The cybersecurity market - France (2024)

1.2 The global cybersecurity market: a booming sector

Covid-** has revolutionized the way societies and economies operate around the world, notably by accelerating digitization. This changeover has been accompanied by a dramatic rise in cyberattacks, so much so that losses due to cybercrime are estimated to have reached US$*,*** billion in **** and will reach US$**,*** billion in ****. [***]

evolution of cybersecurity spending since the arrival of covid-** World, ****-****, US$ billion Source: ****

The United States remains the country with the most cyberattacks in **** and the highest average cost of a data breach, at around US$*.* million. In December ****, the Real Estate Wealth Network records breach affected over *.* billion records. The Middle East is the second most affected region, followed by Canada and Germany. [***]

In ****, the global cybersecurity market (***) is estimated at $*** billion and has a CAGR of **% over the period ****-****.[***]This development is the result of ever-increasing Internet penetration, and therefore an increased risk of cyberattacks. Companies are trying to mitigate this risk through cybersecurity services.

Cybersecurity sales forecast World, ****-****, US$ billion Source: ****

Companies are the primary targets of cyberattacks worldwide, and the number of them targeted by information breaches is on the rise. Allianz reveals in its **** risk barometer that cybersecurity has become the number one concern ...

1.3 The French market: a dynamic, fast-growing sector

With average annual growth of *.*% in France from **** to ****, while GDP grew by just *%, cybersecurity in the broadest sense has been France's most dynamic industrial sector for a decade, and one that has proved particularly resilient in the face of the COVID crisis in ****.s most dynamic industrial sector over the past decade, and one that proved particularly resilient in the face of the COVID crisis in ****. digital Confidence is divided into Digital Security and Cybersecurity, itself divided into two types of activity: services (***). Digital Security refers to systems that deploy secure digital technologiestechnologies to reinforce trust in the civil environment, encompassing identity and access management, biometrics, and extending to connected objects, industrial processes and smart cities. Digital security products include hardware such as smart cards and equipment for biometrics and localization. By ****, sales in the Digital Trust sector are expected to reach €**.* billion. In France, this sector grew by **.**% in ****, while French GDP increased by *.*%. [***]

sales growth in the Digital Trust sector France, ****-****, € billion Source: ****

**% of Digital Trust sales are generated by cybersecurity and **% by digital security.rique, corresponding to revenues of €*.** billion for cybersecurity and €*.** billion for digital security.

Breakdown of Digital Security revenues France, in ****, in ...

1.4 France's spending on cybersecurity

In ****, France ranked right at the top of the podium of European countries spending the most on cyber defense: its total investment in the sector reached US$*.* billion, i.e. *** million more than Spain and *** million more than Germany. By ****, losses due to cybercrime in France were expected to exceed *** billion euros, according to Statista.

Cybersecurity spending by country Europe, ****, US$ billions Source: ****

The chart below illustrates the cybercrime risk scores for a set of countries according to ProxyRack in ****. In this ranking, France is among the safest countries in terms of cybercrime, with a score of *.**/**. Compared with its European neighbors, France is in a relatively favorable position, although attention is still required.

Denmark and Sweden score lower, indicating better preparedness for cybercrime. On the other hand, countries such as Spain, the USA and Canada present higher risks.

Vulnerability score to cyber-attacks for the most secure countries World, ****, score Source: ****

1.5 A market closely linked to world news: the consequences of covid and the war in Ukraine

Changes accelerated by the Covid-** crisis

The coronavirus crisis has led to massive use of telecommuting. This represents a major upheaval for companies, which are now focusing their cybersecurity efforts on securing the flows generated by remote working. Isolated employees are easier prey for cyber-attacks. The pandemic has thus led to a cyberpandemic, and data breaches have had unprecedented repercussions: an average loss of US$*.* million per attack in ****, compared with US$*.* million in ****.

evolution of cybercrime during the Covid-** pandemic World, ****, % Source: ****

Cyber-criminals are said to have taken advantage of the shift to remote working to develop increasingly sophisticated malware. During the pandemic, more than a third of the malware or methods used in cyberattacks had never been used before.

Increasing complexity of cyberattacks Worldwide, ****, % Source: ****

The main concern of industry leaders during the crisis was the vulnerability of their security systems, due to the widespread use of teleworking.

With the current health crisis, what phenomenon is most affecting your company's cybersecurity activity? France, ****, % Source: ****

The war in Ukraine

According to Le Monde, the war in Ukraine has paved the way for the "era of cyberattacks". For example, a cyber attack crippling IT services in Ukraine just an hour before ...

2.1 French demand rises as terrorist attacks continue

According to the Portail de l'Intelligence économique, cyber-attacks in France increased by a factor of * between **** and ****, representing *** attacks. This would represent total financial gains of over one billion euros for the cybercriminal sphere. This explosion in computer attacks is fueled by a snowball effect, as the leakage of personal data facilitates new attacks. According to ANSSI, there will be a **.*% drop in the number of proven intrusions between **** and ****, which does not mean that the consequences are any less serious - on the contrary, cyberattacks always cause more damage on average.

Breakdown of cyber attacks in France by type of establishment France, in ****, in Source: ****

A large proportion of these attacks are ransomware, withANSSI counting *** in **** versus *** in ****. The Independent IT-Security Institute puts the figure at ***.

Type of attack in France France, ****, in units Source: ****

These ransomware attacks mainly target businesses and local authorities. The nature of corporate victims fluctuates over time. Very small businesses accounted for **% of victims in ****, compared with **% in ****. According to OpinionWay, **% of businesses suffered an attack with a significant impact in ****. While this percentage is well below the levels seen between **** and ****, during the covid crisis, it is still an increase on ****, even though the ...

2.2 France increasingly well prepared for cyberattacks

Is your company prepared for a cyber attack? France, ****, % Source: ****

According to Adacis (***), in ****, only **.*% of employees thought their company was really protected against a potential cyber attack. This result was explained by increased spending on preventive measures. Consequently, it is plausible to assume that cybersecurity advice and expertise will be increasingly in demand, as companies and organizations strive to understand what measures are necessary.

But six years on, in ****, a large majority of organizations have equipped themselves to react in the event of a cyber attack, and there is an average of ** solutions and services dedicated to cyber protection per organization (***). According to CESIN, **% of companies plan to acquire more protection solutions in ****. **% of companies surveyed say they have confidence in the security solutions and services available on the market.

Opérateur d'Importance Vitale (***) companies

In France, certain companies, known as Operateurs d'Importance Vitale (***) status applies to other vital sectors such as freight transport and logistics, imposing similar cybersecurity obligations. [***]

2.3 Cyber-resistance will increase demand

With the increasing digitization of the global economy and the rise of telecommuting, which is increasing cloud storage, demand for cyber security is rising steadily, particularly from specialist service providers. Cyber resilience means being better prepared against cyber-attacks by adopting an upstream strategy. According to Les Echos , it's no longer a question of surviving an attack, but of bouncing back and anticipating it. Cyber-resilience therefore encompasses not only cybersecurity, but also the entire process that precedes and follows it. This strategy is based on five fundamental pillars:

Identification ; Protection ; Detection ; Resolution ; Restoration.

According to Cesin (***), nearly **% of French companies involved in cybersecurity are unsure of the threats they may face, and then doubt their ability to deal with cyber-attacks. are unsure of the threats they may face, and then doubt their ability to cope with cyber-attacks. According to the report, the cybersecurity managers of these companies consider that "control of corporate information systems is becoming increasingly difficult". The threat of a cyber-attack can have systemic consequences, and for this reason requires risk management that goes far beyond cybersecurity to imagine possible responses to future threats. Once again, these statistics confirm the growing demand for expertise in the field of cybersecurity.

Le ...

2.4 Demand trends - FIC 2023 highlights

From April * to *, ****, the annual FIC (***) forum was held in Lille, France. Below you'll find the main conclusions of this forum, as well as the trends identified. [***]

The announcement of a "European cyber shield " was made by European Commissioner Thierry Breton, which aims to protect the EU against cyber attacks, in response to their ***% increase in Europe since the start of the war in Ukraine. The shield will include a network of cybersecurity operations centers (***) at strategic sites, using supercomputers and AI to detect malicious behavior. This project is part of the Cyber Solidarity Act, a new European law on cybersecurity. Vincent Strubel, the new director of ANSSI, spoke at the Forum International de la Cybersécurité (***) about cloud security. He stressed the importance for companies, especially SMEs, of performing backups, configuration audits and choosing certified sovereign cloud providers, particularly for sensitive data. Strubel wants to make cybersecurity more accessible, moving from "tailor-made to ready-to-wear" to manage the growing volume of cyberattacks. SOCs were widely represented at the FIC, and a CESIN study showed that **% of companies either have an SOC or are in the process of deploying one. However, although **% of these companies see a benefit, only *% actually measure their ...

2.5 Profile analysis: French consumer

French consumers are concerned about cyber attacks: in a report by Harris Interactive, it was revealed that a large majority of French people are still worried about possible attacks on their personal data. **% say they are worried about possible identity theft, **% about possible Internet scams, and **% about attacks on banking data. [***]

French concerns about cybersecurity france, in ****, in %, in % [Strategies Source: ****

Systems

The graph above shows us that the French cybersecurity consumer is most likely to install antivirus systems, followed by firewalls and antispam measures. What's more, in two out of three cases, desktop computers are better protected than network components.

Protection measures

Large companies (***). The second choice is outsourcing the action to IT specialists, followed by purchasing insurance. This chart is interesting because it highlights the low priority given to insurance in the event of an attack.

2.6 Worldwide security spending by segment

Source: ****

As can be seen, security services remain the highest priority in terms of spending. This is followed by infrastructure protection, then identity access management. Although this graph depicts worldwide demand, the figures are probably similar in France, due to the homogeneity of the Internet and the services it provides.

3.1 The main players

France's cybersecurity sector contains many national champions, including the world leader in digital security since the takeover of Gemalto in ****, Thales. Of the ** largest structures in the sector in France, only one is foreign-owned, the American IBM. Thales, Idemia and IN Groupe are world leaders in the digital identity, identification and authentication niches.

Top ** players by sales revenue France, ****, € million Source: ****

3.2 The French market: mature and regulated

The French market is mature, highly regulated and strongly supported by the French government through regulations such as ANSSI. [***] What's more, the market is relatively large. In ****, there were *,*** companies in the industry in France, including:

- ** large companies;- ** ETI (***);- *,**** micro-enterprises, with total sales under €* million in ****.

Sales by company size France, ****, % of total sales Source: ****

In ****, the Digital Security sector represented ***** jobs in France, **% of them in large companies. To put this figure into perspective, the sector created ***,*** jobs worldwide in the same year.

Breakdown of sector workforce by company size France, ****, % of total Source: ****

Number of companies by size France, ****, % of total Source: ****

3.3 Market distribution

Source: ****

Cyber security comes in two forms: products/software and services. The former encompasses products actually sold, while services aim to increase customer knowledge through education.

3.4 FIC Start-up Award winners: a glimpse of French innovation leaders

Every year, the FIC (***) rewards cybersecurity start-ups for their innovations and contributions to the field. Below you'll find an overview of previous winners, their motivation and their contribution.

Fundraising by Digital Confidence startups has been growing extremely rapidly over the past * years, testifying to the attractiveness of the sector. In ****, ** startups raised funds in the sector, followed by ** in ****, ** in **** and * in the first quarter of ****, with increasingly higher amounts.

Amounts raised by French Digital Trust startups France, ****-****, in millions of euros Source: ****

Source: ****

4.1 Cybersecurity solutions for businesses

Cybersecurity solutions for businesses are many and varied. According to the Alliance pour la confiance numérique, in **** there were **** players providing such services in the sector in France. The three main segments of digital trust are services, products or software, and digital security (***).

e

In cybersecurity, services and software differ depending on whether they are aimed at individuals, businesses or government, as each player has different needs. However, some solutions in France have been distinguished by the France Cybersécurité label awarded by the Secretary of State for Digital Technologies since ****.

Here's an explained list of the different solutions available to businesses

Services

Cyber auditing, planning and consulting: Carrying out audits to assess ICT infrastructure helps detect vulnerabilities and strengthen security systems. These audits should also include cloud service providers, to ensure that their practices are secure Implementation and operation of cyber solutions: This service includes the installation and maintenance of cyber security software. Cybersecurity training: It's crucial to regularly inform and train employees on cybersecurity threats, warning signs, and best practices for responding effectively to security incidents

[***]

Products and software

Cybersecurity solutions often offer one or two specific protection features, but modern software suites tend to combine several ...

4.2 For private customers

For private users, anti-malware solutions (***) are the main protection used. For example, Bitdefender, Kaspersky, Trend Micro and even free anti-virus software such as Avast, Avira and AVG are commonly used. These suites may include a firewall, a VPN to encrypt the Internet connection, or even a secure password manager .

For individuals, the one-year price of the main anti-malware products ranges from €* (***). Bitdefender costs €**. ** and Kaspersky €**.**. It's worth noting that some computer sales include a subscription to an antivirus for a specific period.

4.3 Some price examples

4.3 Segmentation of companies by offering

Source: ****

5.1 Current regulations

France is concerned by regulations at three levels: international, European and local.

Firstly, the first piece of legislation with an international dimension is the Budapest Convention on Cybercrime of November **, ****, signed by the ** member states of the Council of Europe and ratified by France and the United States in ****.

Secondly, at European level, four main texts deal with cybersecurity issues at state and corporate level.

NIS Directive (***)

The Network and Information Security (***) Directive requires private companies to comply with new security and incident reporting requirements. The General Data Protection Regulation unifies existing regulations into a single European law. It introduces guidelines on the management of personally identifiable information. In addition, penalties for non-compliance with these guidelines can include fines of up to *** million euros or *% of a company's worldwide sales. It was extended in **** with NIS *, which extends the scope of the first NIS Directive and strengthens penalties for non-compliance. [***]

General Data Protection Regulation

As far as the GDPR is concerned, it obliges companies to guarantee the security of their users' data. At national level, it is translated into the Data Protection Act of June **, ****.

Cybersecurity Act Regulations (***)

This regulation strengthened the mandate of the European Cybersecurity Agency (***). ENISA helps to ...

5.2 National cybersecurity strategy

On February **, ****, the President of the French Republic declared as a priority the implementation of a National Strategy for Cybersecurity, by ****: Multiply the industry's sales by *.*, for a total of €** billion; Double the number of jobs, for a total of **,***; Create * unicorns. This strategy is part of the stimulus package (***) and France ****, notably through the Grand Défi Cyber call for projects. ANSSI will be responsible for supporting and subsidizing local authorities to: Understand their level of cyber security; Identify the most urgent actions to be taken; Raise awareness among elected representatives and decision-makers Launch the necessary actions. This cybersecurity acceleration strategy will have total funding of *,*** million euros, including more than *** million euros of public money. Source: ****

6.1 Segmentation

In a market that is still maturing, both globally and in France, major groups and innovative SMEs are working together. The French market is representative of this market structure, both mature and unconcentrated. We will therefore segment our list of companies as follows:

Source: ****

• Cyberark
• Airbus Cybersecurity
• Thales
• Akerva
• Amossys
• Git Guardian
• Alten
• Atos Eviden
• Docaposte
• Orange Cyberdefense OCD
• CS Group
• Shift Technology
• Anozr Way
• Chapsvision
• Palantir
• Sekoia io
• Forward ( ex Avisa Partners)
• Pr0ph3cy Neverhack
• OverSoc
• I-TRACING
• Cisco
• Devensys Cybersecurity
• Harfanglab
• Berger Levrault
• Secure IC
• Nano Corp
• Palo Alto Networks
• Squad Cybersécurité
• Filigran
• Vade Secure
• Tyrex Cyber Kub
• Seclab Cyberdecurity
• GAC Scalian
• Darktrace
• Tehtris
• Sentryo
• Resadia Groupe
• Alternative