Detention in Kraków highlights surge in hostile cyber activity since Russia’s full-scale invasion
Polish authorities have arrested a Russian citizen accused of hacking into the IT systems of several domestic companies, Interior Minister Marcin Kierwiński announced on 27 November. The suspect was detained in Kraków during an operation targeting unauthorised access to corporate databases, with investigators stating that his primary objective was to obtain sensitive data. The incident was covered in reports on the arrest of a Russian national suspected of hacking Polish companies during operations in Poland, marking the latest in a series of cybersecurity threats affecting NATO states.
Since Russia launched its full-scale invasion of Ukraine in February 2022, Poland and the Baltic states have faced frequent and increasingly sophisticated cyberattacks attributed to pro-Russian groups. Several European governments have intensified monitoring of hostile activities following waves of arson attempts, sabotage and digital intrusions. Moscow denies any involvement and accuses Warsaw and other EU capitals of fuelling “Russophobia”.
Poland confronts unprecedented volume of cyber incidents
Deputy Prime Minister and Digital Affairs Minister Krzysztof Gawkowski recently stated that Poland now experiences the highest number of cyberattacks of any EU member state. According to his ministry’s data, the country faces up to 4,000 cyber incidents each day, with roughly 1,000 assessed as posing credible threats that require immediate response. Critical infrastructure—particularly water, sewage and energy systems—remains a primary target, with the majority of hostile activity attributed to pro-Russian hackers.
Polish intelligence services assess that the Kremlin has tripled its resources for cyber operations against Poland in 2025. Officials in Warsaw believe this escalation reflects two factors: Poland’s prominent role in supporting Ukraine’s defence and Russia’s efforts to test NATO’s reactions to hybrid operations within the cyber domain. Minister Gawkowski said Poland is effectively “in a state of hybrid war” with Russia, as offensive digital activities increasingly mirror broader geopolitical tensions.
NATO’s cyber posture strained by patchwork defences and limited coordination
Poland has allocated a record €1 billion to cybersecurity in 2025, aiming to bolster defences across government and industry. However, officials acknowledge that funding alone cannot offset vulnerabilities such as outdated software, insufficient staffing and the rapid evolution of hostile tactics. Despite national investments, European security specialists warn that cyberdefence remains uneven across the continent, creating weak points that adversaries can exploit.
Within NATO, the Cooperative Cyber Defence Centre of Excellence in Tallinn plays a central role in research, training and large-scale exercises such as Locked Shields. The Alliance has significantly increased spending on cyber defences since 2016, yet many member states continue to prioritise national solutions rather than developing shared capabilities. Experts argue that today’s threats require deeper integration, joint initiatives and common operational standards.
By 2025 most NATO members operate primarily under a model of passive defence in cyberspace. Only the United States, the United Kingdom and Canada maintain the capacity and political mandate for sustained offensive or proactive cyber operations. Analysts note that while nearly all Allies are defending, few are prepared to fight. This imbalance, they warn, is already being exploited by pro-Russian hacker networks, which benefit from the Alliance’s hesitancy to acknowledge the existence of an ongoing cyber conflict.
Calls grow for NATO to embrace a more assertive cyber strategy
Military analysts argue that the Alliance must adopt a more proactive posture, including the integration of offensive cyber tools, if it is to deter hostile actors effectively. They recommend overhauling outdated legal frameworks, reforming rigid organisational structures and committing substantially larger resources to cyber capabilities. Without such measures, they caution, NATO risks remaining reactive in a domain where adversaries are increasingly emboldened and where attacks can have immediate consequences for national security, critical infrastructure and military readiness.
