Beyond a technological issue, cybersecurity has become a strategic, economic, and geopolitical issue. To better support the ecosystem, France must strengthen its digital sovereignty. This approach requires rethinking its investments, better supporting innovation, and developing effective sovereign solutions.
An economy weakened by intensifying threats
2024 was the year of all cyberthreats: the Ministry of the Interior recorded 348,000 digital offenses, a figure that is up 30% compared to the previous year. A report in which ransomware attacks are predominant: 86% of French IT decision-makers report having suffered at least one of these attacks, compared to 53% in 2023. With an average cost of €130,000, the financial consequences are dramatic. This amount is sometimes insurmountable, especially for SMEs, often more vulnerable. More worryingly, 41% of affected companies never recover their data after an attack, and one in three gives in to blackmail and falls victim to a repeat offense. It is clear that, due to a lack of resources or a fully effective solution, many companies prefer to include the cost of ransoms in their budgets rather than strengthening their cyber protection. Faced with this critical issue for the survival of businesses, the State must strengthen its action and place cybersecurity at the heart of national digital sovereignty strategies.
Digital sovereignty still largely theoretical
Today, nearly 90% of cybersecurity solutions used in France come from non-European players. In terms of cloud computing, essential for data security, Microsoft, AWS, and Google Cloud dominate a market in which French solutions are struggling to emerge. This technological dependence weakens sovereign control over sensitive data (justice, defense, health), and increases the vulnerability of the State and businesses. Certainly, initiatives like Gaia-X – a European association aiming to create a sovereign cloud – are a step in the right direction. However, they remain in their infancy, hampered by complex regulations and still-dispersed implementation. Not only does the talent shortage exacerbate the situation, but the diversity of skills required (technical, legal, strategic) makes this type of training difficult to structure, despite measures like the "Skills and Careers of the Future" plan.
French innovation in cybersecurity exists… but it is running out
Nuggets like HarfangLab, TEHTRIS, and Gatewatcher clearly demonstrate that cybersecurity innovation exists in France. However, it is unable to reach industrial scale due to a lack of stable funding. Too often, truly disruptive projects are acquired at an early stage by foreign players with substantial funds. Through the France Relance and France 2030 plans, the State has earmarked €1 billion to accelerate its cybersecurity strategy, notably with the recently relaunched “Development of Critical Innovative Technologies” call for projects. However, only €2 million has actually been mobilized in 2024, spending that has focused on cloud data security projects.
Insufficient readability
The lack of funding can be explained by the fact that the cyber sector remains fragmented, poorly coordinated, and unclear to both entrepreneurs and investors. To more effectively direct funding toward high-potential projects, prevent them from going abroad, and promote their growth at the national level, urgent action is needed to restore visibility to existing mechanisms (research tax credit, Bpifrance aid, IP Box). Dialogue between the public and private sectors must also be strengthened, a key approach for combining business expertise and market vision. As for initiatives linked to European aid programs, even if they are relevant, they remain complex and lengthy.
Focusing on the Franco-European ecosystem and strategic governance
Accelerating digital sovereignty requires five complementary levers: the State must invest in sovereign solutions, reserving a share of public procurement contracts for French players in order to foster a strategic economic fabric. Security Operations Centers (SOCs), such as CERT-FR under the aegis of ANSSI, and the European Union's cross-border SOC, created as part of the European Cyber Security Act, are an initiative to be developed to better share real-time alerts between communities, hospitals, and SMEs. More agile support mechanisms capable of rapidly financing disruptive innovations are equally critical. Attracting private investors through targeted tax incentives is also strategic, for example through a cyber innovation tax credit or a cybersecurity savings account (an extension of the BPI Defense account). Finally, the government absolutely must coordinate actions by clarifying the roles of ANSSI, the CNIL, ministries, and regional agencies. Without a centralized strategy, efforts will remain scattered and with limited effectiveness.
0 Comments