Cybersecurity in the Local Government Sector in Poland: More Work Needs to be Done

More work needs to be done

  • Aneta Chodakowska Poznań University of Economics and Business, Department of Public Finance
  • Sławomira Kańduła Poznań University of Economics and Business, Department of Public Finance
  • Joanna Przybylska Poznań University of Economics and Business, Department of Public Finance
Keywords: cybersecurity, local government, public sector, information security, Poland


Although cybersecurity is an important and complex issue that should be addressed by all government levels, so far little research has been devoted to cybersecurity at the local level. Existing literature lacks information on whether municipalities have implemented cybersecurity policies, if such policies are applied in practice and what they encompass. A CAWI method was used to collect the required data. The results indicate that while most municipalities have a document defining their security policy, they do not always apply it in practice. There is still little awareness regarding countering cyber-attacks. Therefore, more emphasis should be placed on such issues as: integrating cybersecurity policies into local government management, the rising threat of cyber-attacks, consultations with security auditors, and cybersecurity management training. Based on all Polish municipalities, the research described in this paper partly fills the identified gap.


Act of 17 February 2005 on computerization of activities or performing public tasks, Journal of laws, 64(565).

Act of 5 July 2018 on the national cybersecurity system, Journal of Laws, 1560.

Act of 7 May 2010 on supporting the development of telecommunications networks and services, Journal of Laws, 106(675).

Brumfield, C. (2019) Why local governments are a hot target for cyberattacks available at: (November 11, 2021).

Chałubińska-Jentkiewicz, K. (2019) Cyberbezpieczeństwo - kwestie definicyjne, Cybersecurity and Law, 2(2), pp. 7-23.

Chałubińska-Jentkiewicz, K. (2021a). Access to the ICT network as a public task of local government, Lex Localis - Journal of Local Self-Government, 19(1), pp. 175–195.

Chałubińska-Jentkiewicz, K. (2021b) Cybersecurity as a Public Task in Administration., In: Chałubińska-Jentkiewicz, K., Karpiuk, M. & Kostrubiec, J. (eds) The Legal Status of Public Entities in the Field of Cybersecurity in Poland (Maribor: Institute for Local Self-Government Maribor), pp. 19–38,

Chałubińska-Jentkiewicz, K. (2021c) Cybersecurity Policy. In K. Chałubińska-Jentkiewicz, In: Karpiuk, M. & Kostrubiec, J. (eds.) The Legal Status of Public Entities in the Field of Cybersecurity in Poland (Maribor: Institute for Local Self-Government Maribor),

Chatfield, A. T. & Reddick, C. G. (2019) A framework for Internet of Things-enabled smart government: A case of IoT cybersecurity policies and use cases in U.S. federal government, Government Information Quarterly, 36(2), pp. 346–357,

D’Agostino, M., Schwester, R., Carrizales, T. & Melitski, J. (2011) A Study of E-Government and E-Governance: An Empirical Examination of Municipal Websites, Public Administration Quarterly, 35(1), pp. 3-25.

de Bruijn, H. & Janssen, M. (2017) Building Cybersecurity Awareness: The need for evidence-based framing strategies, Government Information Quarterly, 34(1), pp. 1–7,

DiNapoli, T. P. (2016) comptroller Protecting Sensitive Data and Other Local Government Assets: (Issue June), available at: (November 11, 2021).

Eisenstein, L. (2019) Why Municipalities Should Care About Cybersecurity, available at: (November 11, 2021).

Finster, S. & Baumgart, I. (2015). Privacy-aware smart metering: A survey, Privacy-Aware Smart Metering: A Survey, 7(2), pp., 1088–1101,

Fusi, F. & Feeney, M. K. (2018) Electronic monitoring in public organizations: Evidence from USIbr local governments, Public Management Review, 20(10), pp. 1465–1489,

García Zaballos, A. & González Herranz, F. (2013) From Cybersecurity to Cybercrime: A Framework for Analysis and Implementation (Issue September), available at: (November 11, 2021).

Grossmann, T., Knopkiewicz, W., Sebzda-Załuska, J., Szydło, M. & Wilczewski, J. (2013) Ustawa o wspieraniu rozwoju usług i sieci telekomunikacyjnych Komentarz (Warsaw: C.H. Beck).

Hatcher, W., Meares, W. L. & Heslen, J. (2020) The cybersecurity of municipalities in the United States: an exploratory survey of policies and practices, Journal of Cyber Policy, 5(2), pp. 302–325,

Heeringa, S. G., West, B. T. & Berglund, P. A. (2017) Applied Survey Data Analysis, Chapman and Hall/CRC,

Ibrahim, A., Valli, C., McAteer, I. & Chaudhry, J. (2018) A security review of local government using NIST CSF: A case study, The Journal of Supercomputing, 74, pp. 5171–5186,

add author (2015) Jak to jest z cyberbezpieczeństwem w samorządach?,,jak-to-jest-z-cyberbezpieczenstwem-w-samorzadach,akcja,pdf.html (November 11, 2021).

Janowski, T. (2015) Digital government evolution: From transformation to contextualization, Government Information Quarterly, 32(3), pp. 221–236,

Kańduła, S. & Przybylska, J. (2020). Cybersecurity in local government: Essence, tasks and threats, Digital Transformation of the Financial Sector of Economy, pp. 45–46, available at: (November 11, 2021).

Karpiuk, M. (2021a) Organisation of the National System of Cybersecurity: Selected Issues, Studia Iuridica Lublinensia, 30(2), pp. 233–244,

Karpiuk, M. (2021b) The Local Government’s Position in the Polish Cybersecurity System, Lex Localis – Journal of Local Self-Government, 19(3), pp. 609–620,

Karpiuk, M. (2021c) The Tasks of Public Entities within the National Cybersecurity System, In: Chałubińska-Jentkiewicz, K., Karpiuk, M. & Kostrubiec, J. (eds) The Legal Status of Public Entities in the Field of Cybersecurity in Poland (Maribor: Institute for Local Self-Government Maribor), pp. 39–48,

Kesan, J. P. & Zhang, L. (2019) An empirical investigation of the relationship between local government budgets, IT expenditures, and cyber losses, IEEE Transactions on Emerging Topics in Computing, 10.1109/TETC.2019.2915098.

KnowBe4 (2020) The Economic Impact of Cyber Attacks on Municipalities, available at: (November 11, 2021).

Kostrubiec, J. (2021a) Public Entities within the National Cybersecurity System and their Responsibilities, In: Chałubińska-Jentkiewicz, K., Karpiuk, M. & Kostrubiec, J. (eds) The Legal Status of Public Entities in the Field of Cybersecurity in Poland (Maribor: Institute for Local Self-Government Maribor),

Kostrubiec, J. (2021b) The role of public order regulations as acts of local law in the performance of tasks in the field of public security by local self-government in Poland, Lex Localis – Journal of Local Self-Government, 19(1), pp. 111–129,

KPRM (2021) #CyberbezpiecznySamorząd, available at: (November 11, 2021).

Lisiak-Felicka, D. & Pytko, M. (2017) Cyberbezpieczeństwo urzędów gmin w województwie łódzkim, Przedsiębiorczość i Zarządzanie, 18(4), pp. 439–451, (November 11, 2021).

Lohrmann, D. (2019) How Local Governments Can Address Cybersecurity Challenges, available at: (November 11, 2021).

Macmanus, S. A., Caruson, K. & McPhee, B. D. (2013) Cybersecurity at the Local Government Level: Balancing Demands for Transparency and Privacy Rights, Journal of Urban Affairs, 35(4), pp. 451–470, available at: .

Nemet, G. F. (2009) Demand-pull, technology-push, and government-led incentives for non-incremental technical change, Research Policy, 38(5), pp. 700–709,

NIK (2019) Zarządzanie bezpieczeństwem informacji w jednostkach samorządu terytorialnego (add place: add publisher).

Norris, D. F., Mateczun, L., Joshi, A. & Finin, T. (2019) Cyberattacks at the Grass Roots: American Local Governments and the Need for High Levels of Cybersecurity, Public Administration Review, 79(6), pp. 895–904,

Norris, D. F., Mateczun, L., Joshi, A. & Finin, T. (2020) Managing cybersecurity at the grassroots: Evidence from the first nationwide survey of local government cybersecurity, Journal of Urban Affairs, 43(8), pp. 1173-1195,

Peters, M., Schneider, M., Griesshaber, T. & Hoffmann, V. H. (2012) The impact of technology-push and demand-pull policies on technical change – Does the locus of policies matter?, Research Policy, 41(8), pp. 1296–1308,

add author (2020) Projekt Polityki cyfrowej Miasta Stołecznego Warszawy (add place: add publisher).

Reddick, C. G. (2004) A two-stage model of e-government growth: Theories and empirical evidence for U.S. cities, Government Information Quarterly, 21(1), pp. 51–64,

Regulation of 12 April 2012 on the National Interoperability Framework, minimum requirements for public registers and the exchange of information in electronic form, and minimum requirements for ICT systems, Journal of Laws, 526.

Regulation of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), Journal of Laws, 679.

Ruohonen, J. (2020). An Acid Test for Europeanization: Public Cyber Security Procurement in the European Union, European Journal for Security Research, 5(2), pp. 349–377,

Salminen, M. & Hossain, K. (2018) Digitalisation and human security dimensions in cybersecurity: An appraisal for the European High North, Polar Record, 54(2), pp. 108–118,

Schallbruch, M. & Skierka, I. (2018) Cybersecurity in Germany By Martin Schallbruch and Isabel Skierka, Digital Society Institute,

Świtała, K. (2019) Obowiązki jednostek samorządu terytorialnego w Krajowym Systemie Cyberbezpieczeństwa, In: Czaplicki, K., Gryszczyńska, A. & Szpor, G. (eds) Ustawa o krajowym systemie cyberbezpieczeństwa. Komentarz (Warsaw: Wolters Kluwer).

Szabó, Z. (2019) The Effects of Globalization and Cyber Security on Smart Cities, Interdisciplinary Description of Complex Systems, 17(3), pp. 503–510,

Taddeo, M. (2019) Is Cybersecurity a Public Good?, Minds and Machines, 29(3), pp. 349–354,

Wojciechowska-Filipek, S. & Ciekanowski, Z. (2019) Bezpieczeństwo funkcjonowania w cyberprzestrzeni: jednostki – organizacji – państwa. (add place: CeDeWu Sp. z o. o.).

Wolff, J. & Lehr, W. (2018) When cyber threats loom, what can state and local governments do?, Georgetown Journal of International Affairs, 19, pp. 67–75,

Zhao, J. J. & Zhao, S. Y. (2010) Opportunities and threats: A security assessment of state e-government websites, Government Information Quarterly, 27(1), pp. 49–56,