Polish government institutions are once again at the top of Europe’s cyberattack rankings. In just one week, cybercriminals made nearly 3,000 attempts to attack the Polish government and public institutions, according to the latest report by Check Point Research, which analyses threats faced by countries around the world. Alongside Italy and Spain, Poland is among the European countries most exposed to attacks on government institutions.
| Country | Number of attacks on government institutions |
|---|---|
| Italy | 5,475 |
| Spain | 3,260 |
| Poland | 2,916 |
| Czech Republic | 2,745 |
| France | 2,527 |
| Austria | 2,399 |
| Netherlands | 1,233 |
Interestingly, the number of attacks on Polish government institutions is 80 percent higher than on the second most targeted sector, finance, which recorded 1,795 attacks, and the energy and utilities sector, which recorded 1,662 attacks. Polish administration has to repel more attacks — 2,916 — than the global average for government institutions, which stands at 2,795. Over the past year, the number of attacks has increased by an average of 18 percent, and since the middle of last year by as much as 40 percent.
“The risk and intensity of cyberattacks have been increasing for many months. While in mid-2025 we recorded 2,000 attacks on the government sector, today there are already 40 percent more. Polish government institutions are repelling nearly 3,000 attacks a week — more than the governments of the Czech Republic, with 2,745 attacks, France, with 2,527, or Austria, with 2,399,” emphasises Krzysztof Nierodka, manager at the Polish branch of Check Point Software Technologies.
According to Check Point Research, the number of attacks on government institutions is rising not only in Poland. In virtually every country analysed, hackers have intensified their activities, which is increasing the overall level of risk. Due to its geopolitical importance and active participation in the implementation of NATO’s European strategy, Poland is becoming one of the key targets of hostile cyber and disinformation operations.
This is also confirmed by Polish government data, according to which Poland recorded a record number of cyberattacks in 2025 — more than 140 percent higher than in 2024. Out of 682,000 reported cases, response teams handled 273,000 incidents.
“2025 was a record year in terms of attacks and incidents that hit Poland and that Poland experienced. The digital war being waged in Poland and against Poland by other countries is becoming increasingly visible in the facts,” Deputy Prime Minister Krzysztof Gawkowski said in mid-April this year. The number of incidents handled by the team operating under the Ministry of National Defence increased by almost 70 percent year on year.
“In the current geopolitical conditions, cyberattacks cannot be treated solely as a technical problem, but as an important component of hybrid operations aimed at destabilising the state and eroding its institutional and social resilience. This requires a systemic approach to cybersecurity, covering both the strengthening of preventive and response capabilities and the building of awareness and resilience across society as a whole,” notes Wojciech Głażewski, country director of Check Point Software Technologies in Poland.
Expert Opinion
“Due to its geographical location in Eastern Europe and the broader regional security context, Poland remains in the focus of advanced state-linked groups responsible for cyberattacks. These actors conduct both disinformation activities and cyber operations using malware designed to obtain intelligence information and, in some cases, potentially disrupt systems. The best-known groups associated with this type of activity include Sandworm, APT29 and APT28,” says Sergey Shykevich, Threat Intelligence Unit Manager at Check Point.
Europe in Hackers’ Crosshairs
Europe, as one of the wealthiest and most digitally connected regions in the world, is becoming an increasingly attractive target for cybercriminals seeking financial gain and influence. Combined with its extensive digital infrastructure and economic importance, this translates into a growing scale of threats. In March 2026, a cyberattack hit cloud infrastructure used by the European Commission to operate the Europa.eu platform — a key ecosystem hosting the websites of the Commission, the European Parliament, the Council of the EU and other EU institutions.
This incident forms part of a broader trend. According to the ENISA 2026 report, public administration remains the most attacked sector in the EU, accounting for around 38.5 percent of all incidents. Although the vast majority are relatively low-impact DDoS attacks, which make up as much as 94.8 percent of cases, ransomware is becoming an increasingly serious problem. It particularly affects local governments and local institutions, exposing them to major operational disruption and financial losses.
Activities by groups linked to Russia are a particular cause for concern. As Swedish Minister for Civil Defence Carl-Oskar Bohlin pointed out, their methods are evolving from simple DDoS attacks towards more destructive operations targeting European organisations. One example was an attempted major attack on Poland’s power grid in December 2025, attributed to a group linked to Russian intelligence. Another was a broad campaign by the Fancy Bear group, which used poorly secured Wi-Fi routers to obtain passwords, emails and sensitive data from government and military institutions in Europe and North America.
The scale of the problem also has an economic dimension. According to the World Economic Forum, cybercrime is already the third-largest “economy” in the world after the United States and China. Global cybersecurity spending is growing rapidly: the market is expected to reach USD 424.97 billion by 2030, with annual spending already reaching USD 240 billion in 2026, according to Grand View Research and SentinelOne. At the same time, companies spend an average of around USD 2,700 per employee per year on digital security, according to Deloitte. This shows that cybersecurity is becoming one of the key investment areas in the modern economy.
In response to the growing threats in Poland, the Ministry of Digital Affairs has prepared the Cybersecurity Strategy of the Republic of Poland — a programme aimed at strengthening, among other areas, critical infrastructure, including the energy sector, and the healthcare sector. In addition, an amendment to the National Cybersecurity System Act has been introduced to implement the NIS2 Directive. Support programmes are being carried out in parallel, and since the end of 2025 the cyber.gov.pl portal has been operating for reporting incidents.
