Cyber-Compliance Audit

Most Polish companies learn about a break-in an average of 194 days after the event

This is not scaring, it's a statistic from our 483 audits conducted since September 2016. At Conner Whitlock, we don't play with theoretical security considerations. We enter your company in Warsaw or remotely, check servers, logs, and procedures, and after exactly 9 working days, we put a concrete list of errors on the table. Without fluff and technical babble that no one on the board understands.

Our team, currently numbering 14 specialists, focuses on what realistically threatens your money. In 2024, we detected an average of 7 critical gaps in every investigated network, which allowed for taking over the president's account in less than 23 minutes. We check if your backups actually work or just pretend to be made. Hard facts on the table: 94.6% of companies that came to us had poorly configured remote access for employees.

Compliance with the NIS2 directive and standards for 2025

Regulations change faster than IT departments can keep up with updates. If your company is subject to new EU regulations, the lack of an audit is asking for a financial penalty, which in 2025 could amount to several million zlotys. We know the realities of Polish companies and know you don't have time to read 300 pages of an act. That's why our report contains a 'Compliance in a nutshell' section, where it's clear what you must sign and what to install so that an office inspection ends in 15 minutes.

• Verification of 217 key network touchpoints.
• Phishing vulnerability tests targeted at management staff.
• Checking physical security of server rooms and office at ul. Modlińska or your location.
• Analysis of contracts with IT subcontractors regarding liability for data leaks.

Without redundant costs and hardware replacement

Honestly, it often turns out that you don't have to buy new firewalls for 80,000 PLN. Usually, it's enough to correctly configure what you already have and train people not to click on suspicious attachments from 'accounting'. Our audit is not a shopping list, but a corrective plan. If something works, we say it directly. If something is to be thrown away, we explain why, based on data from the last 3.2 years of attacks in your industry.

Perhaps you think your company is too small to be a hacker's target. This is a mistake that cost one of our logistics clients 234,000 PLN in one weekend of May 2024. We recovered their data, but no one will return the stress and lost orders. It's better to pay for an audit now than for a ransom in cryptocurrencies later. Heads-up: we don't take every job — if your IT claims 'everything is great' and doesn't want to cooperate, we'll decline at the start.

P.S. We closed our fastest audit in 6 days, but standardly stick to the 9-day deadline to ensure nothing escaped our attention.

"I was afraid that the audit would stop production for a week. The Conner Whitlock team came in on Tuesday, and by Thursday we had a list of fixes without a minute of office downtime."
— Andrzej Wiśniewski, Operations Director, Logis-Pol Ltd., July 2024