Information Security Management in Polish Manufacturing: Key Insights from a Survey

Purpose of the paper: The research goal was exploratory. Its main objective was to collect data and describe the current state of selected aspects of establishing and maintaining ISMS in Polish manufacturing enterprises. In particular, the focus was on aspects such as the formalization level of ISMS, use of external support by specialized companies, and the budget allocated for information security questions. Design/Methodology/Approach: The survey was conducted using the CATI (Computer-Assisted Telephone Interview) technique. The survey was conducted among 300 companies engaged in manufacturing activities in Poland included in the Dun & Bradstreet database. Selected companies were assigned to one of four employment ranges: Micro (0-9 employees), Small (10-49 employees), Medium (50-249 employees), and Large (over 249 employees). Findings: The text presents the survey results on information security frameworks/methods used by companies, popularity of employees’ certificates, use of external support, budgets allocated on information security management, and formal documentation of ISMS. Practical Implications: The results constitute a knowledge base on the the examined aspects of ISMS in surveyed enterprises and can be a form of the basis for further, more in-depth analysis and research. Originality/Value: To the authors' knowledge, this type of research has not been conducted in Poland yet. The results of this study were presented at 15th Scientific Conference. MASEP 2024 (Measurement and Assessment of Social and Economic Phenomena, 27-28.11.2024, Lodz).