Protecting Business in a Digital Transformation

4 Steps to a More Secure Company

4th edition of State of Information Security Survey in Poland 2017


companies spend annually less than PLN 1 million for cyber security


of security incidents in companies can be attributed to current employees


of companies have noted over 50 security breaches

The digital transformation puts trust to a test. Effective protection of one’s IT systems, data, and information is nowadays a key factor to ensure business stability

One of the most sensitive issues is the brand’s market confidence, especially as the level of interconnectivity between people and devices is rising.

Through this fourth edition of the survey on information security we have found in Poland that businesses are facing huge challenges concerning the stable trust in the network, new regulations, security of automation, and the sense of security experienced by company’s employees and customers.

From a global perspective, yet another year is bound to be marked by the question of cyber security of the Internet of Things, hacker attacks on production lines and vehicle control systems, as well the the reliablity, or otherwise, of cloud-enabled solutions.

Having analyzed trends in digital reality as well as challenges which companies face and directions of their development, we present four steps with a view to help Polish companies to comprehensively brace for the upcoming regulatory changes.

4 Steps to a More Secure Company

Step 1: Focus on trust

In half of companies the annual budget for cyber security stands at less than PLN 1 million. Companies have embraced the implementation of new regulations by starting from the simplest solutions. The poorest seems to be the level of process readiness in companies: a program to identify sensitive resources has been implemented by only 11% of companies, while 58% do not plan to introduce it at all. Polish companies should be mindful that the manner of implementing the GDRP requirements may differ between administrators and processing entities. Also, entities are likely to have to adopt a number of different ways in order to comply.


Step 2: Awareness first

Polish companies claim that they have got overall security strategies in place. However, possessing them does not warrant in itself an optimal mode of spending one’s finanacial resources or the selection of the adequate technological and organizational security mechanisms. A raft of existing systems and technological security measures calls for taking a comprehensive perspective on the entire ICT infrastructure. However, only 21% of companies say that they have got a SIEM-class system in place. There is still a lot to be done in the area of cyber security architecture in Poland.


Step 3: Monitoring results

Companies in Poland note an increasing number of security incidents. This is related to a better awareness of the issue itself: 96% of companies have experienced over 50 security breaches in the course of one year. Respondents to our survey most often indicated financial losses and exposure to legal risks or litigation as adverse effects of security breaches. Current employees continue to be the top source of incidents. Companies need adequate tools so that they can acquire, analyze, and track risks. Such tools could be SIEM or DLP systems, which should be combined with ensuring proper strategies and processes to produce clear information about the risks which companies face.


Step 4: Automation, analytics, and the Internet of Things

Because the IT and OT environments inter-penetrate each other, changes have to be introduced across Polish companies in the area of cyber security and production monitoring. Over 60% of our respondents have said that support processes for handling security incidents in the Operational Technology systems need to be changed. Well-qualified and strongly-motivated criminals actively seek ways to abuse security vulnerabilities in OT networks, process control systems, and critical infrastructure. Their motives range from economic benefits and espionage, through to a malicious desire to disrupt work and cause destruction.



Contact us

Piotr Urban

Partner, PwC Poland

Tel: +48 12 433 3557

Patryk Gęborys

Director, PwC Poland

Tel: +48 519 506 760

Tomasz Sawiak

Vice director, PwC Poland

Tel: +48 519 504 234

Follow us