- Only 59% of companies declare that they use antivirus software.
- More than half of employees have not participated in any cybersecurity training in the last 5 years.
- Only 32% of companies conduct regular tests of IT security.
- As many as 88% of Polish companies have experienced a cyberattack in the last 5 years.
Nearly 41% of Polish companies do not use antivirus software, and over half of employees have not received any cybersecurity training in the last five years, according to the latest report “Cyber Portrait of Polish Business”[1] prepared by ESET and DAGMA IT Security. At the same time, every fifth Polish employee has been a victim of a cyberattack at work, and as many as 88% of the surveyed companies admit that they were attacked in the last 5 years. Given the increasing scale and sophistication of threats, Polish enterprises simply cannot afford to be nonchalant – experts emphasize.
Business still not well protected
Over a third of Polish enterprises neglect the first, basic line of defense against cyber threats, which is antivirus software. Meanwhile, experts warn that this translates into a serious risk of attacks – both those well-known ones that are easy to eliminate, as well as increasingly new strategies of cybercriminals. The collected data also shows that medium-sized companies, employing 250-500 employees, have the weakest awareness of the importance of antivirus software (only 42% of this group declares using it).
Polish companies often also neglect the key issue of education for cybersecurity. The data shows that as many as 52% of employees have not had any training in cybersecurity at work in the last 5 years. At the same time, only 26% of respondents were engaged in learning about this topic at their place of employment more than once. Given the pace of changes in digital work environments and the emergence of new threats to which business is exposed – this is definitely too low a percentage.
Less than a third of companies (32%) also conduct regular IT security tests. This is also a troubling statistic, as tests are key to proactively identifying gaps in security. Their absence can result in leaving loopholes that can be exploited by attackers.
– Penetration tests should be carried out regularly in every large organization. As part of such a test, a series of actions and stages are performed similar to those used by cybercriminals. The aim is to find as many serious weaknesses as possible in the company’s systems and networks before people with bad intentions do. Not conducting penetration tests can be compared to leaving the house before an approaching storm without checking if all the windows are closed – comments Kamil Sadkowski, an analyst at the antivirus lab, ESET.
Escalation of cyber threats
Meanwhile, 20% of surveyed employees of Polish companies admit that they fell victim to a cyber attack at work. Another 17% find it difficult to relate to this statement, and 34% of respondents know someone who was a victim of a cyber attack while performing work duties. The data therefore indicates that such threats have long ceased to be a marginal issue.
It is worth noting that the numbers given only relate to conscious attacks. The actual number of people who have fallen victim to cyberattacks may be much higher due to insufficient knowledge and awareness of threats, as well as fear of stigmatization due to, for example, carelessness. Many people also do not know for a long time that they might have fallen victim to a cyberattack.
Also, the information collected for the ESET and DAGMA IT Security report among people dealing with cybersecurity in companies on a daily basis shows that the scale of threats may be even larger. As many as 88% of cybersecurity specialists admit that their company has been subjected to a cyberattack in the last 5 years. At the same time, 39% claim that the number of attacks on their company has increased in the last year, and almost every second person believes that their diversity has also increased. The diagnosis of specialists leaves no doubt – cybercriminals are increasingly boldly attacking Polish companies and expanding their repertoire.
Consequences of neglect, mainly financial
This is very important, as cyberattacks almost always have negative consequences for companies – tangible in the form of financial losses and long-term consequences leading to reputation damage. As many as 96% of surveyed people dealing with cybersecurity are afraid of the consequences of cyberattacks. In their opinion, the most severe potential consequences are financial losses. As many as 33% of them admit that this is their biggest fear as a result of a cyberattack. Among other consequences mentioned by specialists, reputation damage is also on the list. Every fifth person (22%) indicated that they are most afraid of brand reputation damage as a result of a potential attack. A similar percentage pointed to a decline in trust of business and retail customers (in both cases 23%).
The threats and fears materialize very quickly and show the burning need to increase the cybersecurity of Polish business. Every third cyber specialist admits that they worked in a company that suffered financial losses as a result of a cyberattack. A similar percentage of surveyed specialists (34%) claims that they had the opportunity to work in a company whose reputation was tarnished as a result of a cyberattack. These data show that the real costs of increasing cybercriminal activity and the non-keeping pace of Polish companies’ awareness are very high.
– For maintaining security, understanding the differences between threats in the real world and the virtual world is crucial. Employee education is necessary in terms of these very differences, attack mechanisms, and security rules. As the “Cyber Portrait of Polish Business” report shows, it seems that understanding attack mechanisms and how cybercriminals operate by employees is not at its best. Unfortunately, without proper knowledge and cyber hygiene, we will be helpless against them – summarizes Anna Piechocka, Managing Director of DAGMA IT Security.
* The report “Cyber Portrait of Polish Business. Digital security through the eyes of experts and employees” is based on a survey conducted between May 23 and June 10, 2024. The survey was carried out using the CAWI method with a professional online survey supported by the ARC Market and Opinion Research Institute. The survey was conducted on a sample of 1032 Poles working on a computer for at least 3 days a week. The vast majority of respondents (88%) performed their work tasks daily using electronic equipment provided by their employer. The sample also included a so-called boost of n=256 people engaged in cybersecurity activities at their place of employment. The report’s analyzes concern surveyed cybersecurity experts from companies employing at least 10 people (n=227). The group of cybersecurity experts consisted of a diverse group of respondents, from practitioners monitoring, securing and auditing company security systems, through people influencing budgets for this purpose and managers of cybersecurity teams, to trainers in this field.
[1] “Cyber Portrait of Polish Business” is the first report of this kind in Poland. The ESET and DAGMA IT Security study was conducted among both employees and people responsible for cybersecurity in companies, allowing the identification of key differences between the declared and actually existing levels of awareness and security.
Source: https://managerplus.pl/cyberbezpieczenstwo-w-polskich-firmach-brak-szkolen-testow-i-oprogramowania-antywirusowego-67759
