Łukasz Wieczorek in CEE Legal Matters on the cybersecurity market in Poland
Cybersecurity has become one of the most urgent topics in Poland. A rising number of cyber incidents and delays in implementing key regulations are putting the country facing serious challenges. In an article for CEE Legal Matters, partner Łukasz Wieczorek, head of the TMT practice at KWKR, writes about the state of cybersecurity in Poland, regulatory challenges and development prospects.
Poland under pressure from cyberattacks
Poland is struggling with a growing number of cyber incidents. In 2024 Polish CSIRTs recorded roughly 111,000 incidents — from ransomware attacks to sophisticated intrusions into critical infrastructure. Symbolic was the attack on the MSWiA hospital in Kraków in March 2025, which paralysed the main computer system and disrupted the medical facility’s operations.
Delays in NIS2 implementation
Although the deadline for implementing the NIS2 directive passed in October 2024, Poland is still working on a draft law. The rules may cover tens of thousands of entities and will impose obligations on them regarding risk assessment, incident reporting and cooperation with authorities. The lack of formal regulation leaves many organisations in legal uncertainty.
A boom in the cybersecurity market
Rising threats are driving a boom in cybersecurity services and specialists. The market for experts — from SOC and NOC teams to penetration testers — is flourishing. Initiatives such as CyberMadeInPoland create links between the private sector, academia and government, while programmes like “Cybersecure Water Utilities” provide financial support to strengthen cyber defence in key sectors.
What the future will bring
Once the NIS2 implementing act is adopted, experts expect increased attention to cybersecurity across market participants. Government bodies such as CSIRT and NASK will play a key role in coordinating actions and education. The implementation of NIS2 also forms the backdrop for the upcoming Cyber Resilience Act, which is expected to phase in starting in 2026.
What are the biggest cyber threats in Poland and how large is the problem? Why is NIS2 implementation delayed and what will the consequences be for companies? How is the cybersecurity market developing and what are the prospects for the future?
Łukasz Wieczorek, partner and head of the TMT practice at KWKR, answers these and many other questions in his article published in CEE Legal Matters. The full text in English can be read on the magazine’s website.
