As cyberattacks continue to escalate into 2024, what threats are currently of greatest concern to French businesses, and what measures can they take to counter them by 2025? Get the answers in GetApp’s annual Data Security Report.
The issue of IT security continues to be crucial for French businesses. As evidenced by this: 77% of IT professionals surveyed say their organization increased its spending on this issue between 2023 and 2024, and 76% plan to invest more in this area in 2025.* The cause? Cyberattacks are becoming increasingly recurrent and sophisticated, particularly with the advent of artificial intelligence (AI).
Through a survey of 4,000 IT professionals from 11 countries, including 350 in France*, GetApp sheds light on the current state of cybersecurity and future threats to enable businesses, and IT teams in particular, to identify these threats and understand the measures and technologies to improve their security in 2025.
Key points of the study
French companies continue to see their data attacked: 53% of professionals surveyed admit that their organization has suffered a data breach in the last 12 months.
Phishing and ransomware attacks are the most common threats: 89% say their company has been the target of a phishing attack and 62% of a ransomware attack in the last 12 months. Attacks enhanced by artificial intelligence are beginning to be feared: 31% say they are concerned about AI-enhanced attacks in the next 12 months.
Update on current and future cybersecurity threats in France
53% of IT professionals surveyed say their company has suffered a data breach in the past 12 months
Dreaded by any entity that suffers a cyberattack, a data breach can have harmful consequences such as fraudulent use of stolen information, loss of time and money, or even business disruption. Despite a likely awareness of these risks, illustrated by generally higher spending on IT security between 2023 and 2024, a majority of companies (53%) have suffered a data breach in the past 12 months, 19% of them multiple times. What is particularly at fault? Credentials are easily identifiable or stolen (according to 45% of professionals whose company has been affected by a recent data breach).
Thus, the measures implemented have not always been sufficient to protect against certain threats and do not prevent companies from displaying certain vulnerabilities. Among the most problematic, according to the professionals surveyed, are password or authentication vulnerabilities (40%), vulnerabilities to phishing and social engineering scams (39%), and risky employee behavior (39%). These are vulnerabilities where employees are on the front lines.
These are threats that many have recently encountered. In fact, 89% say their company has already been targeted by a phishing email in the past 12 months. Even more worrying: 82% say they or other members of their organization have clicked on the malicious link contained in the phishing email.
In the case of ransomware attacks, 62% of respondents attest that their company has been targeted in the past 12 months, including 28% on multiple occasions. While 39% say the ransomware attack was resolved by decrypting data or removing the ransomware without having to pay a single cent to the cyberattackers, it is alarming to note that 30% admit that their organization has actually paid a ransom. This can be a hefty price, with 75% seeing their company pay out more than €25,000. Another alarming fact: nearly half of the companies that paid a ransom did not recover their data.
A new cloud has been added to these recurring threats: the widespread availability of artificial intelligence tools, which have the potential to make phishing attacks even more sophisticated. A point well understood by our panel: 55% consider AI-enhanced phishing strategies to be a particular concern for the next 12 months. Other AI-generated threats that the professionals surveyed particularly fear include malware enhanced by this technology (57%) and deepfake attacks (44%).
What actions should be taken to improve cybersecurity in 2025?
Despite awareness of the risks, French companies continue to suffer data breaches. This alarming trend could be exacerbated by the advent of artificial intelligence, which makes attacks even more prolific, sophisticated, and targeted. However, these threats are far from inevitable, and there are tips that can already be followed to help organizations improve their IT security and approach 2025 with greater peace of mind.
Regularly raise employee awareness of IT security through theoretical and practical training
As we have seen, employees are often considered the weak link in corporate IT security. This is why the organizations that employ the professionals surveyed are careful to provide their employees with training. The most common areas of concern concern cybersecurity (62%), data confidentiality (59%), and on-site security and building access (43%).
However, employees’ lack of awareness of best practices can be caused by both a complete lack of training and insufficient training. Indeed, for awareness training to be effective, it is important to deploy it frequently and over the long term. However, it should be noted that within our sample, 42% are invited by their company to attend security awareness training only once a year, while 21% attend very sporadically.
These training sessions should not be limited to theory either. To help employees identify threats and understand the implications, it can be useful to implement simulated phishing attacks. Seventy-two percent of the companies in our sample understood their importance and conducted phishing tests in which all employees received a fake fraudulent email to see if anyone would click on the link or open an attachment. Additional training can then be offered to those who failed these tests.
Identify IT Security Gaps
Thirty-eight percent of professionals surveyed whose company suffered a data breach in the past 12 months say it occurred due to database misconfiguration or errors, while 32% point to a vulnerability in the software used. Knowing how to identify gaps and regularly verifying the integrity of your system is therefore essential for protection. This is especially true in a context where artificial intelligence represents a growing threat. It is therefore important to ensure that security measures are effective and that network monitoring is robust. These principles were well understood by a portion of the organizations in our sample, with 49% conducting formal cybersecurity risk assessments.
Know and acquire the combinations of cybersecurity tools that meet the business’s needs
To protect themselves from threats, companies must equip themselves with security tools. The most used by our sample are:have antivirus software (62%). While this category of tools is certainly essential, it is insufficient to effectively protect against cyberattacks. For optimal protection, it is important to opt for a combination of solutions that meet the company’s needs and are capable of countering the most common threats. After a thorough internal analysis of these points, it may therefore be advisable to use, in addition to antivirus software, other basic products such as:
- firewall software (used by 56% of professionals surveyed),
- VPNs (54%),
- password managers (50%),
- network security software (48%),
- data backup software (47%),
- endpoint security software (45%),
- secure messaging software (45%),
- website security software (40%).
For optimal security, all IT security tools must be regularly updated to ensure agility in the face of any new threats.
Another effective method is two-factor authentication. By requiring two types of identification to access data, it allows organizations to monitor and protect their networks. Ninety-three percent of respondents said their company uses two-factor authentication, although 62% said it is used for certain applications only.
It should be noted that partial use of this solution can represent a security breach and make the organizations concerned more vulnerable to attacks. It is therefore recommended to use it for all applications.
Cybersecurity Threats in France: An Update on What Awaits Businesses in 2025
The year 2025 will undoubtedly also see its share of phishing and ransomware attacks. What could change is the way these intrusions are developed. Indeed, the democratization of artificial intelligence will clearly change the cybersecurity threat landscape in our country, making them much more prolific and targeted. This is why French companies must prepare for these risks by learning about current and future threats while focusing on employee training, identifying their own IT gaps, and acquiring appropriate software.