{"id":5696,"date":"2026-06-16T11:19:02","date_gmt":"2026-06-16T11:19:02","guid":{"rendered":"https:\/\/ceo.com.pl\/en\/?p=5696"},"modified":"2026-06-16T11:19:02","modified_gmt":"2026-06-16T11:19:02","slug":"one-in-four-small-companies-in-poland-has-no-cybersecurity-budget-one-in-three-does-not-react-after-an-attack-24878","status":"publish","type":"post","link":"https:\/\/ceo.com.pl\/en\/one-in-four-small-companies-in-poland-has-no-cybersecurity-budget-one-in-three-does-not-react-after-an-attack-24878\/","title":{"rendered":"One in Four Small Companies in Poland Has No Cybersecurity Budget. One in Three Does Not React After an Attack"},"content":{"rendered":"<p>For 19 percent of small companies in Poland that experienced a cyberattack, the consequences were very serious. At the same time, 32 percent of attacked entities did not introduce any changes after the incident.<\/p>\n<p>Twenty-six percent of small companies declare that they incur no expenses at all on protection against digital attacks. In large organisations, annual spending can exceed PLN 50,000.<\/p>\n<p>In medium-sized and large entities, cybersecurity is most often handled by an employee or a dedicated IT team. In small businesses, this area is more often the responsibility of the owner.<\/p>\n<p>Over the past 12 months, 85 percent of small companies and 45 percent of medium-sized companies have not carried out any cyber risk assessment of their organisations.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/ceo.com.pl\/en\/one-in-four-small-companies-in-poland-has-no-cybersecurity-budget-one-in-three-does-not-react-after-an-attack-24878\/#The_financial_and_operational_costs_of_a_single_attack\" >The financial and operational costs of a single attack<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/ceo.com.pl\/en\/one-in-four-small-companies-in-poland-has-no-cybersecurity-budget-one-in-three-does-not-react-after-an-attack-24878\/#Cybersecurity_spending\" >Cybersecurity spending<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/ceo.com.pl\/en\/one-in-four-small-companies-in-poland-has-no-cybersecurity-budget-one-in-three-does-not-react-after-an-attack-24878\/#A_trusted_IT_partner_selection_criteria_in_Polish_companies\" >A trusted IT partner: selection criteria in Polish companies<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"The_financial_and_operational_costs_of_a_single_attack\"><\/span>The financial and operational costs of a single attack<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>A Mastercard survey conducted at the turn of 2025 and 2026 among IT specialists in small, medium-sized and large companies in Poland showed the scale of cyberattacks on Polish enterprises and the approach of business owners to cyber threats. Among respondents, every second large company, 44 percent of medium-sized companies and 25 percent of small companies admitted that their organisation had experienced a cyberattack or digital security breach.<\/p>\n<p>What impact did these incidents have on the operations of the affected organisations? In the case of small entities, 42 percent of respondents said that the consequences of the incident were serious or moderate, causing major disruption in 19 percent of cases and partial disruption in 23 percent. Almost one in three medium-sized companies, 31 percent, experienced minor complications and moderate disruption.<\/p>\n<p>Company representatives were also asked how much a cybercriminal attack actually cost their business. One in five small companies admitted that the financial losses were minor, amounting to up to PLN 1,000. In the case of medium-sized and large companies, the consequences of attacks are more often significantly more costly and can reach as much as PLN 50,000.<\/p>\n<p>\u201cLarge companies, which more often have an incident response plan and regularly train their employees, are much more likely to declare that they successfully block attacks. Cyberattacks on small companies, however, often mean major disruption to their operations. Although, as our latest study shows, most companies declare no financial losses, uncertainty about the real costs of an incident increases with the size of the organisation,\u201d says Ma\u0142gorzata Domaga\u0142a, Vice President and Director of Products and Solutions at Mastercard for Poland, the Czech Republic and Slovakia.<\/p>\n<p>A fairly large share of respondents in Mastercard\u2019s survey \u2014 19 percent among medium-sized companies and 16 percent among large companies \u2014 admit that they are unable to estimate financial losses or refuse to answer this question.<\/p>\n<p>\u201cThe results of our study show that we still need to increase awareness of cyber threats and the challenges related to cybercrime. At the same time, as cyber threats grow in scale and sophistication, Mastercard continues to invest in technologies, expert knowledge and partnerships that help organisations strengthen their cyber resilience and increase security,\u201d the expert adds.<\/p>\n<p>One in three small companies, 32 percent, as well as 28 percent of large companies and one in five medium-sized companies, did not change their approach to cybersecurity despite having experienced an attack. Minor changes were introduced, on average, in 30 percent of the companies. Preventive measures, such as external audits and cyber risk assessments, are more common in large and medium-sized companies. In the 12 months preceding the survey, such activities were carried out by 72 percent of large companies and 55 percent of medium-sized companies. Among small organisations, 85 percent admitted that they do not carry out such activities.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Cybersecurity_spending\"><\/span>Cybersecurity spending<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Company cybersecurity budgets increase with the scale of operations. The smaller the organisation, the less money it allocates to this purpose. Mastercard\u2019s survey results showed that 26 percent of small entities incur no expenses related to digital security, while 55 percent allocate less than PLN 10,000 per year to this area, or around PLN 833 per month. One in three medium-sized organisations estimates its spending at between PLN 10,000 and PLN 50,000 per year, while 44 percent of large companies put their cybersecurity budgets at more than PLN 50,000 annually.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"A_trusted_IT_partner_selection_criteria_in_Polish_companies\"><\/span>A trusted IT partner: selection criteria in Polish companies<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>According to Mastercard\u2019s survey, in small companies cybersecurity is entrusted to the owner in 60 percent of cases or to employees who handle both IT and other tasks in 10 percent of cases. In medium-sized and large companies, cybersecurity is more often the responsibility of an employee or team employed by the company and dedicated exclusively to IT tasks, with 66 percent and 76 percent of indications respectively. It may also be handled by an externally hired person or company working continuously in this area only, indicated by 30 percent of medium-sized companies and 24 percent of large companies.<\/p>\n<p>When choosing a cybersecurity partner or external provider, small companies rely mainly on references and opinions from others, indicated by 53 percent of respondents, as well as experience and reputation, indicated by 33 percent, speed of response and support, indicated by 30 percent, and the price of the service, which is important for 27 percent. Medium-sized companies primarily focus on experience and reputation, indicated by 53 percent, as well as the scope and comprehensiveness of services offered, also indicated by 53 percent. Large entities, meanwhile, prioritise certificates and compliance with standards, with 61 percent of indications.<\/p>\n<p>\u201cCompany budgets for cyber protection vary. However, even when relatively large amounts are involved, the problem may lie in the inappropriate allocation of funds and ineffective management of cyber resilience. Another challenge, therefore, remains the delegation of responsibility for this area to the right partner with the appropriate competences. Prevention and trust in professionals have a real impact on the strength of an attack and can minimise its consequences,\u201d concludes Ma\u0142gorzata Domaga\u0142a from Mastercard.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>For 19 percent of small companies in Poland that experienced a cyberattack, the consequences were very serious. At the same time, 32 percent of attacked entities did not introduce any changes after the incident. Twenty-six percent of small companies declare that they incur no expenses at all on protection against digital attacks. In large organisations, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":5357,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[3457],"tags":[62,3076,64,66],"class_list":["post-5696","post","type-post","status-publish","format-standard","has-post-thumbnail","category-security","tag-czech-republic","tag-mastercard","tag-poland","tag-slovakia"],"jetpack_publicize_connections":[],"_links":{"self":[{"href":"https:\/\/ceo.com.pl\/en\/wp-json\/wp\/v2\/posts\/5696","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ceo.com.pl\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ceo.com.pl\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ceo.com.pl\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ceo.com.pl\/en\/wp-json\/wp\/v2\/comments?post=5696"}],"version-history":[{"count":2,"href":"https:\/\/ceo.com.pl\/en\/wp-json\/wp\/v2\/posts\/5696\/revisions"}],"predecessor-version":[{"id":5698,"href":"https:\/\/ceo.com.pl\/en\/wp-json\/wp\/v2\/posts\/5696\/revisions\/5698"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ceo.com.pl\/en\/wp-json\/wp\/v2\/media\/5357"}],"wp:attachment":[{"href":"https:\/\/ceo.com.pl\/en\/wp-json\/wp\/v2\/media?parent=5696"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ceo.com.pl\/en\/wp-json\/wp\/v2\/categories?post=5696"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ceo.com.pl\/en\/wp-json\/wp\/v2\/tags?post=5696"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}