Cybercrime is thriving in Europe and across the globe, and France is no exception. Although the National Cyber Security Index (NCSI) ranks France as one of the top ten countries best prepared against cyber attacks, the number of cyber threats and incidents, especially ransomware, is on the constant rise in the country.
We've decided to dig deeper into the numbers and try to discover why this is so. In this article, we share some of the most fascinating cybersecurity and cybercrime statistics for France in 2022 that we found during our research.
Cybersecurity and cybercrime in France – the latest data, statistics, and facts
Without further ado, here's the most significant information we've gathered while researching the topic.
1. 73% of French organizations experienced ransomware attacks in 2022
The State of Ransomware Report 2022 by Sophos reveals that almost three-quarters (73%) of French organizations have suffered ransomware attacks in 2021. The survey was based on feedback from 5,600 IT professionals working in mid-sized organizations in 31 different countries worldwide. For comparison's sake, the average across these countries was 7% lower, or 66%. Austria and Australia were the most-affected countries, with over 80% of organizations hit by ransomware in 2021.
2. Only 10.7% of the IT budget of French companies goes toward information security
According to the Cyberthreat Defense Report by CyberEdge, French businesses allocate 10.7% of their IT budget to securing company information. This is lower than other countries in the study, and below the global average, which is 12.7%. The report also shows that the global average hasn't changed much in the last four years. For example, in 2018, it was 12.1%.
3. The estimated cost of cybercrime in France in 2022 is $66.75 billion
The estimated cost of cybercrime in France has been on a steady rise since 2016, with continuous upgoing tendencies. That year, the estimated cost of cybercrime in the country was $5.1 billion and it has increased at least 13 times since – to $66.75 billion in 2022. The report by Statista, based on National Cyber Security Organizations, FBI, and IMF, also estimates that the cost could reach a whopping $315 billion by the end of 2027.
4. One in two internet users in France were phishing targets in 2021
A report by Cybersecurity Business School on Cybercrime in France and Europe, reveals that almost 50% of internet users in France have experienced a phishing attempt via email or by phone. What's more, nearly half of these phishing attacks (47%) happened at home due to an increase in remote work positions and insufficient employee awareness of cyber threats.
5. More than half of companies in France plan on increasing their IT defense systems in 2022
According to the same report, 20% of French companies have increased their budget for the cybersecurity sector in 2021. It also stated that over 50% of companies want to increase their budget for the fight against cybercrime in 2022. France spent most of its cybersecurity funds in 2021 on:
- Risk audits
- Raising employee awareness
- Improvements in the IT systems protection department
- Purchase of protection equipment, both software and hardware
The only way to win cyberwar is to avoid it
6. Financial gain motivates 75% of cybercrimes in France
Surprise, surprise! The great majority of cyber attacks in France are money-driven. Approximately 75% of attackers try to extort money from their victims, usually by blackmailing or reselling stolen data. The other 10% get involved in criminal activities to gain attack capability – to gather data or resources which will help them intimidate or attack their next victim.
The motivation behind the remaining 15% of breaches usually stays undetermined. It often happens because attacks get abandoned or interrupted. Sometimes fraudsters carry on an attack without further actions, so the reason behind the breach never gets discovered.
7. In 90% of cyber breaches, data gets irretrievably lost
The above Benchmark report also shows that, in 90% of cases, the victims of cybercrime in France never retrieve their data back. Another significant finding is that, despite such high losses, ransom payments were in considerable decline in 2020.
Only 5% of the victims accepted to pay the ransom, as opposed to 20% in 2019. One of the possible explanations for such a big decline is raised awareness of how cyber criminals operate. Most people learned that payment of the ransom won't resolve or accelerate the resolution of the crisis.
8. France is the 5th most spammed country in the world
A study by Kaspersky shows which countries received the most spam mail in 2020. The US and China, which were "the leaders of spam" in the previous years, dropped to third and fourth place – with 10.47% and 6.21% of all spam ending up in these two countries. Russia rose to first place, as the homeland to 21.27% of all spam emails. Germany was second with 10.97%, and France was fifth with 5.97%. The next in line were the Netherlands (with 4%), Spain (2.66%), Japan (2.14%), and Poland (2.05%).
9. 1.08% of scam websites have a .fr domain
The study also looked into the relationship between a domain name extension and spam worldwide. As expected, the domains ending in .com received the most spam email in 2020.
The remainder of the top 10 most spammed domains comprised various country-code domains. And so, the websites with .ru extension became the second most spammed with 2.12% of spam received, and the Brazilian .com.br was third with 1.31%. French domain extension .fr ended up in seventh place, with 1.08% of all spam sent to that domain.
10. France is the fourth highest European country by the amount of stalkerware usage
Another Kaspersky study dealt with the prevalence of stalkerware in different countries worldwide. The study discovered that France was the fourth-highest European country by the number of stalkerware incidents in 2021, with 410 such incidents recorded.
Germany, Italy, and the UK were the only three countries in Europe that ranked higher on the list. Germany had 1,012 incidents involving stalkerware, Italy had 611, and the UK had 430. Still, the situation was far better than in some other countries, such as Russia with 7,541 stalkerware incident reports, Brazil with 4,807, and the US with 2,319.
11. Stalkerware is a common method of abuse in relationships
Seven in 10 women in Europe who are victims of cyberstalking in Europe have also experienced physical or sexual abuse from their intimate partner in the past. In France, 21% of victims of abusive relationships have dealt with stalkerware as well. What's more, 69% of the abuse victims shared the fear that their partners have secretly been accessing their mobile phones in search of information.
12. 82% of French people worry about the global risks of cyber attacks
In a study conducted by Ipsos and Sopra Steria, 82% of French correspondents said they are worried about cyber attacks occurring worldwide, and 79% are worried about the cyber security situation in their own country. The potential consequences of cyber attacks that worry them the most are:
- Paralysis of administrative services (72%)
- Paralysis of emergency services (71%)
- Power cut throughout the country (69%)
- Potential nuclear or industrial disaster (66%)
- Breakdown in the food supply chain (59%)
When it comes to the level of trust in the institutions and websites that handle their data, French citizens said they trust health professionals the most (87%), followed by banks (86%), tax authorities (85%), and the National Health Insurance system (85%). On the other hand, they have the least confidence in social networks (21%), search engines (42%), telephone operators (51%), and online sales sites (52%).
13. December 2021 saw the biggest number of major cyber attacks
December was the most critical month in terms of major cyber attacks in France in the last quarter of 2021. In October 2021, three new major cyber attacks occurred, responsible for approximately 18.8% of all cyber attacks in that quarter. Five happened in November 2021 (or 31.3%), and December saw 50% of all cyber attacks, with eight cases of major breaches.
14. Malicious attacks remain the main cyber attack vector in France
According to IBM's Cost of a Data Breach Report 2022, malicious attacks are still the main cause of online data breaches in organizations worldwide (including France). Approximately 24% of other breaches happen because of (or are aided by) human error and the remaining 21% occur because of disruption or failure in an organization’s computer and IT systems.
15. France is the #7 costliest country for the average total cost of a data breach
Although France remains in the top 10 countries with the highest average total cost of a data breach, the good news is that the situation has slightly improved in 2022. Next to Germany, Japan, South Korea, Scandinavia, and Turkey, France was the only country on the list that saw a decrease in the average total cost of a data breach year-over-year – from $4.57 million in 2021 to $4.34 million in 2022.
The United States, the Middle East, and Canada, on the other hand, saw yet another increase in expenses caused by data breaches in those regions. The US remains the leader of the category for the 12th year in a row.
16. It takes 277 days to identify and contain a breach within an organization
This may sound like an awful lot, however, the average time spent on identifying and containing data breaches actually reduced by 10 days, or 3.5%, in 2022. In 2021, organizations needed 287 days on average to detect and contain a breach, which was reduced to 277 days in 2022. In the course of the last seven years, the year 2017 had the best results in this regard. That year, companies spent 257 days on average identifying and containing a data breach within their circles.
17. Public administrations suffered 25% of all cyber attacks in Q4 2021
Looking again at the major cyber attacks in France in Q4 2021, brought to us by KonBriefing, we can see a noticeable distinction in some professional/administrative spheres in which cyber attacks were particularly flourishing. And so, in the fourth quarter of 2021, the fields which suffered the most cyber attacks were public administration, healthcare, and education with 25%, 18.8%, and 12.5% of all incidents, respectively.
18. 52% of French organizations hit by ransomware experience a negative impact afterward
According to a report by Cybereason called Ransomware the True Cost to Businesses, organizations worldwide suffer different levels of negative impacts to their businesses in the aftermath of ransomware attacks. France is among the countries in which organizations are more likely to report such negative effects. In fact, as the survey showed, over half of the French organizations (52%) hit by ransomware experienced a negative impact afterward.
The situation is even more alarming in Japan (69%) and Italy (63%). In the US, on the other hand, only 32% of organizations reported that ransomware attacks damaged their businesses in the longer run.
19. 68% of French organizations have organization-wide cybersecurity training
Compared to other regions in the world, France scored quite high in the area of organization-wide cybersecurity training. A study by Proofpoint called 2022 State of the Phish revealed that 68% of French organizations delivered organization-wide training throughout 2021, which is more than any other country surveyed.
On a global level, however, fewer than 60% of organizations deliver such training, and among those that do, half strictly focus on specific departments and roles. What's more, less than 50% of organizations in the world train their employees on email-based phishing attacks, and just 43% cover ransomware in their training. These numbers are quite disheartening, especially considering that over 80% of organizations worldwide have suffered at least one phishing attack in 2021.
20. Less than one-third of French adults are familiar with the term ransomware
Despite the relatively high percentage of cybersecurity-trained French employees, Proofpoint discovered that only 27% of the French adult population knew what the term "ransomware” meant in 2021. Fortunately, the results were somewhat better when the correspondents were asked about some other cybersecurity terms, such as phishing and malware.
21. 81% of French employees know they should be cautious with unsolicited emails
Another field in which French correspondents showed somewhat less knowledge than their colleagues from other countries was "the cybersecurity of emails". Whereas, on the global level, 86% of respondents knew they had to be extra cautious with unsolicited messages, only 81% of French workers showed the same awareness. This made them the only group in the survey with a score lower than 85%.
22. France has seen over 5,000 data breaches since GDPR enforcement
DLA Piper GDPR fines and data breach survey: January 2021 looked into the total number of data breaches in each EU country since GDPR enforcement in May 2018. By the end of January 2021, when the report was concluded, France had already seen 5,389 personal data breaches.
With this, France made it to the top 10 on the list of countries with the most personal data breaches notified per jurisdiction. However, the top three countries on the list – Germany (77,747 breaches), the Netherlands (66,527 breaches), and the UK (30,536 breaches) have seen significantly more reports during that period.
23. France has issued over €290 million in GDPR fines so far
GDPR Enforcement Tracker gives us a direct insight into the total amount of fines and penalties issued per country under the GDPR. As of October 2022, France surpassed the €290 million benchmark, with a €20 million fine issued to Clearview Al Inc. for insufficient fulfillment of data subjects' rights. Google alone accounts for over half of these, with €150,000,000 in fines imposed by France.
24. Less than one-third of French organizations apply cloud-based security solutions
According to CyberEdge, only 32.3% of French companies rely on cloud-based security solutions. This is far less than most other surveyed countries, and almost 10% less than the global average, which was 41.1% in 2022. The only two countries which scored less in this cybersecurity area were Germany (31.3%) and China (30.9%).
25. Only 25% of French employees use MFA
Multi-factor Authentication (MFA) and Two-factor Authentication (2FA) are recognized as some of the most effective ways of securing one's online accounts. Still, a report by LastPass shows that only 25% of employees in France use one of these methods to secure their work-related accounts.
Denmark, which is the first on the list of countries that apply MFA, has almost double the uptake, with 46% of employees using it. In the meantime, the only two countries which scored worse than France were Sweden (22%) and Italy (20%).
26. Only 24% of French companies have standalone cyber insurance
The Hiscox Cyber Readiness Report 2022 comes with an interactive tool showing current cyber security solutions and insurance methods different countries in Europe are using. According to the report, only 24% of French companies have standalone cyber insurance in 2022.
Although standalone policies are usually more comprehensive, 37% of corresponding companies said they have cyber insurance coverage as part of some other policy. But what causes the most alarm is that the rest of the French companies, or 39% of them, have no cyber insurance policy whatsoever.
27. Phishing emails remain the main point of ransomware entry
The same Hiscox cybersecurity tool shows that 66% of ransomware attacks start with a phishing email. The next most common point of ransomware entry is credential theft – responsible for 37% of attacks. Brute force accounts for 14% of all attacks.
28. French people on average reuse 14 passwords
Recycling passwords is never a good idea. However, it seems to be a common trend, and equally present across most countries in the world. Employees worldwide tend to reuse 11 (Sweden and Denmark) to 15 (Canada) passwords on average. France is somewhere in the middle, with employees reusing 14 passwords on average across different sites and platforms.
29. Threat actors demanded 10 million from a hospital in France
In August 2022, cyber attackers demanded a staggering $10 million for unblocking the systems of a hospital in France, which they previously hacked. The event paralyzed the IT system of the hospital center in Corbeil-Essonnes, leaving staff with limited resources and reverting them to manual fill-in of patients' data. Cyber attacks targeting hospitals in France have seen a 70% rise from 2020 to 2021, with at least 380 new cases.
30. France had an 84% increase in cybersecurity incidents in 2021
McAfee Labs Threats Report, released in June 2021, shows a significant increase in cybersecurity incident reports between Q4, 2020 and Q1, 2021 in France. The number of incidents has increased by 84%, making France the sixth most targeted country on the list. Multiple industries suffered attacks during this period, including healthcare.
31. Approximately 33% of parents in France use parental control to promote their kids' safety online
When it comes to cyber safety of their children, French people show decent levels of awareness and readiness to take precautionary measures. Considering that the global average of parental controls software usage on smartphones is around 27%, France showed above-average results in this sphere, with 33% of parents employing these precautionary measures.
Interestingly, India, with 37% of parents using parental control software, leads the way in promoting children's online safety. Japan (12%), on the other hand, scored very low in the area.
Final word
While online security in France has seen improvements in some spheres, like increased hours of cybersecurity training, it's still lacking in many others. Inadequate company cyber defense budgets, insufficient application of cloud back-ups and MFA, and slow expansion of standalone cybersecurity insurances are just some areas that need improvement.
It doesn't help either that the pandemic and post-pandemic years have brought about tremendous changes in the corporate and tech world as we know them – and created space for new vulnerabilities. The situation in France is not yet alarming, especially when compared to some less developed countries in the world. But, France too, like most other countries, still has a long way to go to make its corporate systems, public sectors, and private households truly secure.