A PYMNTS Company

Thought for the Week: Is Poland’s ABW Report a Sign of the Trajectory of Nation-State Cyberattacks?

By  |  June 3, 2026
Thought for the Week: Is Poland’s ABW Report a Sign of the Trajectory of Nation-State Cyberattacks?

By: Brian Hengesbaugh (Baker McKenzie/IAPP)

    Get the Full Story

    Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    In this opinion piece for the International Association of Privacy Professionals (IAPP), author Brian Hengesbaugh (Baker McKenzie) shares insights from a recent report by Poland’s Internal Security Agency (ABW), which highlights a sharp increase in nation-state cyberattacks targeting critical infrastructure during 2024 and 2025. The report found that military facilities, public utilities, transportation systems, and other essential services have become frequent targets, reflecting a broader shift from traditional cyber espionage toward attacks designed to disrupt physical operations.

    The report identifies a range of threats, including advanced persistent threat (APT) campaigns, disinformation operations, supply-chain compromises, and attacks on industrial control systems. Common tactics include QR-code phishing (“quishing”), social engineering, and the exploitation of cloud infrastructure. Poland recorded more than 40,000 cybersecurity incidents, 5.5 million alerts, and an 18% year-over-year increase in attacks, underscoring the growing scale and sophistication of these threats.

    Hengesbaugh argues that Poland’s experience may foreshadow trends facing other Western countries. Given its proximity to the conflict between Russia and Ukraine, Poland has become a testing ground for cyber operations conducted by nation-state actors. These campaigns increasingly focus on disrupting critical infrastructure such as water and electricity systems, creating risks that extend beyond business losses to potential physical harm for civilians.

    The author urges organizations to adapt their security strategies accordingly. He recommends strengthening defenses against destructive attacks, updating incident response plans to address large-scale outages and system destruction, and conducting deeper assessments of supply-chain vulnerabilities. Successfully managing these emerging threats, he concludes, requires close coordination among business leaders, cybersecurity teams, legal departments, and compliance professionals as nation-state cyber risks continue to evolve.

     

    CONTINUE READING…