CESIN Barometer 2026: analysis of cyber threats and cybersecurity trends in France

Volume of cyberattacks: a misleading decline

According to the CESIN 2026 barometer, 40% of French companies have suffered at least one significant cyberattack in the past year. However, this downward trend masks significant disparities depending on the size of the organizations.

Breakdown by company size

Large companies remain the preferred targets of cybercriminals. The barometer establishes a clear correlation between the size of the organization and its exposure to risk:

• Large companies (more than 5,000 employees): 50% have been victims of attacks
• ETI (between 250 and 4,999 employees): 34% reported significant incidents

Attack vectors: focus on proven techniques

CESIN 2026 observes a simplification of the threat landscape, with a reduction in the diversity of attack vectors used by cybercriminals.

What are the dominant attack methods?

Phishing, spear phishing, and smishing remain the most widely used attack techniques, followed by the exploitation of security vulnerabilities. This predominance can be explained by their formidable effectiveness and low implementation costs.

What are the specific threats to large companies?

The CESIN 2026 barometer identifies several attack vectors that particularly affect large organizations:

• Indirect attacks via a third party: 43% of large companies cite this vector among those that have enabled the development of significant cyberattacks.
• Data leaks due to human or configuration error: 36%
• Activation of malicious components: 22%
• Internal threats (exfiltration, voluntary disclosure, or sabotage): 21%
• Deepfake scams: 9%, an emerging threat fueled by artificial intelligence

Third-party security incidents: a growing concern

One of the key findings of the CESIN 2026 barometer concerns the steady increase in security incidents involving third parties. This trend reflects the growing interconnection of information systems and the expansion of the attack surface beyond the traditional perimeter of the enterprise.

What types of incidents involve third parties?

• Security breaches at third parties involving data theft: 34% of companies affected
• Critical vulnerabilities in deployed products and components: 32%
• Ransomware at a third party disrupting business through a domino effect: 30%

Regulatory impact: NIS2, DORA, and CRA

The 2026 barometer highlights the growing impact of new European regulations on French companies' cybersecurity strategies.

How many companies are affected by cyber regulations?

• NIS2 : 59% of companies concerned (70% of large companies, 44% of microbusinesses/SMEs)
• DORA : 32% of organizations impacted (38% of large companies)
• Cyber Resilience Act (CRA): 30% of companies (37% of large companies, 23% of microbusinesses/SMEs)

These figures illustrate the growing regulatory pressure on organizations to strengthen their cybersecurity posture.

Consequences of cyberattacks: multifaceted impacts

The CESIN Barometer 2026 details the main consequences suffered by victims of attacks:

• Data theft: 52% of cases, confirming that information remains the most coveted asset
• Denial of service: 28% of incidents
• Data exposure: 27% overall, but 36% among large companies

Operational and reputational impacts

Cyberattacks most often cause disruption to production or damage to reputation. The media impact particularly affects large companies: 36% of them are affected, compared with only 14% of mid-sized companies, reflecting their increased public visibility.

Security frameworks: which standards are preferred?

To assess their cybersecurity maturity, companies rely on various recognized frameworks:

• ISO 27001/27002 : 68% (62% of large companies, 85% of microbusinesses/SMEs)
• ANSSI Hygiene Rules: 51% (43% of large companies)
• NIST : 41% (56% of large companies, 34% of mid-sized companies)

Changes in cyber budgets and staffing levels in 2026

The CESIN 2026 barometer provides valuable indicators on trends in cybersecurity investment.

How is the number of cybersecurity personnel changing?

GRC (Governance, Risk, and Compliance) teams:

• Increase: 27%
• Stability: 64%
• Decrease: 9%

Operational teams:

• Increase: 26%
• Stability: 67%
• Decrease: 7%

How are overall cybersecurity budgets changing?

• Increase: 34% of companies
• Stability: 51%
• Decrease: 15%

These figures reflect a gradual awareness, even though nearly two-thirds of organizations are maintaining their cyber workforce at constant levels, raising questions about the adequacy of the resources allocated in relation to the evolving threats.

What are the key findings of the CESIN 2026 barometer?

The CESIN 2026 barometer paints a nuanced picture of cybersecurity in France. Despite a decline in the overall volume of significant attacks, several warning signs warrant attention:

1. Increased severity of incidents: consequences worsen even as attacks decrease
2. Omnipresent third-party risk: the digital supply chain becomes the weak link
3. Regulatory pressure: NIS2, DORA, and eCRA redefine security obligations
4. Insufficient investment: most organizations are keeping their budgets stable in the face of evolving threats

For CISOs and decision-makers, this barometer is a strategic tool that enables them to position their organization in relation to industry trends and adjust their cybersecurity strategy accordingly.

The CESIN barometer provides an essential annual snapshot of the state of cybersecurity in France, enabling professionals to anticipate developments and adapt their defense strategies.

‍