For individuals and organizations in France, cyber security should be top of mind. Cyber crime rates continue to rise in the country with the cost of threats such as ransomware and data breaches impacting a large number of individuals and businesses. The country is responding with increased cyber security budgets and improved awareness, but there is still a way to go before it’s on par with leaders in the field.
Here are some of the latest statistics, facts, and trends, that reveal the state of cyber crime and cyber security in France.
- 1 1. Over 80% of organizations in France dealt with a successful attack in a one-year period
- 2 2. 61.3% of French organizations were hit with ransomware within a year
- 3 3. Companies in France allocate around 10% of their IT budget to security initiatives
- 4 4. In 2020, security budgets in France increased by an average of almost 5%
- 5 5. Machine learning and AI are favorable characteristics of security products for 82.6% of French companies
- 6 6. More than half of French organizations were hit by ransomware in 2020
- 7 7. 17% of French companies stopped ransomware attacks before data was encrypted.
- 8 8. 19% of French organizations paid the ransom
- 9 9. The average cost of a ransomware attack in France was over $470,000
- 10 10. 77% of companies in France have cyber security insurance
- 11 11. 27% have standalone cyber insurance
- 12 12. 3 major ransomware attacks have impacted French hospitals in 2021
- 13 13. France is the 5th most prominent source of spam
- 14 14. France has the 3rd highest share of attacked users
- 15 15. Around 1% of scam websites have a .fr domain
- 16 16. There have been over 26,000 COVID-19 related malicious file detections
- 17 17. France ranks 40th out of 75 for its overall cyber security score
- 18 18. 14 GDPR fines have been issued in France
- 19 19. The largest GDPR fine was handed out in France
- 20 20. Overall, France has issued over €54 million in GDPR fines
- 21 21. France has had over 5,000 data breaches since the GDPR came into effect
- 22 22. France saw a decrease in the number of breaches in 2020
- 23 23. The average cost of a data breach in France is $4 million
- 24 24. 55% percent of breaches are the result of a malicious attack
- 25 25. It takes an average of 205 days to identify a breach
- 26 26. France is in the top 4 European countries affected by stalkerware
- 27 27. 21% of intimate cyberviolence involves stalkerware
- 28 28. Surveilling someone without consent is a punishable crime
- 29 29. Only 30% of French adults know what ransomware is
- 30 30. Around one-quarter of employees use MFA
1. Over 80% of organizations in France dealt with a successful attack in a one-year period
A 2020 report by CyberEdge Group includes responses from information security professionals in various regions across the globe. It found that over 81.1 percent of French organizations experienced a successful cyber attack within a 12-month period. This was around the middle of the pack with companies in Mexico being the hardest hit and those in Turkey being the least likely to have dealt with an attack.
2. 61.3% of French organizations were hit with ransomware within a year
The CyberEdge report honed in on ransomware and revealed that around 60 percent of French businesses had been targeted with a ransomware attack within the year prior to the study. Again, this was around average. Chinese companies (76 percent) were the most popular ransomware targets while Japanese organizations (36.7 percent) were the least likely to see such attacks.
3. Companies in France allocate around 10% of their IT budget to security initiatives
Another key indicator covered by CyberEdge is the portion of their IT budget companies spend on security. For French businesses, this figure is 10.6 percent, which is lower than any country in the study except Japan where the figure is about the same. That said, it’s not that far below the global average of 12.8 percent.
4. In 2020, security budgets in France increased by an average of almost 5%
What’s more, France’s spending is increasing. The security budgets of French organizations increased by an average of 4.8 percent compared to the previous year.
5. Machine learning and AI are favorable characteristics of security products for 82.6% of French companies
One more interesting statistic provided by CyberEdge tells us about the interest of organizations in machine learning and AI characteristics in security products. Over 80 percent of French countries are interested in these technologies, which is about average compared to other countries in the study.
6. More than half of French organizations were hit by ransomware in 2020
According to The State of Ransomware Report 2020 by Sophos, 52 percent of French organizations were hit by ransomware in 2020. This figure is a little lower than that provided in the CDR mentioned above. In the Sophos report, it put France just a percentage point or so above the global average. India topped this list with 82 percent, followed by Brazil with 65 percent and Turkey with 63 percent.
7. 17% of French companies stopped ransomware attacks before data was encrypted.
We also learned about how effective companies were at blocking ransomware attacks. 17 percent of French organizations managed to stop this malware in its tracks. While this seems like a pretty solid performance, it actually puts France in the bottom seven out of 26 countries. The leaders, Turkey, managed to block 51 percent of attacks before data was encrypted.
8. 19% of French organizations paid the ransom
It was also interesting to discover how many companies paid the ransom. Just 19 percent of firms went ahead with payment in France, which is below the global average of 26 percent. The winners here appeared to be Spain and Italy where the portion of companies handing over ransom payments was four percent and six percent, respectively.
9. The average cost of a ransomware attack in France was over $470,000
Of course, ransom payments aren’t the only costs associated with ransomware attacks, and the remediation of such incidents can be expensive. On average, a ransomware attack costs French organizations $474,477.95. This is almost double what companies in the Czech Republic pay ($260,975.12) but is well below the global average of around $750,000.
10. 77% of companies in France have cyber security insurance
So are companies protected from a financial perspective when it comes to ransomware? Sophos asked organizations about their insurance policies. It found that well over two-thirds of French companies hold cyber security insurance in some form but only 50 percent of those have coverage for ransomware attacks.
11. 27% have standalone cyber insurance
The Hiscox Cyber Readiness Report 2021 delves a little deeper into cyber insurance and found that only 27 percent of French companies have standalone cyber insurance policies. This implies that many companies simply roll it into their business insurance policies. While any cyber insurance is better than none, standalone policies tend to be more comprehensive.
12. 3 major ransomware attacks have impacted French hospitals in 2021
BlackFog’s The State of Ransomware 2021 report includes a March 2021 ransomware attack that paralyzed Oloron-Sainte-Marie Hospital’s IT systems. Attackers demanded $50,000 in bitcoin in exchange for the encrypted data.
An earlier attack in February 2021 saw the Egregor gang cause major network disruption at the Dax-Côte d’Argent Hospital Center. Staff had to revert to using pen and paper as the entire network was affected. The hospital was forced to only accept patients with major emergencies for a period of time. A similar attack hit a hospital in Villefranche-sur-Saône, also in February.
13. France is the 5th most prominent source of spam
According to research by Kaspersky, France produces a fairly large portion of spam. The country was fifth in the world in terms of spam volume in both 2019 and 2020. In 2020, France was the source of 5.97 percent of the world’s spam, while Russia was largest source with 21.27 percent.
The same report also shed light on each country’s share of attacked users. Anti-phishing was triggered on the devices of 17.90 percent of Kaspersky users in France. This is a higher portion than in most other countries and isn’t too far behind the countries topping the list (Brazil with 19.94 percent and Portugal with 19.73 percent).
15. Around 1% of scam websites have a .fr domain
Kaspersky also looked at where scam originates by examining the domain extensions of scam sites. As expected, .com extensions are the most popular accounting for 24.36 percent. In second spot is .ru (2.12 percent) and in third is .com.br (1.31 percent). The .fr extension comes in at seventh palace on the list, appearing in 1.08 percent of scam site domains.
Since May 2020, McAfee has been keeping track of COVID-19 related malicious file detections across the globe. In France, the total number of detections sits at 26,408. While this sounds like a lot, France escapes the list of the top 15 countries to see these types of malicious files. That list is led by the US (2,557,010 detections) and ends with Belgium, which has seen 63,755 detections.
17. France ranks 40th out of 75 for its overall cyber security score
A Comparitech study ranked 75 countries on cyber security. Countries were assigned numerical scores based on over a dozen criteria including how often users within the country experience attacks, the cyber preparedness of each country, and how often attacks originate in the country. As seems to be a trend with France, the country fell roughly in the middle, scoring 19.10 and ranking 40th out of 75. The best performer was Denmark with a score of 3.56, and the country appearing at the bottom of the list was Tajikistan with 35.54 points.
18. 14 GDPR fines have been issued in France
Since the GDPR came into effect in 2018, Enforcement Tracker has been listing all related fines that have been made public. Out of 638 fines, 14 were issued in France.
19. The largest GDPR fine was handed out in France
The DLA Piper Data Breach Report 2021 provides further insight into GDPR fines. The largest fine so far was issued in France by the CNIL, France’s data protection supervisory authority. It was issued to Google Inc., which was required to pay €50 million.
20. Overall, France has issued over €54 million in GDPR fines
Clearly, the Google fine was the most significant as the total amount of all fines issued in France is €54,436,300. This puts the country’s total in third place behind Italy and Germany, both of which have issued around €69 million in GDPR fines. Behind France is the UK at around €44 million, and then Spain which has issued over €14 million in fines.
21. France has had over 5,000 data breaches since the GDPR came into effect
DLA Piper also examined the total number of data breaches each country has dealt with. It found that France has seen 5,389 personal data breaches since May 2018. This is significantly lower than many other countries including Germany (77,747 breaches) and the Netherlands (66,527 breaches).
22. France saw a decrease in the number of breaches in 2020
France was one of the relatively few countries in Europe to observe a decline in the number of breaches in 2020 compared to the previous year. 2019 saw 2,159 breaches while there were 1,930 in 2020, a 10.6 percent decline.
23. The average cost of a data breach in France is $4 million
The IBM Cost of a Data Breach Report 2020 reveals how much companies lost as a result of data breaches in 2020. On average, French organizations spent $4.01 million on a breach, just above the global average of $3.86 million. This is a significant chunk of money and puts France in sixth place compared to other countries. That said, it is still far lower than the amount spent by firms in the United States where the cost averaged $8.64 million.
Another upside is that the cost of a breach in France decreased by 5.3 percent in 2020 compared to 2019; it was one of only four countries in the study that saw a decline.
24. 55% percent of breaches are the result of a malicious attack
IBM explored the cause of breaches and found that 55 percent of incidents in France are caused by malicious attacks. 24 percent are the result of system glitches and 21 percent are the consequence of human error.
25. It takes an average of 205 days to identify a breach
Wondering how long it takes to identify and contain a breach? IBM found that French companies took on average 205 days to identify a breach and 75 days to contain it. The combined 280 was exactly on par with the global average, again exemplifying France as a very middle-of-the-road performer when it comes to cyber security.
26. France is in the top 4 European countries affected by stalkerware
A Kaspersky study of the prevalence of stalkerware across the globe found that France saw 904 incidents involving stalkerware in 2020. The only countries in Europe to see higher numbers were Germany (1,547), Italy (1,144), and the UK (1,009). These numbers were still fairly low compared to elsewhere in the world including Russia (12,389), Brazil (6,523), and the US (4,745).
27. 21% of intimate cyberviolence involves stalkerware
Kaspersky reported that according to a study of cyberviolence in intimate relationships conducted by the Centre Hubertine Auclert in France, “21 percent of victims have experienced stalkerware at the hands of their abusive partner.”
28. Surveilling someone without consent is a punishable crime
The Kaspersky report also notes that although stalkerware is prevalent in France, since 2020, it is a punishable crime to surveil someone without their consent. If convicted, perpetrators could face up to one year in prison and a fine of up to €45,000.
29. Only 30% of French adults know what ransomware is
Given the ransomware statistics above, it’s a little concerning that Proofpoint’s 2021 State of the Phish Report found that fewer than one-third of French respondents knew the definition of the term “ransomware.” However, French users were better informed than most on some other terms, including smishing, vishing, and malware.
30. Around one-quarter of employees use MFA
The 3rd Annual Global Password Security Report by LastPass reveals telling information about password habits. An interesting statistic is the portion of businesses with employees using Multi-Factor Authentication (MFA) on their accounts. This number is just 25 percent in France, putting it in the bottom three with Sweden (22 percent) and Italy (20 percent). Denmark had almost double the uptake at 46 percent.