Cybersecurity as a subject of regulation can be found in a number of legal acts, both generally applicable and internal. This type of regulation is also found in the Cybersecurity Strategy of the Republic of Poland. The Strategy, however, as an act of internal law, has limited power. It does not influence external entities and, therefore, cannot form grounds for individual decisions relating to citizens, entrepreneurs, and other entities. Its primary objective of increasing the level of resilience to cyberthreats should be a priority for the state policy.