In 2024, Poland became one of the most frequently targeted countries in Europe by cybercriminals. On average, 2,063 attacks per month hit the public sector, and 2,058 targeted military and government institutions. These cyberattacks are typically aimed at stealing sensitive data, disrupting critical infrastructure, or conducting political espionage. According to experts from Palo Alto Networks, such activities may intensify in light of this year’s presidential elections.
Cyberattacks as Tools of Geopolitical Destabilization
What was once primarily a business concern—DDoS attacks, phishing emails, and ransomware—has become a geopolitical threat. Cybercriminals, often acting on behalf of hostile state services, now use digital attacks to destabilize political systems across Europe. In May 2024, Poland thwarted an attack by Russia’s GRU (Main Intelligence Directorate), which sought to paralyze key governmental institutions.
A recent example from Palo Alto Networks’ Unit 42 illustrates the sophistication of these operations. Cybercriminals impersonated diplomats selling official vehicles to lure other diplomats relocating to new posts. Clicking on fake links led to spyware installation, giving hostile intelligence services access to infected diplomatic missions.
Local Governments: A Growing Target
Local government units are increasingly under attack. In 2023, ransomware hit several local entities, including the District Office in Świebodzin and the Labor Office in Police.
“State administration is now the most exposed to cyberespionage from hostile foreign intelligence services. These attacks are aimed at infiltrating internal procedures, spreading disinformation, and stealing military development plans. Their goal is to destabilize, erode public trust in institutions, and mislead citizens,” says Wojciech Gołębiowski, Vice President and Managing Director at Palo Alto Networks CEE.
Escalating Threats and the Need for Resilience
In 2023, cybercriminals linked to Russia even targeted the Warsaw Stock Exchange. According to CSIRT GOV, there were 1,022 attacks on critical infrastructure operators, 736 on ministries, 629 on public offices, 380 on state authorities, and 274 on security services. Public administration remains the second-most targeted group by ransomware, just after healthcare.
To counter these threats, Poland has implemented the ARAKIS-GOV early warning system, designed to support government and critical infrastructure defense against cyberattacks.
Education and Workforce Development
Experts emphasize that both public and private sectors in Poland need significant investment in cybersecurity talent. A report by the National Chamber of Digital Economy reveals substantial gaps in digital education, particularly among older citizens, compared to other European nations.
“People must know how to verify the legitimacy of a website or identify phishing emails. But equally important is knowing how to respond after a data breach. Training for civil servants, teachers, and even doctors—who increasingly handle sensitive patient data—is vital,” says Grzegorz Latosiński, Country Director at Palo Alto Networks Poland.
Poland has already taken steps with the launch of the government platform “Digital Competencies,” which aims to train schools, seniors, entrepreneurs, and officials. So far, over 2,000 key state employees have undergone cybersecurity training.
Systemic Protection: Cybersecure Local Government
The “Cybersecure Local Government” initiative aims to shield critical areas of Poland’s digital infrastructure. The project has drawn immense interest—about 90% of eligible local entities have applied for funding, with total planned investments exceeding PLN 1.47 billion.
The government also plans to allocate nearly PLN 66 million to CSIRT teams (Computer Security Incident Response Teams) as part of the National Recovery Plan. These funds will support sectors like healthcare, which is among the most frequently targeted industries.
“Protecting sensitive data in the cloud requires encryption, access control, and constant compliance audits. Identity management, risk governance, multi-cloud security, and workforce training are essential for a robust cybersecurity framework,” says Dariusz Kupiec, Director of Cybersecurity at Cloudware Polska.
Proactive Measures and Legislative Challenges
To address data leaks, the government launched a program allowing citizens to block their national ID number (PESEL) from misuse. However, this does not resolve the sector’s low cybersecurity awareness. In 2023, 67.5% of medical facilities lacked dedicated IT support, and 66% had no vulnerability management strategies.
While the Ministry of Digital Affairs reports that over half a million cybersecurity threats have been handled, and more than 75 million phishing attempts blocked, the scale of attacks indicates that much more awareness-building is needed.
Nevertheless, experts note that Poland performs well in NATO-led cybersecurity exercises like Locked Shields. Additionally, the Cyber Defense Forces plan to establish an AI Implementation Center for military use. The Cyber Defense Command has also formalized cooperation with Palo Alto Networks to bolster national cybersecurity.
At the legislative level, Poland benefits from EU frameworks such as NIS2, DORA, and the AI Act. While Poland is among the first countries to draft its version of the AI Act, implementation of the other directives remains a significant challenge for both public administration and private companies.
Conclusion
The frequency and impact of cyberattacks against Poland’s government and military sectors reveal the ruthless nature of modern cyberwarfare. Disinformation, destabilization, and espionage are now daily threats. With presidential elections approaching, Palo Alto Networks analysts anticipate a surge in disinformation campaigns.
Government institutions are taking the threat seriously, introducing training programs for election officials and civil servants. However, raising public awareness remains the most effective line of defense—alongside system modernization and the adoption of advanced cybersecurity solutions.
With more than 4,000 cyberattacks reported against state sectors alone in 2024, bolstering national cyber resilience is no longer optional—it’s a strategic imperative.
Source: ManagerPlus.pl – Poland’s Public Sector Under Cyberattack
