Poland’s opportunity
State of play
parallax background

Cybersecurity is a boardroom issue

It starts with the CEO

May 3, 2023

8 min read

By

May 3, 2023

By

8 min read

Cybercrime is expected to cost the world eight trillion US dollars in 2023, and 10.5 trillion US dollars by 2025, according to Cybersecurity Ventures, which monitors the global cyber economy. In 2015, the figure was just three billion US dollars.

Indeed, if it were measured as a country, cybercrime would be the world’s third largest economy after the US and China. 

None of this is surprising. The Covid-19 pandemic, coupled with the rapid adoption of internet-facing devices of all kinds as a component of accelerating digital transformation, has greatly increased the attack surface of our digital world. 

Then there are nation state actors, launching increasingly sophisticated cyberattacks designed to evade detection and further their strategic priorities. In its latest Digital Defense Report, Microsoft suggests that, “the advent of cyberweapon deployment in the hybrid war in Ukraine is the dawn of a new age of conflict”. 

From backroom to the boardroom 

Be they criminal gangs, individuals or nation states, cybercriminals are exploiting weaknesses to access networks, disrupt supply chains, attack critical infrastructure, or simply weaken digital capacity. 

For governments, as demonstrated by Ukraine’s resilience in the face of Russia’s digital attacks, cybersecurity has become a crucial part of their defence systems. Presidents and prime ministers are increasingly taking a leading role, ensuring that cyber defence capabilities are given the funding and resources that they need. 

In the business world, things are no different: cybersecurity has gone from being a backroom IT concern to a boardroom issue.  

According to Mikołaj Woźniak, risk and regulatory leader for PwC Central and Eastern Europe, “Today when geopolitics and cyber mix, cyber begins to be etched on the C-level agenda. CEOs and boards want to know what is the risk exposure to these developments. Geopolitical environment and rapid digitisation continue to focus the attention of businesses on cyber risk. And in response to these threats CEOs are increasing investment in cybersecurity and data privacy.” 

As organisations continue to digitise and rely on technology, the risk of cyber attacks increases, making it essential for organisations to address cybersecurity risks as part of their overall risk management strategy.  

Furthermore, regulatory requirements for data protection and cybersecurity have become stricter, and organisations that fail to comply with these regulations can face severe financial and legal penalties. 

“Cybersecurity is the foundation for digital progress,” says Kostas Loukas, general manager, Enterprise, Microsoft South East Europe. “It gives business leaders the confidence to embrace the shift to the digital economy. It helps governments protect critical state functions and the public services on which we all rely. And it gives all of us the peace of mind to live our digital lives to the fullest, knowing our personal data is secure and private.” 

Most board members are not cyber experts, yet boards have an obligation to understand and oversee this significant risk. They need active engagement with leadership, access to expertise, and robust information and reporting from management. 

“CEOs recognise that cyber is a business imperative—one that the CISO cannot, and should not, tackle alone,” says Piotr Urban, partner at PwC Poland. “CISOs are seizing the initiative to truly lead—to step out of their independent cyber-specialist role and into one of partnering with not just a few executives but the entire C-suite.  

“Among them are executives responsible for the overall business (CEO), management oversight and governance (Board), technology infrastructure (CIO/CTO), cyber investments (CFO), operations and supply chain (COO), risk management (CRO), data (CDO/CPO) and human resources (CHRO). These collaborations have never been more critical.” 

Peter Durojaiye, partner, cybersecurity leader for PwC Central and Eastern Europe adds: “When it comes to cybersecurity, the focus needs to be on working together as a unified whole, from the tech stack to the boardroom — starting at the top with the CEO. Security is a concern for the entire business, in every function and for every employee.” 

Loukas of Microsoft agrees. “Both private and public organisations are focused on strengthening resiliency to mitigate today’s threats, even as new ones continue to emerge. That’s why cybersecurity has gone from backroom IT concern to boardroom issue,” he adds. 

Faster adoption 

To unlock faster digital progress and the economic and societal benefits it can deliver, business leaders and policy makers need to place a renewed and sustained strategic emphasis on security.   

The good news is that this is happening, if not, perhaps, as universally as it should. More than 70 per cent of the 3,522 business and tech executives surveyed in PwC’s 2023 Global Digital Trust Insights Survey saw improvements in their enterprise’s cybersecurity this year—thanks to cumulative investments and C-suite collaboration.  

In Central and Eastern Europe, the figure is around 60 per cent. 

Nevertheless, of those surveyed, only 31 per cent in CEE, and fewer than 40 per cent globally feel very confident in their current mitigation of emerging risks. Senior executives worry that their enterprise isn’t fully prepared to address heightened threats. 

In PwC’s annual Global CEO Survey, the geopolitical environment and rapid digitisation continue to focus CEO attention on cyber risk. Some 34 per cent of CEOs in CEE and 48 per cent globally say they are increasing investment in cybersecurity or data privacy in response to rising geopolitical conflict. 

‘Security isn’t a one-team job’ 

Cybersecurity cannot and should not be treated as a product that gets added on top of or parallel to other business software solutions. It has to be incorporated by design, meaning any product and service is designed with built-in security elements. 

Ultimately, cybersecurity today is a signals game – and it’s rapidly evolving from a case of being reactive, to being predictive. Microsoft, which has an unparalleled view of the evolving threat landscape, synthesizes 65 trillion signals a day—across all types of devices, apps, platforms, and endpoints. 

UiPath is a next-generation robotic process automation (RPA) software provider that organisations rely on for help in removing tedium for employees and to realise maximum operational value. With multiple clouds and a sizable on-premises estate to protect, it deploys Microsoft Azure Sentinel, a scalable, cloud-native security solution to create a complete, tightly meshed cybersecurity strategy. 

A critical part of that strategy is collaboration between the security team and the engineering teams. “Security isn’t a one-team job,” says Cody Nicewanner, manager of cloud security and compliance at UiPath. “It must be a collaboration across various teams.” 

At PGE, Poland’s largest power producer, security is also underpinning its digital transformation. Migration of processes to the cloud has enabled the highest level of cybersecurity at PGE, including ensuring the safe transfer of data outside Poland and thus business continuity in the event of a threat of attack. 

“Modernising the way we work was a challenge due to the size of the organisation,” says Szymon Ferens, vice president of the Management Board of PGE Systemy. “At the PGE Group, we are aware that digitisation involves a new work culture and the inclusion of all employees in the transformation process.” 

Indeed, what it means to be ‘safe and secure’ has changed, says Microsoft’s Loukas. Organisations can no longer ‘go it alone’ – it’s instrumental that they work with partners and peers who share the same values.  

“This includes skilling,” adds Loukas. “With increasing threats and an accelerating shift to a digital-first economy, the need for skilled cybersecurity professionals has never been higher. But supply is not keeping up with demand, and public and private organisations need to work together to rapidly train the next cohort of cybersecurity professionals and close this gap.”

The right ecosystem

While an increasing number of firms understand the importance of making cybersecurity a cross-company issue, from boardroom down, there are plenty which still need to be nudged in the right direction.  

PwC recently helped a German chemical manufacturer by carrying out a cyber hygiene assessment, powered by Tanium, that gave a very powerful risk picture that the board of the firm understood immediately.  

This then provided a blueprint that allowed the firm to leverage the right ecosystem of technologies, such as Microsoft Azure Sentinel, and bridge the gap between IT operations and security. 

For many firms, a lack of cybersecurity solutions is often not the key issue. Instead, some simply have too many. 

Indeed, Microsoft research shows that large organisations have an average of 75 security solutions. This complexity and discord between multiple security solutions is not just a burden, but also increases vulnerability.   

“Our comprehensive security solution helps protect our customers’ entire digital estate, whether they have adopted a single, multi- or hybrid cloud approach. This helps them simplify their approach to security through consolidation – and realise up to 60 per cent cost savings, so they can do more with less,” says Microsoft. 

“Anything less than a comprehensive approach to security is no security at all,” adds Loukas. With the right direction and professional support, that comprehensive approach needn’t be overly complex, nor costly. That’s something all C-level executives can get behind. 

“If business leaders and policy makers want to unlock faster digital progress and the economic and social benefits this can deliver, they need to place a renewed and sustained strategic emphasis on security,” he concludes. 

Marek Grzegorczyk

Marek Grzegorczyk

Marek Grzegorczyk is an analyst at Reinvantage.

Share

You might also find these insightful

Case study: Global technology company

1. The Client

A global technology company operating across EMEA, with a regional HQ in Istanbul. The company manages 20+ markets, handling everything from brand campaigns to strategic partnerships.

Role we worked with: The EMEA Head of Marketing (supported by two regional managers).

2. The Challenge

Despite strong products and a respected global brand, the regional team was struggling with:

  • Misaligned strategy across markets → campaigns executed with inconsistent narratives.
  • Slowed growth → lead generation plateaued despite increasing spend.
  • Internal friction → marketing, sales, and product teams disagreed on KPIs and priorities.

Traditional fixes (more meetings, more reporting) only created more noise.

3. The Sprint

We ran a 10-day Remote Reinvention Sprint with the regional HQ team.

  • Day 1–3: Intake → Reviewed decks, campaign data, and plans.
  • Day 4: Sprint Session (90 mins) → Breakthroughs:
    • Sales and marketing had different definitions of “qualified lead.”
    • 40% of spend was going into low-potential markets.
    • The team assumed the problem was lack of budget, but it was actually lack of alignment.
  • Day 5–10: Synthesis → Insights distilled into a Clarity Brief + Insight Canvas.
4. The Breakthrough

The Sprint uncovered that the issue wasn’t budget, but fragmentation.
Three sharp insights unlocked a way forward:

  1. Unified KPIs bridging marketing + sales.
  2. Market prioritisation → shifting budget to 5 high-potential markets.
  3. Simplified narrative → one EMEA core story, locally adaptable.
By just realigning resources and focus, the client could unlock an estimated £250,000 in efficiency gains within the next 12 months — far exceeding the Sprint’s value guarantee. The path to higher returns was already inside the business, hidden by misalignment.
5. From Sprint to Action (4 Pillars Applied)

With clarity secured, Reinvantage didn’t suggest “more projects.”

Instead, we used the Sprint findings to create laser-focused next steps — drawing only from the areas that would deliver the most impact:

  • Readiness → Alignment workshops for sales + marketing teams. New playbooks clarified “qualified lead” definitions and reduced internal disputes.
  • Foresight → A market-opportunity scan identified which 5 countries would deliver the highest ROI, removing the guesswork from allocation.
  • Growth → Guided the reallocation of €2M budget and designed a phased rollout strategy that protected risk while maximising return.
  • Positioning → Built a messaging framework balancing global consistency with local nuance, ensuring campaigns spoke with one clear voice.

Because the Sprint had stripped away noise, these actions weren’t generic consulting ideas — they were directly tied to the breakthroughs.

6. The Results
  • +28% increase in qualified leads across the region.
  • 30% faster campaign rollout due to streamlined approvals.
  • Budget efficiency gains → €2M redirected from low-return to high-potential markets.
  • Internal cohesion → marketing + sales now use a single shared dashboard.
The client came in believing they needed more budget.
The Sprint revealed that what they really needed was clarity and alignment.

With that clarity, the four pillars became not theory, but practical tools to deliver measurable impact.

The Sprint guaranteed at least £20,000 in value — but in this case, it helped unlock more than 10x that within six months.

Case study: Regional VC fund & accelerator

1. The Client

A regional venture capital fund and accelerator focused on early-stage tech start-ups in the Baltics and Central Europe.

The fund had raised a new round and was under pressure to deliver stronger returns while also building its reputation as the go-to platform for founders.

Role we worked with: Managing Partner, supported by the Head of Portfolio Development.

2. The Challenge

Despite a promising portfolio, results were uneven.

Key issues:

  • Scattered portfolio support → no consistent playbook for start-ups, every partner did things differently.
  • Weak differentiation → founders and co-investors saw the fund as “one of many” in the region.
  • Stretched team → too many small bets, not enough clarity on which companies to double down on.

The leadership team knew something was off, but disagreed on whether the issue was pipeline quality, market conditions, or internal capacity.

3. The Sprint

We ran a 10-day Remote Reinvention Sprint with the partners and portfolio team.

  • Day 1–3: Intake → Reviewed pitch decks, pipeline funnel data, and start-up performance reports.
  • Day 4: Sprint Session (90 mins) → Breakthroughs:
    • No shared definition of a “high-potential founder.”
    • Support resources were spread too thin across the portfolio.
    • The fund’s positioning was more reactive than proactive — it didn’t own a distinctive narrative in the market.
  • Day 5–10: Synthesis → Insights consolidated into a Clarity Brief + Insight Canvas.
4. The Breakthrough

The Sprint revealed that the challenge wasn’t pipeline quality — it was lack of focus and positioning.

Three core insights provided the turning point:

  1. Portfolio Prioritisation Framework → defined clear criteria for where to double down.
  2. Founder Success Playbook → standardised support model for portfolio companies.
  3. Differentiated Narrative → repositioned the fund as “the accelerator of reinvention-ready founders.”
These shifts alone gave the fund a path to add an estimated £2M+ in portfolio value over the following 18 months, by concentrating capital and resources where they could move the needle most.
5. From Sprint to Action (4 Pillars Applied)

With clarity from the Sprint, Reinvantage created a tailored support plan:

  • Readiness → Coached partners on using the new prioritisation framework and trained the team on deploying the Founder Success Playbook.
  • Foresight → Ran scenario analysis on regional tech trends, helping the fund anticipate where capital would flow next.
  • Growth → Guided resource reallocation across the portfolio and supported new co-investor pitches for top-performing start-ups.
  • Positioning → Crafted a sharper brand story for the fund, positioning it as the reinvention partner for globally minded founders.
6. The Results
  • 10 portfolio companies onboarded to the new Playbook → greater consistency of support.
  • Raised follow-on capital for 3 top start-ups with the new prioritisation framework.
  • +26% increase in inbound deal flow from founders citing the fund’s new positioning.
  • Stronger internal cohesion → partners aligned on where to focus resources.
The client thought the problem was pipeline quality.
The Sprint showed it was actually lack of clarity and focus inside the firm.

By applying the four pillars, Reinvantage helped turn scattered effort into concentrated value creation.

The Sprint guaranteed at least £20,000 in value; here it set the stage for multi-million-pound upside in portfolio growth.

Case study: International impact Organisation

1. The Client

A large international impact organisation focused on entrepreneurship and economic empowerment.
The organisation runs multi-country programmes across Eastern Europe and Central Asia, often in partnership with global donors and corporate sponsors.

Role we worked with: Senior Programme Director, responsible for regional coordination.

2. The Challenge

The organisation had launched a flagship regional initiative supporting women entrepreneurs, but the programme was underperforming.

Key issues:

  • Fragmented delivery → each country office interpreted the programme differently.
  • Donor frustration → reporting lacked consistency and clear impact metrics.
  • Lost momentum → staff energy was spent on administration rather than scaling success stories.

Traditional programme reviews had produced long reports, but no real alignment or action.

3. The Sprint

We ran a 10-day Remote Reinvention Sprint with the regional leadership team and representatives from two country offices.

  • Day 1–3: Intake → Reviewed donor reports, programme KPIs, and field feedback.
  • Day 4: Sprint Session (90 mins) → Breakthroughs:
    • Donors cared about quantifiable outcomes, but reporting focused on stories.
    • Staff were duplicating efforts across countries, wasting time and resources.
    • The initiative lacked a clear theory of change — everyone described its purpose differently.
  • Day 5–10: Synthesis → Insights distilled into a Clarity Brief + Insight Canvas.
4. The Breakthrough

The Sprint revealed that the issue wasn’t donor pressure or programme design — it was a lack of shared framework and alignment.

Three critical insights reshaped the path forward:

  1. One Unified Theory of Change → agreed narrative for why the programme exists.
  2. Core Impact Metrics → clear, comparable KPIs across all countries.
  3. Smart Resource Sharing → digital hub to stop duplication and accelerate knowledge flow.
By eliminating duplicated reporting and clarifying what success looks like, the client saw they could save the equivalent of £100,000 in staff time annually — while also unlocking stronger donor confidence and follow-on funding opportunities.
5. From Sprint to Action (4 Pillars Applied)

Armed with Sprint clarity, Reinvantage proposed a laser-focused support plan:

  • Readiness → Trained programme leads on using the new metrics and integrated them into existing workflows.
  • Foresight → Analysed donor trends and expectations, aligning the initiative with the next funding cycle.
  • Growth → Developed a funding case based on the new unified theory of change, securing higher renewal chances.
  • Positioning → Crafted a regional success narrative and storytelling toolkit, helping them showcase results consistently across markets.
6. The Results
  • 30% less time spent on reporting → freed capacity for programme delivery.
  • Donor satisfaction improved → positive feedback on the clarity of impact evidence.
  • Secured new funding commitment → one major donor increased their contribution by 20%.
  • Stronger internal morale → staff felt they were working with clarity, not chaos.
The client thought it needed better donor management.
The Sprint revealed it needed a shared foundation across its teams.

By anchoring on the four pillars, Reinvantage turned alignment into efficiency gains and fresh funding opportunities.

The Sprint guaranteed at least £20,000 in value; here it unlocked both six-figure savings and future-proofed funding.

Case study: National digital development agency

1. The Client

A national digital development agency tasked with driving the government’s digital transformation agenda, including e-services, citizen portals, and smart city pilots.

Role we worked with: Director of Digital Transformation, supported by IT and service delivery leads from three ministries.

2. The Challenge

The agency had strong political backing but faced hurdles in implementation.

Key issues:

  • Siloed projects → each ministry developed digital tools independently, leading to duplication.
  • Citizen frustration → services were digital in name, but still required multiple logins and offline steps.
  • Funding pressure → international partners demanded clearer impact in the short term.

The agency wanted to accelerate momentum but struggled to get alignment across ministries.

3. The Sprint

We ran a 14-day Immersive Reinvention Sprint with the agency’s leadership and digital focal points from three ministries.

  • Day 1–3: Intake → Reviewed strategy docs, donor reports, and citizen feedback data.
  • Day 4: Immersive Sprint Session (half-day) → Breakthroughs:
    • Each ministry had different definitions of “digital service.”
    • 20% of budget was going into overlapping pilot projects.
    • Citizens’ top frustrations were known — but not prioritised.
  • Day 5–14: Synthesis → Insights consolidated into a Clarity Brief + Insight Canvas.
4. The Breakthrough

The Sprint revealed that the biggest blocker wasn’t lack of funding, but lack of shared priorities.

Three practical insights stood out:

  1. One Definition of Digital Service → agreed across ministries.
  2. Quick-Win Prioritisation → focus on top 3 citizen pain points (ID renewal, business registration, healthcare booking).
  3. Shared Resource Map → pool budgets to eliminate duplication.
These changes alone allowed the agency to unlock £75,000 in immediate savings and deliver 2–3 visible improvements in the next quarter — meeting donor expectations and building citizen trust.
5. From Sprint to Action (4 Pillars Applied)

Based on the Sprint clarity, Reinvantage proposed a modest, targeted package of support:

  • Readiness → Facilitated inter-ministerial workshops to embed the “one digital service” definition.
  • Foresight → Analysed citizen feedback trends to shape the quick-win roadmap.
  • Growth → Supported the reallocation of funds to joint projects, reducing overlap.
  • Positioning → Crafted a communication plan highlighting early digital wins to donors and citizens.
6. The Results
  • 2 pilot services integrated into the central portal (ID renewal + healthcare booking).
  • Budget savings of £75,000 from eliminating overlapping projects.
  • Citizen satisfaction up modestly → call centre complaints on digital services dropped by 12%.
  • Donor confidence improved → short-term impact report received positive feedback.
The client thought it needed more funding and bigger projects.
The Sprint revealed it first needed clarity and alignment.

By applying the four pillars to a targeted scope, Reinvantage helped deliver visible results within a single quarter — proving progress to citizens and donors and laying the groundwork for deeper transformation.