Cybersecurity in France: Recent incidents and how to manage them
Wed 26 Apr 2023
France is ranked in the top ten countries best prepared against cyberattacks by the National Cyber Security Index (NCSI) and third in the world for its commitment to cybersecurity according to the Global Cybersecurity Index (GCI).
Despite this strong standing, an Ipsos and Sopra Steria study revealed that 82% of French respondents are worried about worldwide cyberattacks, while 79% are concerned about cybersecurity in France.
Cybersecurity Incidents in France
A cyber attack in December 2022 at a hospital in Versailles caused major damage and lead to operations being cancelled and some patients were transferred to other locations.
According to reports, the hospital had already fought off several other cyber attacks in recent months. If a ransom was not paid, hackers said that patient information would be released on the dark web. After refusing to pay the ransom, some health data was published online, opening the hospital up to more fraud risks.
More recently, France’s National Assembly website was hit with a distributed denial-of-service attack claimed by pro-Russian hackers.
Unfortunately, these types of attacks are not rare and businesses of all sizes in France face these challenges on a daily basis. A concerning 73% of French organisations experienced ransomware attacks in 2021 and the country remains among the top ten countries with the highest average total cost of a data breach.
When it comes to defending against these attacks, French businesses allocate 10.7% of their IT budget to securing company information, falling below the global average of 12.7%. Additionally, only 32.3% of French companies use cloud-based security solutions to protect their workloads, making it the third-lowest country with an interest in these solutions.
Legislative Response to Cybersecurity Threats
In response to growing cybersecurity threats, a new law in France came into force in April 2023, ruling that victims of cyberattacks will have 72 hours to report an incident, or ‘complaint’, in order to receive reimbursements under their cybersecurity insurance policy. Alongside this law, the country has established special police units that are tasked with combating cybercrime.
The Network and Information Systems Security Act, passed in 2018, is another significant piece of legislation in France aimed at strengthening cybersecurity. This law imposes stringent requirements on operators of essential services and digital service providers, mandating they implement necessary measures to manage risks and protect their networks and information systems.
Building a Robust Cybersecurity Ecosystem in France
To further support the development of a robust cybersecurity ecosystem, the French government has initiated several public-private partnerships and established a national cybersecurity agency, ANSSI (Agence nationale de la sécurité des systèmes d’information). This agency is responsible for providing guidance, implementing preventive measures, and coordinating response efforts in the event of a cyber crisis.
The French government has also recognized the importance of international cooperation in combating cyber threats. France has established partnerships with the UK, China, and the USA to build a more effective cybersecurity strategy and has actively participated in international cybersecurity forums such as the Paris Call for Trust and Security in Cyberspace.
Following the increasing number of cybercrimes in France, more and more companies are working to protect themselves from risks. Obtaining the talented staff that are often required to build a solid cyber defence can be difficult in the country due to an acute lack of cyber experts.
A new Cyber Campus was built last year as part of a cybersecurity strategy that seeks to attract skilled tech workers to the country. Located in the capital’s business district, a range of organisations are based at the Eria Tower, including multinationals like Orange and Thales, as well as smaller start-ups and research firms.
“Digital technology brings hope and a future, but it also brings threats. In the face of these threats, the state is raising its shields to protect its citizens, its businesses and its public services,” said Economy Minister Bruno Le Maire at the opening ceremony of the campus.
Proactive Measures and Best Practices for Cybersecurity
French businesses can take proactive measures such as employee training, implementing multi-factor authentication, and regularly updating software to prevent vulnerabilities from being exploited. Moreover, companies should invest in continuous monitoring of their networks and establish incident response plans to minimise potential damage in the event of a breach.
While France has made significant strides in bolstering its cybersecurity defenses, recent incidents demonstrate that there is still work to be done. The French government’s commitment to investing in cybersecurity infrastructure, legislation, and talent development is a positive sign for the future. Businesses and organisations in France must continue to adopt best practices, invest in advanced cybersecurity technologies, and collaborate with government initiatives to protect their assets and ensure the nation’s digital resilience against ever-evolving cyber threats.
Hungry for more tech news?
Sign up for your weekly tech briefings!