Cyber Risks Spread Across Poland’s Financial System as Supply Chain Threats Grow

Key Takeaways

• Risk Moves Beyond the Bank: Attacks are increasingly targeting IT providers and software vendors, turning third-party risk into a systemic issue for the financial sector.
• Scale Remains Relentless: Tens of thousands of malicious domains and fraudulent ads highlight how persistent and industrialized cybercrime has become.
• Familiar Tactics Still Work: Phishing and fake investment schemes continue to drive the most damaging outcomes, even as techniques become more sophisticated.
• Ransomware in Focus: Authorities are stepping up monitoring of ransomware groups to identify threats earlier and limit downstream impact.
• Resilience Is Becoming Collective: Strengthening cybersecurity now depends on coordination, information sharing, and continuous monitoring across the entire ecosystem.

Deep Dive

Poland’s financial sector is becoming more digital, more interconnected, and, as a result, more exposed. That’s what the 2025 cybersecurity report says, published by CSIRT KNF, which outlines a threat landscape that is not only growing, but shifting in ways that make it harder to contain.

The report doesn’t point to a single dominant threat. Instead, it describes a widening field of risk, where attacks aimed at software providers, IT services firms, and other third parties are now just as consequential as those targeting banks directly.

That shift matters. When an incident hits a provider embedded across multiple institutions, the impact rarely stops at one organization.

Digital Strength, Expanding Risk

Poland’s position as one of Europe’s most digitally active financial markets is a double-edged sword. High levels of mobile and online banking activity have made services more accessible and efficient, but they have also created more entry points for attackers.

Cybersecurity, in that context, is no longer just an operational concern. It sits much closer to the core of financial stability, where disruptions or large-scale fraud can quickly erode trust.

The numbers in the report give a sense of how persistent the threat environment has become. In 2025 alone, authorities sought to block 41,751 malicious domains, the vast majority tied to fraudulent investment schemes.

At the same time, 9,751 fraudulent advertisements were taken down, reflecting how heavily scammers continue to rely on digital platforms to reach victims. The sector also faced 787 DDoS attacks, while 274 ICT incidents were formally reported under Digital Operational Resilience Act.

Alongside these figures, CSIRT KNF issued hundreds of warnings and recommendations, signaling a steady stream of emerging risks rather than isolated spikes.

Old Tactics, New Execution

For all the attention on advanced cyber threats, many of the most damaging attacks still rely on familiar techniques. Phishing (whether through email or SMS) remains one of the most effective entry points.

What has changed is the level of sophistication behind it. Campaigns are more polished, more targeted, and often supported by convincing impersonation of trusted institutions or public figures.

Fake investment schemes continue to stand out in particular. These scams don’t just rely on deception, they rely on narrative and promises of high returns, minimal risk, and a sense of legitimacy built through recognizable names and imagery.

In some cases, attackers are now operating entirely within advertising platforms, removing the need for external websites and making traditional blocking methods less effective.

Ransomware and the Supply Chain Effect

Ransomware activity is also gaining ground, with authorities tracking groups more closely and analyzing their data leak publications.

The focus is not just on the immediate damage of an attack, but on what comes next. A breach in one organization can expose vulnerabilities elsewhere, particularly when shared vendors or systems are involved.

This supply chain dynamic is becoming one of the defining challenges for financial sector cybersecurity. It requires a shift in thinking, from protecting individual institutions to understanding how risk moves across the network.

CSIRT KNF points to the need for continuous monitoring of new attack techniques, closer cooperation across the market, and regular information sharing between institutions. Prevention, rather than response, is increasingly where the focus lies.

That includes everything from tracking ransomware groups before they strike, to identifying emerging fraud patterns, to strengthening oversight of third-party providers.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.