Splunk, an American company developing software for research, monitoring and analysis of machine data, and purchased by Cisco for $28 billion, published its annual cybersecurity report on April 30. Between December and April, 1,650 information systems security managers (CISOs) from nine different countries, including France, Germany and the United Kingdom, were surveyed.
Combining compliance and cybersecurity, a major challenge
The report first highlights how difficult it is for businesses around the world to stay up to date on cybersecurity compliance requirements. For 46% of them, compliance with these requirements has become more complicated over the last two years, a figure which rises to 56% for French companies. To the point of creating an incompatibility between cybersecurity and compliance: more than 8 out of 10 CISOs say they will modify their budgets to prioritize compliance with new regulations, rather than security best practices.
Advertisement
This situation is partly explained by the future application of the European directive NIS2, which must be transposed into French law in October. The legislation aims to harmonize the level of cybersecurity across Europe, and will concern the vast majority of SMEs and most communities. The National Information Systems Security Agency (Anssi), however, wants to be reassuring on this subject, explaining that it would give companies 3 years before carrying out checks. In the United States, new rules established by the Securities and Exchange Commission (SEC) require certain companies to report their cybersecurity incidents.
More sophisticated threats that make controls less effective
Among CISOs who say cybersecurity requirements are becoming more difficult to manage, 38% cite the sophistication of threats, with more complicated implementation of controls. 27% say they cannot devote enough time to improving their cybersecurity, reflecting a lack of long-term investment, and 26% struggle to keep up with the constant stream of security alerts.
In France, one manager in 3 indicates that the number of tools available to them and suppliers has become too large to be able to effectively manage the security of their company. For 4 out of 10 French CISOs, the complexity of security tools and technologies can lead to human configuration errors.
French companies less exposed to cyberattacks
Since 2021, cyberattacks causing data breaches have increased by 13% globally, and ransomware attacks by 14%. However, these are not the most worrying cyber threats for CISOs: 36% mainly fear an attack based on an artificial intelligence tool. Only 18% of respondents consider attacks aimed at compromising their messaging systems to be the most concerning, while these attacks rise to the second place of the most frequent incidents in 2024.
Advertisement
However, when it comes to protection against cyberattacks, French companies are doing well. Fewer people report having suffered cyberattacks in the last two years, compared to the global average. Thus, 44% of them indicated having suffered a data breach (52% globally), 40% a ransomware attack (vs. 45%) and 37% a denial of service (DDoS) attack. .
Selected for you