Comparative study of governmental approaches to the security of critical information systems

Abstract

The aim of this study is to conduct a comparative analysis of national strategies and legal mechanisms for the protection of critical information systems in Poland, the Netherlands, Ukraine, and Canada. The research methodology is based on a theoretical analysis of national legislative acts, strategic documents, and international reports, which enabled the systematisation and comparison of institutional and regulatory approaches. It was found that despite common challenges – such as the rising number of cyber threats, reported by 72% of organisations, and the significant impact of incidents on 59% of companies – the examined countries have developed three distinct protection models. Poland and the Netherlands exemplify a European approach focused on the implementation of EU directives, which aim at harmonising requirements and creating a unified market for cybersecurity services. Ukraine’s model, shaped by wartime conditions, is centred on military cyber defence and crisis response. Canada’s model, where 51% of public cybersecurity investments are allocated at the provincial level, is characterised by federal partnerships and decentralisation. The study confirmed that the key issues for all countries remain the shortage of qualified personnel – as 47% of EU operators do not plan to expand their staff – and a significant disparity in security maturity, with 90% of companies being technically unprepared to face modern threats. The practical significance of the study lies in its potential to inform the improvement of national cybersecurity policies through the synthesis of practices from different regulatory models, thereby contributing to the development of more resilient and adaptive national protection systems capable of effectively countering both state and non-state cyber threats.