Cybersecurity in France, by the numbers
Official figures, sourced and dated, not estimates. 2025 data, drawn from the latest public reports by the CNIL, Cybermalveillance.gouv.fr, the ANSSI, ENISA and IBM (healthcare sector in France: 2024 data).
victims assisted by Cybermalveillance.gouv.fr in 2025, up 20% in a year. The platform crossed the 5 million visitor mark.
Data breaches & leaks
increase in requests for help with a data breach on Cybermalveillance.gouv.fr in 2025, across all audiences.
data exfiltrations brought to the ANSSI's attention in 2025, up from 130 in 2024.
Threats & attacks
phishing remains the number one cyberthreat in France, across all audiences, in 2025.
account hijacking takes the top spot among threats targeting professionals in 2025.
ransomware compromises brought to the ANSSI's attention in 2025, with the Qilin strain leading the way (21%).
security events handled by the ANSSI in 2025 (down 18% after the 2024 Olympics peak): 2,209 alerts and 1,366 incidents.
Most exposed sectors
Ransomware hits the least well-equipped organisations first.
small and mid-sized businesses remain the category of entities most affected by the ransomware tracked by the ANSSI in 2025.
of ransomware victims tracked by the ANSSI in 2025 are local authorities; healthcare reaches 8%, and is rising.
security incidents reported in the healthcare and social care sector in France in 2024, up 29% on 2023.
of the incidents handled by the ANSSI in 2025 targeted education and research, the most affected sector (government and local authorities: 24%).
Sanctions & regulation
in GDPR fines issued by the CNIL in 2025 (€486,839,500 exactly), across 83 sanctions.
complaints received by the CNIL in 2025, a new record, up 10% year on year.
of the CNIL's 83 sanctions in 2025 were issued through the simplified procedure.
inspections carried out by the CNIL in 2025, for 259 decisions in total, including 143 formal notices.
Europe & the world
new vulnerabilities recorded in the EU over a year (+27%), 7% of them rated critical.
of the phishing emails analysed (late 2024 to early 2025) rely on artificial intelligence.
incidents recorded by ENISA from July 2024 to June 2025; denial-of-service (DDoS) dominates (nearly 77%).
average global cost of a data breach in 2025, the first drop in five years; $7.42M in healthcare, the most costly sector.
Sources
Using these figures? Cite the original source (CNIL, Cybermalveillance.gouv.fr, ANSSI, ENISA, IBM). For context and analysis, see my articles.

Don't miss the next analysis