K0NSULT // ai-truth/ipIII
k0nsult.cloud / ai-truth / ipIII / cyber-map / en

Cyber Map

A multi-dimensional map of classic cyber incidents. The same event set analysed across five dimensions: geography, sector, threat type, threat actor and impact (CIA triad + financial / legal / reputational dimensions). Layer 1 of the K0NSULT model: classic cyber.

🇵🇱 Polski 🇬🇧 English
NOTICE — DEMONSTRATION DATA. All figures and cross-tabs on this page are labelled SIMULATION and are illustrative only. They do not refer to any real entities, regions or events. The filters below are inactive in the demo build — they present the target interface only.

Cross-dimension filters demo — inactive

In the production build the filters narrow every table and map simultaneously (correlated view). In the demo the fields are disabled (disabled) — they serve UI presentation only.
128
Cyber incidents (7 days)
SIMULATION
16
Regions with ≥1 report
full demo coverage
9
Sectors
per NIS2 classification
4.1 M
Est. loss (PLN, demo)
sum of simulated events

1 · Dimension: geography (regions) SIMULATION

Distribution of reports by the location of the affected entity. Demonstration values — they do not reflect a real threat map.

RegionIncidentsP0/P1Dominant typeTrend
Region 1 (capital)344Phishing / BEC▲ +21%
Region 2 (industrial)182Ransomware▲ +9%
Region 3151Vulnerabilities/CVE▬ 0%
Region 4121Phishing▲ +6%
Region 5112DDoS▲ +14%
Region 6 (coastal)91Malware▼ −4%
Region 770Phishing▬ 0%
Other (9 regions)222mixed▲ +5%
Region 1
34
Region 2
18
Region 3
15
Region 4
12
Region 5
11

2 · Dimension: sector SIMULATION

Sectors aligned with the scope of essential and important entities under NIS2. Finance and public administration are the most frequent targets in the demonstration data.

SectorIncidentsMost common vectorAvg. priorityFlag
Finance / banking31Phishing / BEC, fraudP1CRITICAL_INFRA
Public administration24Ransomware, vulnerabilitiesP1NIS2_RELEVANT
Healthcare17Ransomware, data leakP1GDPR_PERSONAL_DATA
Energy12OT/ICS vulnerabilitiesP0CRITICAL_INFRA
Education / research11Phishing, credential theftP2
Transport9DDoS, misconfigurationP2NIS2_RELEVANT
AI / digital providers10Supply chain, model abuseP1AI_ACT_RELEVANT
Media8Deepfake, DDoSP2
NGO / third sector6PhishingP3

3 · Dimension: threat type SIMULATION

Eight categories in the classic-cyber layer. Each type has a dedicated response playbook.

Phishing
39
Vulnerabilities/CVE
25
Credential theft
17
DDoS
14
Ransomware
11
Malware
9
Supply chain
7
Misconfiguration
6

Playbooks: phishing · ransomware · DDoS · vulnerabilities · data breach · supply chain

4 · Dimension: threat actor SIMULATION

The attribution category carries an evidence status — attribution without proof stays in GAP or DISPUTED status and is never presented as fact.

Threat actorShareTypical modusAttribution status
Cybercrime (financial motive)47%Phishing, ransomware, BECCONFIRMED
Bot / automated scan21%Vulnerability scan, credential stuffingCONFIRMED
APT (advanced group)11%Supply chain, long persistenceDISPUTED
Insider8%Privilege abuse, exfiltrationMEDIA
Hacktivist6%DDoS, defacementPUBLIC
AI agent (abused / hijacked)4%Agent hijack, API abuseCONFIRMED
Unattributed3%GAP

5 · Dimension: impact (CIA + dimensions) SIMULATION

Impact is assessed against the CIA triad (confidentiality / integrity / availability) plus three secondary dimensions: financial, legal and reputational.

Confidentiality (C)

Breached in 38 events. Mainly data leaks, credential theft, misconfiguration.

GDPR_PERSONAL_DATA

Integrity (I)

Breached in 19 events. Ransomware (encryption), data tampering, defacement.

high impact

Availability (A)

Breached in 27 events. DDoS, ransomware, post-attack outages.

NIS2_RELEVANT

Financial dimension

Est. total loss 4.1 M PLN (demo). Fraud, ransom, downtime, remediation.

Legal dimension

14 events with a reporting obligation: GDPR 72h, NIS2 24/72h, national cyber-security act.

→ Legal Board

Reputational dimension

6 events with media exposure / risk of losing customer trust.

Sector × type matrix SIMULATION

Cross-tab table: concentration of threat types across selected sectors (demonstration numbers).

Sector \ TypePhishingRansomwareDDoSVulnerabilitiesLeak
Finance143464
Administration76272
Healthcare45134
Energy21171
Education60122
Methodology. The Cyber Map is layer 1 (classic cyber) of the three-layer K0NSULT model. Layer 2 (AI / agentic incidents) is presented separately on the AI Risk Map, and layer 3 (legal breaches) on the Legal Board. Every event runs through the chain: REPORT → EVIDENCE → STATUS → CLASSIFICATION → RISK → PLAYBOOK → ACTION → VALIDATION → REPORT. Offensive content is limited to methodology (MITRE ATT&CK); attack scenarios are labelled SIMULATION with no payloads. Regulatory frameworks (AI Act art. 73, NIS2, GDPR art. 33/34, DORA) are referenced for education only and do not constitute certification.
Report an incidentIncident IntakeClassificationPlaybook