KPMG Cybersecurity Barometer: Staffing and financial troubles of Polish companies

Recruitment of qualified cybersecurity specialists is a major problem for companies in Poland, according to a KPMG report. The study showed that more than half of the respondents experience difficulties in hiring and retaining competent staff in this area.

KPMG Cybersecurity Barometer: Staffing and financial troubles of Polish companies
00:00 00:00

Summary

  • The KPMG Cybersecurity Barometer reveals that the main challenge for Polish companies is finding and retaining highly qualified employees in the field of cybersecurity, a problem faced by 53% of surveyed entities. Limited finances are the second most frequently indicated obstacle in the field of protection against cyber attacks.
  • Companies are increasingly opting for outsourcing positions related to cybersecurity. In 2023, 84% of surveyed organizations used the services of external providers, mainly in the area of raising employee awareness, support during cyber attacks, and analysis of malicious software.
  • The most popular services are employee education, assistance in the event of cyber attacks, and malware analysis.
  • The report emphasizes the important role of GDPR regulations, which are a key element of organizational structures for 85% of companies. Regulations are the most common motivator for investing in cybersecurity.
  • Despite the challenges associated with human resources in cybersecurity, 45% of companies consider themselves well prepared to adapt to changing regulations in this field. However, 32% of organizations have not taken any corrective actions after identifying IT compliance violations.

Outsourcing at the forefront of security strategy

The latest results of the KPMG Cybersecurity Barometer reveal that the main challenge for Polish companies is finding and retaining highly qualified employees in the field of cybersecurity. This problem is faced by as many as 53% of entities that participated in the survey. The second most frequently indicated obstacle in the field of protection against cyber attacks is limited finances. 

In addition, according to the respondents' answers, other challenges remain at a similar level of importance, such as the lack of clearly defined indicators and the lack of full business engagement and top management, we read in the report.

In response to these challenges, companies are increasingly opting for outsourcing positions related to cybersecurity. In 2023, as many as 84% of surveyed organizations used the services of external providers, mainly in the area of raising employee awareness, support during cyber attacks, and analysis of malicious software. The most popular services are employee education, assistance in the event of cyber attacks, and malware analysis.

Cybersecurity. There is a shortage of even 4 million specialists in this field worldwide
The most sought after are experts in cloud security, but staff shortages are felt almost in every area of the IT Security industry.

Regulations are the most common motivator for investment

The report also emphasizes the important role of GDPR regulations, which are a key element of organizational structures for 85% of companies, especially the largest ones. Less important for the survey participants were regulations related to the classification of artificial intelligence systems in terms of risk and requirements for their creation and use, known as AI Act, and regulations of the European Parliament and Council on operational resilience in the financial sector (DORA).

- Regulations are today the most common motivator for investing in cybersecurity - says Michał Kurek, Partner, KPMG Consulting, Head of the Cybersecurity Team at KPMG in Poland and Central and Eastern Europe.

- Mainly because in case of detection of non-compliance, regulators have the ability to impose severe financial penalties. By indicating the directions in which to invest in the field of cybersecurity, regulations simultaneously raise the general level of security, as well as standardize and harmonize the way it is built. However, it is critical that the goal of ensuring compliance with regulations does not overshadow the overriding goal, which should be effective company protection. Ensuring compliance alone is unfortunately not synonymous with ensuring security - adds Kurek.

However, despite the challenges associated with human resources in cybersecurity, 45% of companies consider themselves well prepared to adapt to changing regulations in this field. On the other hand, it is alarming that 32% of organizations have not taken any corrective actions after identifying IT compliance violations, which emphasizes the need for greater focus on education and implementation of effective security procedures.