AI, Compliance Worries Shape French Cybersecurity Market – ISG - October 3, 2025
AI-enabled threats and stricter regulation are changing the cybersecurity landscape in France, driving enterprises to rethink security strategies, according to a new research report published today by Information Services Group (ISG), a global AI-centered technology research and advisory firm.
The 2025 ISG Provider Lens Cybersecurity — Services and Solutions report for France finds that enterprises are adapting to a complex security landscape influenced by new regulations, cloud adoption and a shortage of skilled professionals. They are adopting integrated services that improve their confidence and visibility by reducing reliance on individual tools. Enterprises are seeking providers that can help their security teams overcome the challenges of merging operations and technologies.
“The way companies in France choose security services is changing,” said Julien Escribe, partner and managing director, SEMEA, ISG. “With increasing security budgets, enterprises need guidance and insight to set the right priorities and tackle security problems.”
Julien Escribe, partner and managing director, SEMEA, ISG.
Enterprises migrating to cloud and multicloud environments face increasing integration, visibility and management challenges to secure applications and data, the report says. To address these concerns, organizations in France are improving the interoperability of their security systems through solutions such as secure access service edge (SASE), extended detection and response (XDR) and cybersecurity mesh architecture. They seek integrated security platforms for a unified view of potential threats and central oversight of defenses. Under financial pressures and a persistent shortage of cybersecurity talent, many enterprises continue to rely on technical security service (TSS) providers for automation, centralized platforms and expert support.
Companies in France are incorporating governance, risk and compliance (GRC) into their security strategies as regulatory frameworks expand, ISG says. EU regulations such as the NIS2 directive, the Digital Operational Resilience Act (DORA) and the AI Act are being embedded into the French law. Consequently, more than 15,000 organizations are subject to stricter requirements for incident reporting, governance and compliance controls. Enterprises are shifting from one-off assessments to continuous compliance models to make sure they adhere to changing regulations.
Malicious actors are increasingly exploiting AI to execute faster and more precise attacks, creating significant challenges for detection and response, the report says. In response, enterprises in France are turning to security service providers that use generative AI (GenAI) and ML to enhance security. These providers are adopting GenAI to enhance analysis and service engineering and ML to enable predictive security measures. With phishing now the most prevalent type of cyberattack in France, companies are investing in AI-powered detection, automated response and employee training.
“AI is transforming cybersecurity in France and leading companies to explore many new kinds of tools,” said Benoît Scheuber, principal consultant and security analyst at ISG. “They seek providers that can integrate the best products into a unified platform for operational efficiency.”
To learn more, visit: www.isg-one.com