Cybersecurity: People, Not Technology, Are the Key Challenge for Businesses

Cybersecurity has emerged as a critical business challenge, driven by a rising tide of attacks, increasingly sophisticated tactics employed by cybercriminals, and the rapid adoption of artificial intelligence. This complex landscape was the focus of a panel discussion titled "Cyber Portrait of Polish Business 2026" at the CYBERSEC Expo & Forum 2026 in Katowice.

“

Today, we no longer have a technological problem. Technologies are available. The problem becomes whether someone knows how to use them, understands the threats, and whether the organization can respond appropriately.

The discussion was informed by a report from ESET and DAGMA IT Security, which revealed that a staggering 85% of companies have suffered a cybersecurity incident within the last 12 months. Furthermore, nearly half of the experts surveyed noted a year-on-year increase in attack frequency. Compounding these concerns, 62% of employees are now using AI-based tools in their daily work, yet only a small fraction of organizations have established formal policies to regulate their use.

“

We handle several ransomware incidents weekly. These are situations where the organization's operations are paralyzed, and companies face the threat of data publication.

Marcin Dudek, head of CERT Polska at NASK, emphasized that the primary issue is no longer technological availability but rather the human element: the ability to utilize technology effectively, understand the associated threats, and ensure organizational preparedness. He pointed out that while many organizations possess threat detection tools, the problem often lies in the failure to analyze the generated alerts or assign responsibility for action.

“

We see a very clear increase in cases related to organizational and technical security and personnel preparedness. This is a trend observed not only in Poland but throughout Europe.

CERT Polska identifies business email compromise (BEC) scams, ransomware attacks, and data breaches as the most damaging threats to businesses. Dudek noted that CERT Polska handles several ransomware incidents weekly, often paralyzing organizations and threatening data publication. The scale of the problem is echoed by Poland's Personal Data Protection Office (UODO), where President Mirosław Wróblewski reported a rise in data breach notifications from around 10,000 to over 22,000 annually. He stressed that organizational and technical security measures, along with personnel training, are crucial, a trend observed across Europe. Wróblewski also warned against concealing incidents, stating that information inevitably surfaces, often leading to more severe consequences.

“

Sweeping problems under the rug does not work. Information comes to light sooner or later, and the consequences can then be much more serious.