Nadia Antonin
The explosion of data in the digital world, referred to as the concept of big data, poses numerous challenges for contemporary society. Data security is now a major challenge of unprecedented scale in the face of data breaches. ‘For almost two years now, not a week – or even a day – has gone by without us hearing about a new data breach in France,’ says Clément Domingo, a security expert.
Recent examples of massive data breaches illustrating France’s digital vulnerability
On 18 February 2026, the Ministry of Finance revealed in a press release that, since the end of January 2026, a cybercriminal had been able to access 1.2 million accounts in the National Bank Account Database (FICOBA). The hack is said to have been made possible by the theft of a civil servant’s login credentials, with access lasting approximately one month. The personal data disclosed included ‘bank details (RIB/IBAN), the account holder’s identity, their address and, in some cases, the user’s tax identifier’. What about securing such a sensitive application? Can access to such sensitive databases be based solely possessing a username and a password? According to Clément Domingo, ‘an employee’s password and email address are sufficient, in each case, to hack sensitive data’. According to Etienne Wery, a lawyer practising in Brussels and Paris, ‘In principle, access to such sensitive databases requires strong authentication mechanisms, strict limitation of the rights granted, and detailed tracking of the accesses made. In addition, there are monitoring requirements.”
On 27 February 2026, the French Ministry of Health confirmed the enormous scale of a health data breach. The cyberattack targeted 1,500 doctors who use the Cegedim software. Gérôme Billois, a cybersecurity expert at Wavestone, sees this as the result of ‘years of underinvestment in cybersecurity’ in the healthcare sector.
Cyberattacks can also have disastrous consequences for businesses (theft of sensitive data, financial losses, damage to reputation, etc.) and, in the worst-case scenario, can lead them to bankruptcy.
An overview of cybersecurity in France
According to Check Point’s annual report on the threat landscape in France, published in February 2026, France ranks second among the most targeted European countries. With 13% of attacks, it ranks second, behind the United Kingdom (17%). Furthermore, according to data published on 19 February 2026 by the Public Statistics Service for Internal Security, around 17,600 cyberattacks were recorded in France in 2025, an increase of 4% compared to 2024.
Why is France being targeted? How can we explain the targeting of French companies or public authorities?
According to the aforementioned report, the main hypotheses put forward are: France’s economic clout, its increasing use of digital technologies, and its geopolitical role, particularly within the EU and in its support for Ukraine. The sectors most targeted are the government sector, with 22% of attacks, business services (18%), and retail (15%).
The most common forms of attack remain the same, with a marked increase in phishing, which, according to the third cybersecurity barometer by Docaposte and Cyblex Consulting, affects 38% of organisations, ransomware, which remains high at 28%, and data loss or theft, which stands at 17%.
Finally, cybercrime comes at a considerable cost. According to Statista, the annual cost of cybercrime in France is estimated at €118 billion in 2024, equivalent to 4% of GDP. In 2023, it reached €93.5 billion, whereas in 2016, it stood at €5.1 billion.
The gap between the measures put in place to combat cybercrime and the level of the threat continues to widen, due in particular to underinvestment in cybersecurity, a lack of an overarching strategy, etc.
Overall, we are observing a lack of ‘digital hygiene’ within businesses and public administrations, i.e., a set of best practices to protect data and avoid digital pitfalls.
A cybersecurity culture should not be optional: it is essential
Neglecting security is a serious mistake. It is essential to develop a genuine culture of digital security. In mid-January 2026, the Minister of the Interior, Laurent Nunez, acknowledged before the Senate a ‘lack of digital hygiene’ in connection with the cyberattack on his ministry.
Good digital hygiene is not based solely on tools, but also on a culture of cybersecurity.
A cybersecurity culture refers to the set of attitudes, behaviours, knowledge and practices adopted by individuals and organisations to protect IT systems, networks and data from cyberattacks and unauthorised access.
Developing an effective and sustainable cybersecurity culture requires a number of principles:
– Understanding that security is everyone’s responsibility. It is a collective responsibility rather than a matter for experts alone;
– Acknowledge that human error remains the primary vulnerability in cybersecurity. 82% of data breaches are linked to human factors;
– Provide regular training for employees;
– Integrating cybersecurity into all projects from the design stage (security by design);
– Implement cyberattack simulations that enable the proactive identification and remediation of security vulnerabilities, before they can be exploited by real criminals.
Organisations such as the French National Agency for the Security of Information Systems (ANSSI) and the European Union Agency for Cybersecurity (ENISA) emphasise the importance of this cultural approach.
In short, cybersecurity is a collective mindset, a daily discipline and a cornerstone of modern governance. Not investing in a cybersecurity culture means accepting major risks.