware.

ReadmoreNote(s):Poland;2020to2022;*TheCERTPolskateamoperateswithinthestructuresofNASK(ResearchandAcademicComputerNetwork)-aresearchinstitutewhichconductsscientificstudies,operatesthenational.pldomainregistryand[...]

ReadmoreSource(s):CERTPolskaNumberofintrusionattemptincidentshandledbyCERT*inPolandfrom2020to2022,bytypeIntrusionattemptincidentsinPoland2020-2022,bytype20202021202218015516014012010080110836040311415207520UnclassifiedLoginattemptsExploitationofknownvulnerabilities20Description:In2022,manyincidentswerereportedinPolandofattemptstobreakintosystems,devices,andapplications,eithersuccessfullycompletedoronlyundertaken.ReadmoreNote(s):Poland;2020to2022;*TheCERTPolskateamoperateswithinthestructuresofNASK(ResearchandAcademicComputerNetwork)-aresearchinstitutewhichconductsscientificstudies,operatesthenational.pldomainregistryand[...]

ReadmoreSource(s):CERTPolskaNumberofcyberintrusionincidentshandledbyCERT*inPolandfrom2020to2022,bytypeCyberintrusionattacksinPoland2020-2022,bytype2020202120222502071942001501005014711811575131396765210UnclassifiedUnprivilegedAccountCompromisePrivilegedAccountCompromiseApplicationCompromiseBot21Description:Amongalltypesofintrusions,unprivilegedapplicationcompromiseaccountedforthehighestproportionofcyberattacksinthiscategoryinPolandin2022.ReadmoreNote(s):Poland;2020to2022;*TheCERTPolskateamoperateswithinthestructuresofNASK(ResearchandAcademicComputerNetwork)-aresearchinstitutewhichconductsscientificstudies,operatesthenational.pldomainregistryand[...]

ReadmoreSource(s):CERTPolskaCHAPTER

03CybercrimeincompaniesNumberofcyberattacksexperiencedbycompaniesinPolandfrom2017to2022NumberofcybersecurityattacksregisteredbycompaniesinPoland2017-202201-34-946%10-2930andmore36%50%45%40%35%30%25%20%15%10%5%42%25%33%32%31%23%29%29%28%26%23%21%19%13%14%6%14%9%12%9%11%11%4%8%6%5%0%20172018201920202021202223Description:Fouroutof10Poland'scompanieshavenotrecordedanyincidentsrelatedtosecuritybreachesin2022,aslightincreasecomparedtothepreviousyear.

ReadmoreNote(s):Poland;2017to2022;100respondents;CompaniesinPolandSource(s):KPMGPoland;NorstatAverageweeklycyberattacksperorganizationinPolandfrom2021to2022,byindustryAverageweeklycyberattacksperorganizationinPoland2021-2022,byindustry202120222,5002,0001,5001,0005002,3161,0371,0125995334794644000PublicutilitysectorGovernment/MilitaryFinance/BankingTradesectorManufacturing24Description:Thepublicutilitysectorsawthehighestnumberofattacks.Onaverage,therewereover2.3thousandcyberattacksperweekin2022.ReadmoreNote(s):Poland;2021to2022;AsofDecemberSource(s):CEOMagazynPolska;CheckPointSoftwareTechnologies;dziennik-polityczny.pl;RzeczpospolitaLeadingcyberthreatsfororganizationsinPolandin2022,byrisklevelBiggestcyberthreatstocompaniesinPoland2022,byrisklevelRisklevel(5isthehighestriskand0isnorisk)0.00.51.01.52.02.53.03.5PhishingDataleaksviamalware32.72.7AdvancedPersistentThreat-APTRansomwareattacks2.52.3DatatheftbyemployeesAttacksthatuseerrorsinapplicationsDataleakagecausedbytheftorlossofmediaormobiledevicesDoS/DDoSattacks1.81.71.61.5DatatheftduetophysicalsecuritybreachesAttacksonwirelessnetworks1.51.5Man-in-the-Middle(MitM)attacksMobiledeviceshacking1.425Description:Polishcompaniesfoundthatthegreatestcyberthreatwasphishing,aswellasdataleaksviamalwarein2022.CompanieswerealsoafraidofAPTorransomwareattacks.

ReadmoreNote(s):Poland;December2022;100respondents;CompaniesinPolandSource(s):KPMGPoland;NorstatGroupsthatposearealthreattoorganizationsinPolandfrom2018to2023GroupsthatposearealthreattocompaniesinPoland2018-2023Cybercrime96%UnsatisfiedorbribedemployeesGroupssupportedbyforeigncountries120%100%80%60%40%20%0%92%90%88%85%84%58%57%56%42%39%38%33%28%27%24%21%19%20182019202020212022202326Description:Initsbroadestsense,cybercrimewasthegreatestthreattocompaniesinPolandin2023.Itwasadecreaseoffourpercentagepointscomparedtothepreviousyear.Thesecondproblematicgroupforthecompaniessurveyedwasgroupssupportedbyforeigncountries.ReadmoreNote(s):Poland;2018to2023;100respondents;CompaniesinPolandSource(s):KPMGPoland;NorstatCybercriminalsmostfrequentlyattackingcompaniesinPolandfrom2018to2023CybercriminalsmostfrequentlyattackingcompaniesinPoland2018-2023SinglehackersOrganisedcybercrimegroupsCyberTerroristsScriptkiddiesHactivists90%80%70%60%50%40%30%20%10%0%84%58%72%70%59%69%62%61%58%50%57%54%54%47%43%36%42%34%27%30%20%23%15%22%21%19%18%12%18%20182019202020212022202327Description:OrganizedcybercrimegroupsmostoftenviolatedsecuritysystemsinPolishcompaniesin2023.Theirthreatincreasedbyonepercentagepointscomparedtothepreviousyear.

ReadmoreNote(s):Poland;2018to2023;100respondents;CompaniesinPolandSource(s):KPMGPoland;NorstatAssessmentofsecurityareasincompaniesinPolandin2022,byinvestment'simportanceMaturityofsecurityareasincompaniesinPoland2022,byinvestment'simportanceScore(5aresignificantinvestmentsand0isnoinvestment)0.00.51.01.52.02.53.03.5ProtectionagainstmalwareSecuritymonitoring32.92.82.82.72.62.52.52.4Internalnetworksecurity(segmentation,accesscontrol)RespondingtosecurityincidentsBusinesscontinuityplansSecurityoftheInternetconnectionSecurityawarenessprogrammesforemployeesDataLeakagePrevention-DLPIdentityandaccessmanagementMobiledevicemanagement(MDM)Vulnerabilitymanagement2.22.2ClassificationandcontrolofassetsSafetyofaSoftwareDevelopmentProcessManagingbusinesspartnerSecurityRisks1.81.51.528Description:In2022,malwareprotectionwastheareainwhichcompaniesplannedtoinvestthemostoverthenext12monthsReadmoreNote(s):Poland;December2022;100respondents;CompaniesinPolandSource(s):KPMGPoland;NorstatMajorlimitationsincybersecuritydevelopmentinPolishcompaniesfrom2021to2023ObstaclesinbuildingcybersecurityinorganizationsinPoland2021-2023Shareofrespondents2023

2022

202120%0%10%30%40%50%60%70%57%57%InsufficientbudgetsDifficultiesinrecruitingandkeepingqualifiedstaffLackofwelldefinedindicators42%47%64%50%36%26%25%24%Lackofbusinessinvolvement30%22%20%LackofproperassignmenttosecurityresponsibilitiesNosupportfromtopmanagement20%20%19%24%24%29Description:Fornearly60percentoftherespondentsinPoland,insufficientbudgetswerethebiggestproblemthatlimitedcompaniesinachievingtheexpectedlevelofsecurityin2023.Inaddition,almost50percentofcompaniesindicatedthatdifficultiesinrecruitingandkeepingqualifiedstaffcausedaprobleminachievingtheplannedlevelofprotection.ReadmoreNote(s):Poland;2021to2023;100respondents;PolishcompaniesSource(s):KPMGPoland;NorstatMostcommonsocialengineeringmethodsusedbycybercriminalsinPolandin2023MostcommonsocialengineeringmethodsusedbycybercriminalsinPoland202380%68%68%70%60%50%40%30%20%10%0%15%PhishingImpersonationofapublicinstitutionPITscams30Description:PhishingandimpersonationofapublicinstitutionwasthemostcommonsocialengineeringmethodusedbycybercriminalsinPolandin2023.ReadmoreNote(s):Poland;MarchtoApril2023;1057respondents;18yearsandolderSource(s):BiuroInformacjiKredytowej;QualityWatchCHAPTER

04CybersecurityincompaniesShareofcompaniesusingparticularICTsecuritymeasuresinPolandin2022ShareofcompaniesusingparticularICTsecuritymeasuresinPoland2022Shareofinternetusers20%

30%0%10%40%50%60%70%80%BackupsinaseparatelocationNetworkaccesscontrol68.3%62.4%AuthenticationbyatleasttwomethodsStrongpasswordauthenticationDataencryption54.8%46.9%45.7%UseofVPNconnectionsICTsecuritytesting40.9%32.4%31%StoringlogsforanalysisICTriskassessment23.3%BiometricIdentification11.1%32Description:Sevenoutof10enterprisesinPolandusedbackupsinaseparatelocationasanICTsecuritymeasurein2022.Over62percentusednetworkaccesscontrol,and55percentusedauthenticationbyatleasttwomethods.Incontrast,over11percentofPolishcompaniesusedbiometricidentification.ReadmoreNote(s):Poland;2022;Enterprisesemployingmorethan9personsSource(s):CentralStatisticalOfficeofPolandShareofcompaniesthatoutsourcedcybersecurityservicesinPolandbetween2019and2023CompaniesthatoutsourcecybersecurityinPoland2019-202390%81%80%70%60%50%40%30%20%10%0%76%76%70%58%2019202020212022202333Description:In2023,81percentofcompaniesoutsourceddatasecurityissuestoexternalproviders,anincreasecomparedtothepreviousyear.

ReadmoreNote(s):Poland;2019to2023;100respondents;CompaniesinPolandSource(s):KPMGPoland;NorstatImplementedsolutionstodetectcyberattacksincompaniesinPolandin2022ImplementedsolutionstodetectcyberattacksincompaniesinPoland2022Shareofrespondents0%

10%20%30%40%50%60%70%68%80%ThreatIntelligenceCentrallogrepositoryIOC(IndicatorofCompromise)and/orTTP(Tactics,Techniques,andProceduresIPS/IDS(IntrusionPrevention/DetectionSystems)SIEM(SecurityIncidentEventMonitoring)64%52%48%44%41%39%DLP(DataLeakagePrevention)ATP(AdvancedThreatProtection)EDR/XDR(EndpointDetectionandResponse/ExtendedSOAR(SecurityOrchestration,AutomationandResponse)Deception/Honeypot33%16%14%34Description:In2022,companiesinPolandmostoftenusedexternalsourcesofthreatinformation,orso-calledThreatIntelligence,todetectcyberattacks.CentrallogrepositoriesandIOCorTTPattackthreatknowledgebaseswerealsopopular.

ReadmoreNote(s):Poland;December2022;100respondents;CompaniesinPolandSource(s):KPMGPoland;NorstatCybersecuritysystemsimplementedincompaniesinPolandin2022CybersecuritysystemsimplementedincompaniesinPoland2022Shareofrespondents0%10%20%30%40%50%60%70%80%78%90%89%100%SecuritymonitoringRespondingtocyberattacksVulnerabilitytestsofinfrastructure47%PrivilegemanagementbasedonimplementedIdM(IdentityManagement)Cyberthreatawarnessprograms45%44%Penetrationtestingofapplications37%35Description:ThemostcommoncybersecuritymanagementprocessesinPolishcompaniesweresecuritymonitoringandresponsetocyberattacks,performedby89percentand78percentofcompanies,respectively.

ReadmoreNote(s):Poland;January2022;180respondents;Managers,directors,boardmembers,CEOsresponsibleforissuesrelatedtodigitizationinthecompanySource(s):KPMGPolandMaturitylevelofcybersecurityareasincompaniesinPolandin2022MaturitylevelofcybersecurityareasincompaniesinPoland2022Score(5isfullmaturityand0nosecurity)0.00.51.01.52.02.53.03.54.04.55.0ProtectionagainstmalwareInternalnetworksecurity(segmentation,accesscontrol)SecurityoftheInternetconnectionRespondingtosecurityincidents4.34.24.14.14.1IdentityandaccessmanagementBusinesscontinuityplans44SecuritymonitoringClassificationandcontrolofassetsDataLeakagePrevention-DLP3.43.43.4SecurityawarenessprogrammesforemployeesVulnerabilitymanagement3.33.2Mobiledevicemanagement(MDM)ManagingbusinesspartnerSecurityRisksSafetyofaSoftwareDevelopmentProcess2.92.836Description:In2022,companiesinPolanddeclaredthatmalwareprotectionandinternalnetworksecurityareareaswherethehighestlevelofmaturity.ReadmoreNote(s):Poland;December2022;100respondents;CompaniesinPolandSource(s):KPMGPoland;NorstatCHAPTER

05CybersecurityandpersonaldataprotectionLeastsafeonlineactivitiesinPolandin2023LeastsafeonlineactivitiesinPoland2023Shareofrespondents0%10%20%30%40%50%48%60%58%70%UseofinstantmessagingOnlineshopping/salesDatingportals47%SocialmediaparticipationPlatformsofferingthepurchaseofuseditemsSocialmedia45%36%33%38Description:In2023,oneoftheleastsafeonlineactivitiesinPolandwastheuseofsocialmedia.ReadmoreNote(s):Poland;2023;1000respondents;18yearsandolderSource(s):BankPekaoSATypeofsolutionsusedtoincreasethelevelofonlineprivacyinPolandin2022OnlinesecuritysolutionsuseinPoland2022Shareofrespondents20%

30%0%10%40%50%60%70%80%Useofanti-virussoftware67.7%Useofsecurebrowsers56%Two-factorlogging47.3%VPN37.2%Useofapasswordmanager30.9%Encryptionofmessagesandconnections25.5%ProxySecuritykeysTor21.2%12.9%7%39Description:In2022,mostsurveyedPolesusedsecurebrowsers,anti-virussoftware,andtwo-steplogintoincreasetheironlineprivacy.

ReadmoreNote(s):Poland;N