France cyber security and cyber crime statistics

For individuals and organizations in France, cyber security should be top of mind. Cyber crime rates continue to rise in the country with the cost of threats such as ransomware and data breaches impacting a large number of individuals and businesses. The country is responding with increased cyber security budgets and improved awareness, but there is still a way to go before it’s on par with leaders in the field.

Here are some of the latest statistics, facts, and trends, that reveal the state of cyber crime and cyber security in France.

1. Over 85% of organizations in France dealt with a successful attack in a one-year period

A 2022 report by CyberEdge Group includes responses from information security professionals in various regions across the globe. It found that 89.3 percent of French organizations experienced a successful cyber attack within a 12-month period. This was around up from 81.1 percent in 2020, but only the middle of the pack globally, with companies in Colombia being the hardest hit and those in Turkey being the least likely to have dealt with an attack.

2. 64.9% of French organizations were hit with ransomware within a year

The CyberEdge report honed in on ransomware and revealed that around 65 percent of French businesses had been targeted with a ransomware attack within the year prior to the study. Again, this was around average. Chinese companies (89.6 percent) were the most popular ransomware targets while Turkish organizations (44.9 percent) were the least likely to see such attacks.

3. Companies in France allocate around 10% of their IT budget to security initiatives

Another key indicator covered by CyberEdge is the portion of their IT budget companies spend on security. For French businesses, this figure is 10.7 percent, which is lower than any country in the study. That said, it’s not that far below the global average of 12.7 percent.

graph showing mean security budget year on year
Source: CyberEdge

4. Security budgets in France have remained more or less stable

After a 4.8 percent spike in the average security spend back in 2020, France’s organizations have continued to allocate a similar amount of resources. In fact, in 2022, the average spend is 10.7 percent, down from 10.8 two years ago.

5. France has one of the lowest rates of cloud security adoption

One more interesting statistic provided by CyberEdge tells us about the interest of organizations in cloud-based security solutions. Only around 32.3 percent of French companies rely on these, which is the third-lowest of all countries studied (after Germany and China).

6. Almost three quarters of French organizations were hit by ransomware in 2022

According to The State of Ransomware Report 2022 by Sophos, 73 percent of French organizations were hit by ransomware in 2022. This is significantly higher than the 52 percent affected in 2020. However, it’s not that far off of the global average of 66 percent. The worst-affected country was Austria (84 percent), followed by Australia (80 percent).

Graph showing which coutnries were worst hit by ransomware in 2022
Source: Sophos

7. 27% of French companies stopped ransomware attacks before data was encrypted.

We also learned about how effective companies were at blocking ransomware attacks. 27 percent of French organizations managed to stop this malware in its tracks.

This is a huge step forward since 2020, when only 17 percent of attacks were stopped in time. India are global leaders in this area, preventing 80 percent of attacks, with the Czech Republic and Australia tied for second place at 79 percent.

8. In 2020, 19% of French organizations paid the ransom

It was also interesting to discover how many companies paid the ransom. Just 19 percent of firms went ahead with payment in France in 2020, which was below the global average of 26 percent. The winners here appeared to be Spain and Italy where the portion of companies handing over ransom payments was four percent and six percent, respectively.

9. The average cost of a ransomware attack in France is almost $300,000

Of course, ransom payments aren’t the only costs associated with ransomware attacks, and the remediation of such incidents can be expensive. On average, a ransomware attack costs French organizations $297,011.

This is actually drastically reduced from 2020, when the average payout for a French company was 474,477.95. Japanese companies typically pay the most, with attacks averaging $4,327,024 while in Turkey, the average payout is just $30,846.

10. 84% of companies in France have cyber security insurance

So are companies protected from a financial perspective when it comes to ransomware? Sophos asked organizations about their insurance policies. It found that well over two-thirds of French companies hold cyber security insurance in some form but only 52 percent of those have coverage for ransomware attacks.

11. In 2021, 27% had standalone cyber insurance

The Hiscox Cyber Readiness Report 2021 delves a little deeper into cyber insurance and found that only 27 percent of French companies had standalone cyber insurance policies in 2021. This implies that many companies simply roll it into their business insurance policies. While any cyber insurance is better than none, standalone policies tend to be more comprehensive.

12. 3 major ransomware attacks have impacted French hospitals in 2021

BlackFog’s The State of Ransomware 2021 report includes a March 2021 ransomware attack that paralyzed Oloron-Sainte-Marie Hospital’s IT systems. Attackers demanded $50,000 in bitcoin in exchange for the encrypted data.

An earlier attack in February 2021 saw the Egregor gang cause major network disruption at the Dax-Côte d’Argent Hospital Center. Staff had to revert to using pen and paper as the entire network was affected. The hospital was forced to only accept patients with major emergencies for a period of time. A similar attack hit a hospital in Villefranche-sur-Saône, also in February.

13. France is the 6th most prominent source of spam

According to research by Kaspersky, France produces a fairly large portion of spam. The country was fifth in the world in terms of spam volume in both 2019 and 2020. In 2021, France was responsible for 3.57 percent of global spam, which actually represents a pretty steep decline. Russia was largest source with 24.77 percent of all spam coming from this country.

map of global spam origins 2021
Source: Kaspersky

14. France has the 2nd highest share of attacked users

The same report also shed light on each country’s share of attacked users. Anti-phishing was triggered on the devices of 12.21 percent of Kaspersky users in France.

This is a higher portion than in most other countries and isn’t too far behind the country topping the list (Brazil with 12.39 percent).

15. Less than 1% of scam websites have a .fr domain

Kaspersky also looked at where scam originates by examining the domain extensions of scam sites. As expected, .com extensions are the most popular accounting for 31.55 percent. In second spot is .xyz (13.71 percent) and in third is .cn (7.4 percent). The .fr extension doesn’t even rank in the top 10, meaning it accounts for less than one percent of scam sites.

16. There were over 26,000 COVID-19 related malicious file detections

Since May 2020, McAfee has been keeping track of COVID-19 related malicious file detections across the globe. In 2020, 26,408 incidents were detected in France. While this sounds like a lot, France escaped the list of the top 15 countries to see these types of malicious files. That list was led by the US (2,557,010 detections) and ended with Belgium, which has seen 63,755 detections.

17. France ranks 40th out of 75 for its overall cyber security score

A Comparitech study ranked 75 countries on cyber security. Countries were assigned numerical scores based on over a dozen criteria including how often users within the country experience attacks, the cyber preparedness of each country, and how often attacks originate in the country. As seems to be a trend with France, the country fell roughly in the middle, scoring 19.10 and ranking 40th out of 75. The best performer was Denmark with a score of 3.56, and the country appearing at the bottom of the list was Tajikistan with 35.54 points.

18. 27 GDPR fines have been issued in France

Since the GDPR came into effect in 2018, Enforcement Tracker has been listing all related fines that have been made public. Out of 1,340 fines, 27 were issued in France.

France GDPR fines.
Source: Enforcement Tracker

19. The third largest GDPR fine was handed out in France

Enforcement tracker also provides further insight into GDPR fines. The largest fine so far was issued in Luxembourg, with France having the honor of third place. In this incident, France’s data protection supervisory authority issued Google LLC a €90 million fine.

20. Overall, France has issued over €260 million in GDPR fines

As of 2022, the total amount of all fines issued in France is €270,875,300. Google accounts for more than half of this on its own, with €150,000,000 of fines.

21. France has had over 5,000 data breaches since the GDPR came into effect

DLA Piper examined the total number of data breaches each country has dealt with. It found that France has seen 5,389 personal data breaches since May 2018. This is significantly lower than many other countries including Germany (77,747 breaches) and the Netherlands (66,527 breaches).

22. France saw a decrease in the number of breaches in 2020

France was one of the relatively few countries in Europe to observe a decline in the number of breaches in 2020 compared to the previous year. 2019 saw 2,159 breaches while there were 1,930 in 2020, a 10.6 percent decline.

23. The average cost of a data breach in France is $4.34 million

The IBM Cost of a Data Breach Report 2022 reveals how much companies lost as a result of data breaches in 2022. On average, French organizations spent $4.34 million on a breach. This is a significant chunk of money and puts France in seventh place compared to other countries. That said, it is still far lower than the amount spent by firms in the United States where the cost averaged $9.44 million.

Another upside is that the cost of a breach in France decreased by 0.24 percent in 2022 compared to 2021; it was one of just a handful of countries in the study that saw a decline.

24. 55% percent of breaches are the result of a malicious attack

IBM explored the cause of breaches and found that 55 percent of incidents in France are caused by malicious attacks. 24 percent are the result of system glitches and 21 percent are the consequence of human error.

25. It takes an average of 207 days to identify a breach

Wondering how long it takes to identify and contain a breach? IBM found that companies took on average 207 days to identify a breach and 70 days to contain it.

26. France is in the top 4 European countries affected by stalkerware

A Kaspersky study of the prevalence of stalkerware across the globe found that France saw 410 incidents involving stalkerware in 2022. This is less than half the number in 2020 (which was 904).

The only countries in Europe to see higher numbers were Germany (1,012), Italy (611), and the UK (430). These numbers were still fairly low compared to elsewhere in the world including Russia (7,541), Brazil (4,807), and the US (2,319).

27. 21% of intimate cyberviolence involves stalkerware

Kaspersky reports that according to a study of cyberviolence in intimate relationships conducted by the Centre Hubertine Auclert in France, “21 percent of victims have experienced stalkerware at the hands of their abusive partner.”

28. Surveilling someone without consent is a punishable crime

Kaspersky also notes that although stalkerware is prevalent in France, since 2020, it is a punishable crime to surveil someone without their consent. If convicted, perpetrators could face up to one year in prison and a fine of up to €45,000.

29. Only 27% of French adults know what ransomware is

Given the ransomware statistics above, it’s a little concerning that Proofpoint’s 2022 State of the Phish Report found that fewer than one-third of French respondents knew the definition of the term “ransomware.” However, French users were better informed than most on some other terms, including smishing, vishing, and malware.

30. Around one-quarter of employees use MFA

The 3rd Annual Global Password Security Report by LastPass reveals telling information about password habits. An interesting statistic is the portion of businesses with employees using Multi-Factor Authentication (MFA) on their accounts. This number is just 25 percent in France, putting it in the bottom three with Sweden (22 percent) and Italy (20 percent). Denmark had almost double the uptake at 46 percent.

MFA use in various countries.
Source: LastPass

31. France saw a 50% increase in major cyberattacks in Q4 2021

Konbriefing reports that France saw a month-on-month increase in cyberattacks in Q4 2021. The figures rose by three attacks in October 2021 (18.8%), by five in November 2021 (31.3%), and by eight in December 2021 (50%).

Graph showing French cyberattacks in q4 2021

32. A cyberattack in October 2021 left a school reverting to pencil and paper

A large cyberattack on a school in the Nantes region of France affected around 5000 pupils and teachers. As files stored on the school’s computer network went missing, the decision was made to cut network access (with all course materials) and revert to an offline teaching method.

33. The town of Montceau-les-Mines, in Burgundy was completely paralyzed by a cyberattack in December 2021

France TV Info reported a cyberattack that happened on December 3rd, 2021 which saw attackers infiltrate a mail server, opening access to other servers in the vicinity. The report showed that in February 2022, systems were only just returning to normal.

34. In Q1 2022, French public administrations were the second-highest country affected by cyberattacks

While the United States took the top position with the largest number of attacks on public administrations with 13 major attacks, France was just behind with nine attacks.

Graph showing cyberattacks on public administrations in q1 2022

35. Healthcare was the second-most attacked industry in 2021

Public administration was the hardest hit industry in 2021, with 137 major cyberattacks. Hot on its heels was the healthcare industry with 131 attacks, with France taking its share with 14 attacks on local hospitals.

See also: