France's Cybersecurity Landscape: Strategic Priorities for 2025
France stands at a critical cybersecurity crossroads in 2025, facing increasingly sophisticated threats. The past year saw unprecedented attacks targeting critical infrastructure, healthcare systems, and personal data, affecting millions of citizens and testing national resilience capabilities. These incidents, ranging from the record-breaking breaches at France Travail breach to coordinated attempts to disrupt the Paris Olympics, demonstrate that cyber threats have evolved from isolated criminal activities to strategic challenges requiring a coordinated national response.
France recently began enforcing the EU AI Act, NIS2 and other new cybersecurity and AI legislation. Organizations are feeling the pressure to comply with these new regulations while defending against cybercriminals employing increasingly advanced techniques.
The trends observed in ANSSI's 2025 Threat Overview illustrate the diverse motivations and creative methods of cybercriminals and underscore how cybersecurity governance, preparation, and effective risk management can effectively mitigate these sophisticated attacks.
Major Cyberattacks in France (2024)
Healthcare Sector Data Breach – February
In early February, two French healthcare payment service providers, Viamedis and Almerys, within 5 days of one another, reported data breaches to the French data protection authority (CNIL). The breaches affected more than 33 million people, exposing policyholder information such as civil status, date of birth, social security number, health insurer’s name, and contract details, including similar data for policyholders’ family members.
France Travail Data Breach – March
While remediation efforts were still underway for the Viamedis and Almerys incidents, France Travail, the French unemployment agency, set a record for the largest cyberattack in the country’s history. It reported a breach affecting 43 million people, with exposed data covering job seekers registered with agency over the past 20 years. The attack was attributed to the Clop ransomware group, which exploited a zero-day vulnerability in the MOVEit Transfer software tool.
Telecom Sector Cyberattacks – September & October
In September, telecom provider SFR reported a data breach affecting 3.5 million customers. In notifications sent to affected users, the company disclosed that exposed data included personal details provided during online purchases, such as SIM card identification numbers and banking information.
The following month, Free, France’s second-largest internet provider, suffered a major cyberattack targeting an internal management tool. The breach compromised the personal identifiable information (PII) of 19 million customers, including full names, email and postal addresses, phone numbers, contract details, and, for some, banking information.
Cybersecurity at the 2024 Paris Olympics
A prime example of cyber resilience in action was France’s cybersecurity strategy for the 2024 Summer Olympics in Paris. As one of the world’s most high-profile events, the Olympics presented a significant target for cybercriminals, state-sponsored hackers, and misinformation campaigns.
To counter these threats, France implemented a multi-layered cybersecurity strategy involving government agencies, private sector partners, and international cooperation.
According to ANSSI’s 2024 Cyber Threat Overview, two major ransomware attacks were detected during the Olympics. One ransomware attack targeted the central data system for the Réunion des Musées Nationaux network. The Grand Palais and the Château de Versailles are part of the network and were hosting Olympic events at the time of the attack. The second major ransomware attack was reported by Paris-Saclay University, the is home to the French Anti-Doping Laboratory.
However, neither attack was able to disrupt critical information systems or interfere with the events. ANSSI attributed the mitigation of these attacks to the segmentation of information systems and the swift remediation efforts taken once the threats were identified.
AI and the 2024 EU Parliament and French legislative elections
Consumers and voters in France are increasingly exposed to AI-generated content on social media, news sites and search engines. During the 2024 European Parliamentary elections, some French political parties posted AI-generated content on their social media pages. According to the EU’s 2024 Code of Conduct for the parliamentary elections, while the use of AI-generated content is not forbidden, it should be clearly labeled.
According to a report by the non-profit organization AI Forensics, 51 instances of AI-generated images were posted and re-posted by various political parties in France for the EU parliamentary and legislative elections that followed across Facebook, Instagram, and X. None of the AI-generated content was labeled as such, despite the EU election Code of Conduct.
The Digital Services Act, which entered into French law in August 2023, also recommends that platforms and search engines with more than 45 million active monthly users label AI-generated content. This has not yet become standard practice on platforms like Facebook, Google, TikTok, YouTube or X (formerly Twitter).
The use of AI-generated content represents a growing concern among social scientists, governments, business leaders, and security professionals as it impacts information integrity and public trust.
Threat Landscape in Numbers: ANSSI's Statistical Overview
According to ANSSI's latest data, 2024 saw a significant increase in security incidents across both public and private sectors.
In 2024, ANSSI's operational teams processed 4,386 security events, which is a 15% increase from the previous year. Of these incidents, the agency confirmed 1,361 successful malicious attacks on information systems. This upward trend underscores the persistent and evolving nature of cyber threats facing French organizations.
Ransomware: A Persistent and Evolving Threat
Ransomware attacks remain particularly problematic in the French cybersecurity landscape. ANSSI documented 144 cases of compromise by ransomware in 2024, involving 39 different ransomware strains. The most prevalent strains were Lockbit 3.0 (15%), Ransomhub (7%), and Akira (7%), with new emergent strains including Ransomhub, Monti, and Lynx making their first appearances.
The distribution of ransomware incidents across different sectors reveals significant vulnerabilities in the French business landscape. Small and medium-sized enterprises (SMEs), very small enterprises (VSEs), and mid-caps continue to bear the brunt of these attacks, accounting for 37% of all ransomware incidents reported to ANSSI. This disproportionate targeting reflects a critical security gap, as these organizations often lack dedicated cybersecurity personnel, adequate security budgets, and the technical expertise necessary to implement robust defenses.