Increase in incidents in offices

Business analysis and ways to reduce losses

Incidents cyber security have ceased to be exclusively a problem for IT departments. Today they are one of the most serious risks business – they affect business continuity, reputation and board responsibility. What are the real costs of incidents in Poland and how can companies effectively reduce them?

Increase in the number of incidents. Why are Polish companies particularly vulnerable?

The last two years have seen a marked increase in the number of IT security incidents in Poland. Data from CERT Polska – “Cybersecurity Threat Landscape 2024” shows that the number of incidents handled increased by more than 30% year-on-year. Phishing attacks, ransomware and unauthorized data access incidents are growing the fastest.

In early 2026, we were threatened with a blackout by an attempted cyberattack targeting the country’s energy sector by Russia. As Gawkowski himself said, it was the most serious incident in Poland in years. In January alone, there was an average of nearly 3,200 attempted attacks per office, showing the seriousness of the situation. Unfortunately, many of the offices, despite such a situation, still do not have any system to manage, let alone protect, their data.

This trend is not exclusive to large organizations. Increasingly, the victims are:

• medium and small companies,
• production facilities,
• local government units,
• technology and software companies.

The Polish economy is simultaneously digitally developed and unevenly secured. In practice, this means that many organizations use modern systems but lack a consistent approach to security.

The most common causes of vulnerability:

• Lack of central monitoring of events,
• distributed security tools,
• shortage of IT specialists,
• delays in implementing RODO and NIS2 requirements,
• Lack of an up-to-date inventory of IT resources.

According to IBM’s “Cost of a Data Breach Report 2024”.:

• The average global cost of an incident is USD 4.45 million,
• The average time to detect and contain an incident is 277 days.

In Poland, the nominal amounts are lower, but the relative burden on companies is often higher. For an MŚP organization, a single incident can mean:

• The loss of several percent of annual revenue,
• halting key processes,
• The need to temporarily shut down operations.

As a result, incidents are often detected too late – only when they generate real operational losses. The cost of security incidents – globally and locally.

Threats security in Polish organizations, data leakage and costs

Based on reports from CERT Polska, ENISA Threat Landscape 2024 and analysis from audit firms, several dominant categories of incidents can be identified:

Phishing and account takeovers

Most common attack vector. Lack of multi-factor authentication and excessive user privileges cause incidents to escalate quickly.

Ransomware

Production and logistics are particularly affected. Encryption of file servers and backups often leads to days of downtime.

Data leaks

Configuration errors, lack of DLP, and uncontrolled access to sensitive data.

Internal incidents

Employee errors, unknowing violations or abuse of authority.

What costs do security incidents generate?

IT security incidents, such as ransomware attacks, can have serious financial and operational consequences for companies, especially in the manufacturing sector, where IT system downtime means stopping the entire production line. KPMG’s report “Cyber Security Barometer 2024” shows that the average downtime after a ransomware attack in manufacturing companies in Central Europe is between 3 and 7 days. During this time, companies incur significant direct costs, including:

• Systems and production downtime,
• data recovery,
• Purchase of new infrastructure.

Indirect costs

• loss of reputation,
• customer outflow,
• difficulties in obtaining contracts.

According to PwC Global Digital Trust Insights 2024, as many as 43% of customers say they will abandon a relationship after a major data incident.

Regulatory costs

• RODO penalties (up to €20 million),
• reporting obligations to the CSIRT and UODO,
• Board accountability under NIS2.

Technical and personnel costs

• post-breach analysis (forensics),
• Support from external experts,
• IT and business teams’ working time,
• Overtime and employee turnover.

Examples of real incidents in Poland

Manufacturing companies
Between 2023 and 2024, many Polish sites fell victim to ransomware. The consequences were:

• stopped production lines,
• losses numbering in the hundreds of thousands of zlotys per day,
• Lack of knowledge of which systems are key and how they are connected.

IT and software industry
Leaks of source code and customer data often resulted from:

• lack of access segmentation,
• lack of monitoring of anomalies,
• lack of control of data flow.

Public sector
Local government units are increasingly experiencing:

• email box takeovers,
• resident data leaks,
• media and audit pressure.

How to minimize the cost of incidents – the role of an integrated security system

The key conclusion of the IBM and ENISA reports is simple: the sooner an incident is detected, the lower the business cost – by as much as 50%. That’s why organizations are moving away from point tools to integrated security platforms, such as the eAuditor system.

What reduces losses in real terms?

• Central monitoring events and user activity
• Automatic alerts allowing you to respond in minutes, not days
• DLP (Data Loss Prevention) to protect data from leakage
• An up-to-date inventory of IT assets – crucial in a crisis and during audits
• Risk and compliance management with RODO and NIS2

The eAuditor not only allows you to react faster, but also to prove due diligence – which is crucial for inspections and investigations.

Q&A session

Which companies in Poland are particularly vulnerable?
It’s not just large corporations. Increasingly, small and medium-sized companies, manufacturing plants, local government units and IT and software companies are becoming victims.

With eAuditor incidents completely avoidable?
They cannot be completely eliminated, but eAuditor allows you to minimize the effects and quickly restore normal business operations, reducing financial, operational and reputational.

Whether eAuditor perform well in different sectors?
Yes. The system helps both manufacturing and IT companies, the public sector or small and medium-sized enterprises. It allows full inventory of IT resources and monitoring of user activity regardless of the size of the organization.

Summary

In 2026, IT security incidents are inevitable, but their effects need not be catastrophic. Companies that invest in visibility, monitoring and risk management incur significantly lower costs and recover faster.

Therefore, more and more organizations are treating eAuditor not as an IT tool, but as part of their business risk management strategy.