The Government's Cybersecurity Strategy under the microscope of the entrepreneurs' ombudsman

As we read in a press release from the SME Ombudsman, the strategy should be implemented with the principle of proportionality in mind . This is particularly important for micro, small, and medium-sized enterprises, which face significant costs associated with replacing their IT infrastructure .

Mandatory estimation of strategy implementation costs

Majewska advocates for mandatory cost estimation of such an operation for the national economy. This is primarily due to the possibility of a given supplier being deemed high-risk, which would require Polish companies to discontinue their products. Therefore, she believes the strategy should include measures to compensate for the mandatory replacement of IT infrastructure , as well as consider opportunities for additional assistance for domestic manufacturers and suppliers of appropriate equipment, services, and processes.

While the strategy envisages the possibility of implementing support mechanisms for the SME sector, Agnieszka Majewska believes these mechanisms should be mandatory. She also notes that the strategy's implementation should, in accordance with the Business Constitution, assess its impact on micro, small, and medium-sized enterprises.

The strategy is not formulated clearly enough

As Majewska writes, an analysis of the strategy indicates the need to organize key concepts and their interrelationships. In accordance with EU regulations, the strategy sets goals and priorities for network and information systems security at the national level. However, Majewska raises doubts about whether its main goal is formulated precisely enough and whether it takes into account all important elements, such as threat prevention . Due to work on amending the Act on the National Cybersecurity System, which will entail a change in the meaning of key concepts, it is advisable to systematize them in a strategic document.

Majewska also notes the broad scope of the strategy's scope. It encompasses a wide range of bodies, diverse procedures, including administrative and judicial ones, and a large group of entrepreneurs. Therefore, it is essential to supplement the document with a requirement for extensive consultation .

The SME Ombudsman also points out that priority tasks should include stimulating research, development and innovation in the area of cybersecurity in order to strengthen the potential of the national technological and industrial base and the technological sovereignty of our country .