France's Cybersecurity Landscape: Strategic Priorities for 2025

France stands at a critical cybersecurity crossroads in 2025, facing increasingly sophisticated threats. The past year saw unprecedented attacks targeting critical infrastructure, healthcare systems, and personal data, affecting millions of citizens and testing national resilience capabilities. These incidents, ranging from the record-breaking breaches at France Travail breach to coordinated attempts to disrupt the Paris Olympics, demonstrate that cyber threats have evolved from isolated criminal activities to strategic challenges requiring a coordinated national response.

Melissa Parsons

An article from

Melissa Parsons
Technical Writer
Published
March 21, 2025
Updated
Reading time
minutes
France's Cybersecurity Landscape | C-Risk

France recently began enforcing the EU AI Act, NIS2 and other new cybersecurity and AI legislation. Organizations are feeling the pressure to comply with these new regulations while defending against cybercriminals employing increasingly advanced techniques.

 

The trends observed in ANSSI's 2025 Threat Overview illustrate the diverse motivations and creative methods of cybercriminals and underscore how cybersecurity governance, preparation, and effective risk management can effectively mitigate these sophisticated attacks.

 

Major Cyberattacks in France (2024)

Healthcare Sector Data Breach – February

In early February, two French healthcare payment service providers, Viamedis and Almerys, within 5 days of one another, reported data breaches to the French data protection authority (CNIL). The breaches affected more than 33 million people, exposing policyholder information such as civil status, date of birth, social security number, health insurer’s name, and contract details, including similar data for policyholders’ family members.

 

France Travail Data Breach – March

While remediation efforts were still underway for the Viamedis and Almerys incidents, France Travail, the French unemployment agency, set a record for the largest cyberattack in the country’s history. It reported a breach affecting 43 million people, with exposed data covering job seekers registered with agency over the past 20 years. The attack was attributed to the Clop ransomware group, which exploited a zero-day vulnerability in the MOVEit Transfer software tool.

 

Telecom Sector Cyberattacks – September & October

In September, telecom provider SFR reported a data breach affecting 3.5 million customers. In notifications sent to affected users, the company disclosed that exposed data included personal details provided during online purchases, such as SIM card identification numbers and banking information.

 

The following month, Free, France’s second-largest internet provider, suffered a major cyberattack targeting an internal management tool. The breach compromised the personal identifiable information (PII) of 19 million customers, including full names, email and postal addresses, phone numbers, contract details, and, for some, banking information.

 

Cybersecurity at the 2024 Paris Olympics

A prime example of cyber resilience in action was France’s cybersecurity strategy for the 2024 Summer Olympics in Paris. As one of the world’s most high-profile events, the Olympics presented a significant target for cybercriminals, state-sponsored hackers, and misinformation campaigns.

 

To counter these threats, France implemented a multi-layered cybersecurity strategy involving government agencies, private sector partners, and international cooperation.

 

According to ANSSI’s 2024 Cyber Threat Overview, two major ransomware attacks were detected during the Olympics. One ransomware attack targeted the central data system for the Réunion des Musées Nationaux network. The Grand Palais and the Château de Versailles are part of the network and were hosting Olympic events at the time of the attack. The second major ransomware attack was reported by Paris-Saclay University, the is home to the French Anti-Doping Laboratory.

 

However, neither attack was able to disrupt critical information systems or interfere with the events. ANSSI attributed the mitigation of these attacks to the segmentation of information systems and the swift remediation efforts taken once the threats were identified.

 

AI and the 2024 EU Parliament and French legislative elections

Consumers and voters in France are increasingly exposed to AI-generated content on social media, news sites and search engines. During the 2024 European Parliamentary elections, some French political parties posted AI-generated content on their social media pages. According to the EU’s 2024 Code of Conduct for the parliamentary elections, while the use of AI-generated content is not forbidden, it should be clearly labeled.   

 

According to a report by the non-profit organization AI Forensics, 51 instances of AI-generated images were posted and re-posted by various political parties in France for the EU parliamentary and legislative elections that followed across Facebook, Instagram, and X. None of the AI-generated content was labeled as such, despite the EU election Code of Conduct. 

 

The Digital Services Act, which entered into French law in August 2023, also recommends that platforms and search engines with more than 45 million active monthly users label AI-generated content. This has not yet become standard practice on platforms like Facebook, Google, TikTok, YouTube or X (formerly Twitter). 

 

The use of AI-generated content represents a growing concern among social scientists, governments, business leaders, and security professionals as it impacts information integrity and public trust.

 

Threat Landscape in Numbers: ANSSI's Statistical Overview

According to ANSSI's latest data, 2024 saw a significant increase in security incidents across both public and private sectors.

 

In 2024, ANSSI's operational teams processed 4,386 security events, which is a 15% increase from the previous year. Of these incidents, the agency confirmed 1,361 successful malicious attacks on information systems. This upward trend underscores the persistent and evolving nature of cyber threats facing French organizations.

 

Ransomware: A Persistent and Evolving Threat

Ransomware attacks remain particularly problematic in the French cybersecurity landscape. ANSSI documented 144 cases of compromise by ransomware in 2024, involving 39 different ransomware strains. The most prevalent strains were Lockbit 3.0 (15%), Ransomhub (7%), and Akira (7%), with new emergent strains including Ransomhub, Monti, and Lynx making their first appearances.

The distribution of ransomware incidents across different sectors reveals significant vulnerabilities in the French business landscape. Small and medium-sized enterprises (SMEs), very small enterprises (VSEs), and mid-caps continue to bear the brunt of these attacks, accounting for 37% of all ransomware incidents reported to ANSSI. This disproportionate targeting reflects a critical security gap, as these organizations often lack dedicated cybersecurity personnel, adequate security budgets, and the technical expertise necessary to implement robust defenses.

Take Control of your GenAI Risks

Our risk management experts leverage state-of-the-art standards and frameworks to help organizations scope, assess, and manage GenAI risks. Schedule a call with our team to get started.

Schedule a call

France's Evolving Regulatory Response

 NIS2 and DORA Implementation

On March 12, 2025, France completed the transposition of both the EU directive NIS2 and the DORA regulation into national law. NIS2 significantly expands cybersecurity obligations across key sectors, with the National Cybersecurity Agency of France (ANSSI) serving as the supervisory authority responsible for conducting compliance checks and issuing orders in cases of non-compliance.

Simultaneously, the Digital Operational Resilience Act (DORA) establishes a comprehensive framework specifically for the financial sector, requiring financial entities to implement robust ICT risk management practices, incident reporting procedures, and digital resilience testing. This dual implementation is a major step forward in establishing a consistent security baseline across critical industries, with particular attention to the financial system's digital infrastructure.

AI Regulation Takes Shape

The EU AI Act, which came into force on August 1, 2024, has established a common regulatory framework for artificial intelligence within the European Union. While most provisions will become fully applicable by August 2, 2026, certain aspects, such as the ban on AI systems posing unacceptable risks, became applicable on February 2, 2025.

These new regulations have sparked important conversations about balancing innovation with security. At the Paris AI Summit in February 2025, differing perspectives emerged on the appropriate level of regulation. U.S. Vice President JD Vance criticized Europe's regulatory approach, suggesting it could stifle innovation. The US stance contrasts with Europe's efforts to implement comprehensive AI safeguards through the EU AI Act.

 

Actions for Compliance

For organizations operating in France, these regulatory changes demand a strategic response. Boards along with risk and security leaders should collaborate to conduct comprehensive compliance and risk assessments, update their risk management strategies, and prepare for increased reporting obligations.

Organizations using or developing AI systems should pay particular attention to the risk classification system established by the EU AI Act and ensure appropriate safeguards are in place. Rather than treating compliance as a checklist exercise, forward-thinking organizations will use these regulatory requirements as an opportunity to strengthen their overall security posture and build resilience against the evolving threat landscape.

Best Practices and Security Recommendations for 2025

Drawing lessons from the major cyber incidents of 2024 and ANSSI's recommendations, organizations in France should implement the following security measures to strengthen their cyber resilience.

Authentication and Access Controls

  • Implement strong multi-factor authentication methods using certificates or security keys rather than relying solely on TOTP or third-party applications that can be circumvented
  • Regularly rotate passwords for privileged accounts (ANSSI found many organizations using the same high-privilege passwords for 15-25 years)
  • Implement the principle of least privilege across all systems

Network Segmentation

  • Implement internal network segmentation as a critical defense-in-depth measure to contain threats and limit attacker mobility within your environment

Edge Device Protection

  • Implement strict access controls for administration interfaces of firewalls, VPN gateways and other security devices

System and Software Updates

  • Prioritize timely patching of internet-exposed systems (VPNs, firewalls) which are prime targets for attackers
  • Establish a systematic update management process

Incident Detection and Response

  • Developing robust detection capabilities, particularly for security edge devices
  • Creating an incident response plan with clearly defined roles and procedures
  • Maintaining offline backups to ensure business continuity in case of ransomware attacks
  • Investigating potentially vulnerable devices immediately after vulnerability disclosures, rather than waiting for signs of compromise

 

Navigate France's Cybersecurity Challenges with Data-Driven Risk Management

As France's cybersecurity landscape continues to evolve in complexity, organizations must continually adapt. The incidents of 2024-2025 demonstrate the need for enhanced risk management capabilities to address increasingly sophisticated threats. From the record-breaking France Travail breach affecting 43 million people to the targeted attacks during the Paris Olympics, the stakes have never been higher, requiring organizations to evolve their approach to risk.

To effectively address these challenges, forward-thinking organizations are re-thinking their risk management to implement more strategic, data-driven methodologies.  

  • Understand their unique risk context by mapping critical digital assets to business processes and identifying what truly matters to operations
  • Quantify potential impacts in financial terms, creating a common language that resonates with executives and board members
  • Prioritize security investments based on actual risk exposure rather than perceived threats
  • Develop targeted control strategies that address the most significant vulnerabilities specific to their value chain

Re-think Risk Management

If you would like to discuss your cybersecurity and compliance challenges, schedule a call with a C-Risk expert.

In this article
Improve decision-making with Cyber Risk Quantification

We build scalable solutions to quantify cyber risk in financial terms so organizations can make informed decisions to improve governance and resilience.

Book a free strategy session

Related articles

Read more on cyber risk, ransomware attacks, regulatory compliance and cybersecurity.

See all articles
DORA regulation - C-Risk

DORA: mitigating ICT risks and strengthening digital resilience

Gain insights into the EU's Digital Operational Resilience Act: its implications for financial entities, challenges for compliance and achieving digital operational resilience.

Melissa Parsons

4/4/2024
NIS 2 directive - C-Risk

The NIS 2 Directive: strengthening cyber resilience across sectors in the EU

Learn about the expanded scope of NIS 2 and the three pillars the Directive introduced for a safer, more resilient digital economy.

Melissa Parsons

18/6/2024
business continuity plan - C-Risk

Business continuity plan (BCP): planning and preparing for a cyberattack

Business Continuity Plan (BCP): what do you need to know? How to prepare for cyberattacks and ensure the resilience of your company?

Christophe Forêt

23/8/2023

C-Risk is a recognized expert in Cyber Risk Quantification using the FAIR™ methodology. We provide CRQ solutions, advisory services and training.

Use cases
CISO Top Risks and Controls PrioritizationCommunicate to the Board & Executive ManagementSize, Allocate and Justify an Infosec BudgetAI Risk AssessmentsOptimize Cyber Insurance CoverageFacilitate Regulatory ComplianceThird-Party Risk ManagementMerger & Acquisition
Our services
Consulting & AdvisoryDDRM as a Service CRQ as a Service
Our softwares
SAFE One CRQ PlatformSafe One Third-Party
C-Risk Education
CRQ TrainingCRQ E-learning
Your role
Executive ManagementCISORisk Professionals
Resources
BlogNewsVideosWebinars
Company
About C-RiskCareersPartnersC-Risk in the News
Contact
Contact us
Language
C-Risk France
110 Esplanade du Général de Gaulle
92931 Paris La Défense
C-Risk USA
990 Biscayne Blvd
Office 701
Miami, Florida 33132
C-Risk UK
4/4a BloomsburySquare
London WC1A2RP
C-Risk Ireland
9 Exchange Place
Dublin 1 - D01 X8H2
C-Risk Germany
Bergheimer Strasse 147 EG
F-Section
69115 Heidelberg
Created by Sales Odyssey
Legal noticeData Privacy