Companies have benefited from the enormous amount of attention that IT threats have received in the media in recent years. Now they are no longer confining themselves to simply installing antivirus software to safeguard all their terminals and data, but have become more cautious and more inclined to seek stronger protection. They now consider security a key part of their approach to every new technology.
As a result, companies are now focusing more on security when considering new technologies – IoT, artificial intelligence, chatbots, etc. French companies realise that their data is exposed and are preparing to protect themselves from new potential threats. But the risk is not confined to data and IoT: 35% of security breaches are caused by the internal workforce, and a long-term effort must be made to raise security awareness among French employees.
The two complementary aspects of security
Beyond the purely technical issues, security has two complementary aspects that must be distinguished: organisational, which involves governance and compliance, and operational, which involves the tools used to report threats, awareness-raising, risk culture, technology watch, etc. On the organisational side, the European institutions are addressing the issue and have rolled out the General Data Protection Regulation (GDPR), to provide a European regulatory framework for cybersecurity, starting in 2018.
In another positive move, the Regulation requires some companies to appoint a Data Protection Officer (DPO). Companies must now ensure that they comply with these new security rules, which have not come a moment too soon.
On the operational side, there are a wide variety of measurement and protection tools, but the threats are growing. In addition to raising awareness and building a risk culture, companies must introduce a technology watch as an indispensable part of protecting the company over the long term. Cybersecurity is constantly changing at a very rapid pace. Without a technology watch, awareness and risk culture are pointless. Meanwhile, each company must also carry out risk audits and analysis to adapt its security strategy to its specific sector and issues.
Now that French companies have gained a clear picture of their exposure, they are routinely raising awareness raising, building a risk culture, and introducing a technology watch. They are gradually catching up and making cybersecurity a strategic development focus.