Ukrainian cyber defense against Russian hackers: Are state registries secure enough, and how is the cybersecurity industry evolving?

On this basis, the Ukrainian cybersecurity industry has expanded, comprising both popular imported solutions and local developments. Back in 2016, the Ukrainian cybersecurity market was valued at $32 million, and by 2024, it has grown to $138 million, according to a study by consulting firm Data Driven. It has the potential for further growth, with projections indicating that by 2029, this market will reach $209 million.

“Certainly, the market is primarily growing due to the geopolitical situation. Continuous threats from state-sponsored hacker groups (for instance, those linked to Russia) stimulate demand for modern cybersecurity solutions,” says Anton Basistyy, manager of committees at the “European Business Association.” “Secondly, there is a high level of digitalization in the country. The more processes are digital, the more protection is needed for these networks.”

“Currently, unfortunately, the war is a significant factor contributing to the growth of the cybersecurity industry. Democratic countries have long recognized that modern hybrid warfare is conducted not only in kinetic space but also in cyberspace, and warfare in cyberspace has fewer restrictions,” agrees Sergey Kharyuk, executive director of AmonSul, a cybersecurity company. “Considering these risks and understanding that Ukrainian specialists possess unique experience, Western companies increasingly seek assistance from Ukrainian firms.”

How Painful Are Cyberattacks?

The very first cyber incident in the world occurred in 1962 when the passwords of the Massachusetts Institute of Technology's internal network in the USA were made public. Since then, attacks have become more complex and sophisticated, not just sowing chaos on the internet but achieving specific goals—sometimes as part of a broader strategy, such as hybrid warfare.

In Ukraine, one of the largest cyberattacks in the country’s history took place on December 19, 2024. Hackers targeted the Ministry of Justice's registries, disrupting the operation of vital information systems such as the Unified State Register of Legal Entities, the Civil Status Acts Register, the “Diia” mobile application, and state programs “eOselya” and “eVidnovlennia,” as well as halting worker reservations. This is a serious attack, as according to Data Driven's research, over 60% of Ukrainian citizens utilize government digital services.

The Ministry of Justice expects full recovery of the systems from that cyberattack by the end of January and has announced the creation of an additional protection system for state registries.

“Judging by the results, the registry system is indeed insufficiently protected, but it cannot be said that it was completely unprotected. It was protected adequately,” says Konstantin Korsun, a cybersecurity expert and former head of the governmental Cyber Threat Response Center Cert UA. “Primarily, there was a lack of qualified personnel in cybersecurity. Moreover, the protection system was underfunded—on a residual basis, meaning it relied on leftover funds after digitalization expenses.”

Among other incidents, it is worth mentioning a powerful attack on the mobile operator Kyivstar in December 2023, when the company’s services ceased to function. Recent incidents also include a failed attempt by Russian hackers from the notorious Sandworm group—they created websites mimicking the “Army+” application to gain access to Ukrainian military information.

The most active Russian hacker group is UAC-0010, which, according to Data Driven's research, is linked to the FSB of Russia. It is capable of carrying out around 15 attacks against Ukraine each month.

“No system can be completely secure. It is important to understand that behind these cybercrimes are not isolated hackers, but organized groups with significant resources and high levels of training,” notes Maria Shevchuk, executive director of the IT Association.

“Cyberattacks have various objectives: espionage, denial-of-service attacks, attacks on electrical networks, propaganda attacks, financial attacks. Each of these causes significant damage—financial, temporal, security-related, as well as social (impact on the population, erosion of trust)—and usually, all these losses occur simultaneously and in a complex manner,” emphasizes Anton Basistyy from the “European Business Association.”

According to Data Driven's estimates, in 2022 alone, when the full-scale war began, the losses of Ukrainian citizens from cybercrime amounted to a staggering 968 million hryvnias, compared to 484 million the previous year.

However, from another perspective, such experiences with powerful cyberattacks make the Ukrainian cybersecurity industry unique. But this uniqueness also needs to be leveraged.

“In the domestic market, instead of supporting local producers, state structures—such as the Ministry of Digital Transformation—receive free licenses [for cybersecurity solutions] from Western companies, passing on information about cyberattacks,” explains Sergey Kharyuk from AmonSul. “This leads to Ukrainian experience and knowledge being transferred to Western companies for relatively low prices, while local products do not develop.”

How the Ukrainian Cybersecurity Industry is Structured

In Ukraine, the cost of cybersecurity in current conditions is approximately $500 per year per employee, according to Data Driven's research. But this is in an ideal scenario. Such protection includes, in addition to appropriate cyber solutions, monitoring employee behavior to ensure they act responsibly in the digital space and are not exposed to risks, as well as various simulations of cyberattacks on the company's IT systems.

In reality, even in Poland, where the cybersecurity industry is significantly larger than Ukraine's, amounting to $800 million, the spending on cybersecurity per employee is around $47 per year.

In Ukraine, large companies spend an average of 10-15% of their annual budget on cybersecurity, while smaller companies spend over 20%. At the same time, 63% of companies use imported protection systems, whereas only 37% opt for products from Ukrainian developers. Notably, 61% have not even received offers regarding Ukrainian cybersecurity developments, indicating that there is significant room for market growth.

Sometimes, for better protection against cyberattacks, it is necessary not only to acquire modern solutions but also to simply refrain from using certain software. This has occurred in Ukraine, where the accounting departments of many companies traditionally used Russian software.

“It is worth noting the efforts of the public and the government in combating software from the Russian Federation (for example, '1C' and other accounting and tax solutions). According to open information, starting from the second year of the war, around 10-15 thousand companies have abandoned the use of this product, which was not observed before,” emphasizes Anton Basistyy from the “European Business Association.”

Currently, a key sponsor of the Ukrainian cybersecurity industry is assistance from international partners. Since the beginning of the full-scale invasion, the US agency USAID has aimed to provide $38 million in grant assistance to Ukrainian cybersecurity initiatives. The European Union has allocated $10 million in grants for the same purposes.

However, almost all experts and representatives of the cybersecurity industry surveyed complained that the sector still does not receive sufficient investments to develop both its strengths and new developments.

“The current level of investment is insufficient to fully realize the potential of the cybersecurity market. The main barriers include the war, overall instability, lack of qualified personnel, and low business awareness of the need for cybersecurity, making this industry risky for investments,” says Maria Shevchuk, executive director of the IT Association.

Moreover, Ukrainian products struggle to compete with global players who provide licenses for free, shares Sergey Kharyuk from AmonSul.

This VPN service is tailored to meet the needs of both businesses and the public sector. “Our mission is to provide an affordable, technologically advanced solution that helps even small Ukrainian companies protect their data and infrastructure from cyberattacks. We aim to create a product that combines innovation, ease of use, and competitive pricing,” says Kharyuk.

At Oberig IT, a company offering a wide range of cybersecurity solutions, they reported that the highest demand among their clients is for the following services:

• deep monitoring for threat detection (solutions from Carbon Black, Symantec, Fidelis);
• minimization of administrator rights abuse risk (solution from Delinea, FUDO);
• multi-factor authentication (Symantec, OneSpan);
• email protection (Symantec, Forcepoint);
• cloud environment and application protection (Tenable, Aglosec).

In another Ukrainian company specializing in cybersecurity, InDevLab, they discuss the popularity of such services:

• IT systems and process audits;
• building a secure IT environment that can withstand high loads and cyberattacks;
• adapting and building IT systems in accordance with international standards.

Overall, in Ukraine, technologies such as network security dominate the cybersecurity sector, which is expected to maintain a 36% market share until 2029, according to Data Driven’s research. Meanwhile, cloud security technology is projected to grow the fastest