In 2025, France's internal security forces recorded 453,200 digital offences, an 87% increase over five years.* This rise reflects what is now structural pressure. No business, whatever its size, is immune.
The proliferation of devices (desktops, laptops, smartphones, tablets, connected objects), combined with the spread of hybrid working, has dramatically widened organisations' attack surface. Keeping an IT estate operational is no longer enough: the IT fleet must now be treated as a genuine security perimeter, from servers right through to endpoints.
*Source: Ministry of the Interior, Annual Report on Cybercrime 2026
The Ministry of the Interior's Annual Report on Cybercrime 2026 describes a threat that has changed in nature: it has become industrial, structured and international. The Cybercrime-as-a-Service model is its most striking illustration, a genuine underground economy in which attack tools, compromised accesses and even technical support services are sold ready-to-use and on demand, enabling low-skilled attackers to launch sophisticated campaigns. The criminal ecosystem has also become intertwined with traditional organised crime. At European level, ENISA (the European Union Agency for Cybersecurity) confirms this professionalisation and stresses that it places every organisation under continuous pressure, regardless of size or sector.*
💡 The direct consequence of this industrialisation: attacks are no longer confined to a localised IT malfunction. They lead to business interruption, commercial losses, reputational damage, regulatory penalties (NIS 2, GDPR, DORA) and customer disputes. Cybersecurity is therefore no longer the concern of a single department. It involves IT and infrastructure teams just as much as business units, senior management and support functions.
*Source : ENISA, Threat Landscape 2025
SMEs, micro-businesses and mid-sized companies are among the prime targets. The clearest signal on the French side comes from Cybermalveillance.gouv.fr: the scheme recorded a 73% rise in requests for assistance from businesses and associations in 2025.* An increase of this magnitude within a single year does not reflect a mere short-term fluctuation, but a genuine step-change in the exposure of professional organisations.
*Source: Cybermalveillance.gouv.fr, Activity Report 2025
Ransomware remains the most damaging threat to European organisations, both for its frequency and for its ability to paralyse an entire information system. But the trend is shifting: ANSSI observes that several groups now favour extortion without encryption, attackers steal data and monetise it by other means (resale, direct blackmail, media pressure). This strategy largely explains the 51% rise in data exfiltration incidents recorded by the agency in 2025.* For businesses, the impact is twofold: operational harm on the one hand, and breaches of confidentiality together with notification obligations on the other.
*Source: ANSSI, Cyber Threat Overview 2025
Unpatched flaws remain a favoured point of entry, and the window for response narrows every year. ANSSI reports that nearly one in three vulnerabilities exploited in 2025 was exploited on the very day it was disclosed, and, in some cases, before an official patch was even available.* Edge devices, that is, the equipment forming the boundary between a company's internal network and the internet (VPNs, firewalls, remote-access gateways), were particularly targeted throughout the year. Without proactive patch management across the entire estate, the exposure window is sometimes measured in hours, not days.
*Source: ANSSI, Cyber Threat Overview 2025
Another major trend: the growing role of partners and suppliers in breaches. In its 2025 Overview, ANSSI describes what has now become a familiar pattern: an attacker first compromises a service provider serving many French organisations, gains access to its clients' data, then exploits the legitimate technical connections that provider maintains with them to break into their information systems in turn.* Cloud environments are no exception either. For businesses, the message is clear: the security of an IT fleet now depends as much on external accesses (service providers, managed services, SaaS) as on internal defences. Mapping your dependencies, building security requirements into contracts and monitoring external accesses are becoming priority undertakings.
*Source: ANSSI, Cyber Threat Overview 2025
Phishing remains, unsurprisingly, the dominant intrusion vector, with campaigns increasingly industrialised through specialist platforms and the use of artificial intelligence to personalise messages.* But the new development in France is a shift at the top of the threat ranking for professional organisations: according to Cybermalveillance.gouv.fr, account hacking became the leading threat to businesses and associations in 2025, rising 52% in a single year.**
💡 This shift is significant. It reflects a change in the attackers' logic: rather than forcing their way into a system, they log in using valid credentials obtained through phishing, database leaks or password reuse. For a business, this means that part of the threat will trigger no technical alert at all: the attacker does not break in, they simply log in.
*Source: ENISA, Threat Landscape 2025
**Source: Cybermalveillance.gouv.fr, Activity Report 2025
Work smartphones, tablets and laptops used on the move now account for a significant share of access to sensitive data. This area calls for dedicated measures (MDM, Mobile Endpoint Security, a formalised BYOD policy).
Faced with this complexity, the traditional "antivirus + firewall" approach is no longer enough. This is precisely the realisation behind FleetGuard, the cybersecurity solution designed by bconnex group, which protects both PCs and mobile devices. FleetGuard structures its response around five complementary pillars covering the full protection cycle: anticipate, govern, raise awareness, respond, monitor. Each can be deployed independently, and together they form a complete cyber strategy, without requiring an in-house CISO or a dedicated security team.
FleetGuard covers the entire IT fleet: desktop PCs, laptops, smartphones and tablets. This consistency is essential at a time when the line between office and mobile use has largely disappeared.
➡️ It all begins with an assessment. FleetGuard's first pillar is a maturity audit based on the ANSSI framework and its six control families. The audit gives an objective measure of the organisation's real level of protection, identifies blind spots and leads to a prioritised improvement roadmap. For an SME or micro-business without an in-house CISO, it offers the clearest possible reading of its cyber posture, and the foundation on which the other pillars are built.
➡️ Securing an organisation is not a one-off project. FleetGuard's second pillar, CISO as a Service, gives the business access to a part-time security officer. They take charge of cyber governance over the long term: risk management, compliance oversight (NIS 2, GDPR, DORA), prioritising key initiatives, and coordinating between IT teams and business management. Structuring expertise, without the cost of a full-time role, and with the added benefit of an outside perspective.
➡️ Awareness-raising remains the lever with the best cost-to-effectiveness ratio. It is also something insurers examine closely in the event of an attack: without concrete proof that staff have been regularly trained and tested, compensation can be reduced or even refused. The challenge, then, is to maintain a level of vigilance over time, not just during an annual training session.
FleetGuard's third pillar therefore combines two complementary formats. On one side, the Cyber Wargame: a board game lasting around 90 minutes, run by business team (accounting, marketing, HR, sales administration, etc.), which simulates real attack scenarios. This immersive format creates a memorable moment, embeds the right reflexes and sparks conversations that an e-learning module rarely prompts.
On the other, a cyber awareness bot with phishing campaigns, which integrates directly into employees' communication tools (Slack, Microsoft Teams) to push contextualised micro-training and realistic phishing simulations throughout the year. It is this combination of the memorable moment and the regular reminder that turns a one-off session into a lasting reflex.
➡️ Lastly, advanced detection on endpoints (EDR/XDR), coupled with continuous monitoring, makes it possible to spot abnormal behaviour and contain attacks before they spread. FleetGuard's fifth pillar, the SOC Manager, runs this monitoring on the company's behalf. The earlier the detection, the greater the room for manoeuvre: limiting the spread, preserving backups, containing exfiltration. Conversely, an organisation that discovers the attack through the ransom demand or from an outside party often has little left to do but manage the consequences.
➡️ No system is impregnable. The ability to respond quickly and in a coordinated way often makes the difference between a contained incident and a major crisis. FleetGuard's fourth pillar is a tailored crisis management kit: defined roles, decision trees, ready-to-use action cards, a communication plan, and backup and recovery procedures. This preparation is built in calmer times: in the middle of an attack, it is too late to improvise.
The value of an approach like FleetGuard lies not only in the way these five pillars fit together. Above all, it lies in the fact that they are managed end-to-end by dedicated teams at bconnex group. The business does not have to juggle several providers, coordinate different tools or build up expertise in highly technical subjects. The audit, cyber governance, awareness sessions, crisis management kit and SOC monitoring are all delivered through a single point of contact, with ongoing support.
💡 It is this "turnkey" logic that makes the approach accessible to businesses that have neither the internal resources nor the time to put together a complete cyber strategy on their own. FleetGuard allows them to benefit from the level of protection of a large organisation, without bearing the operational burden.
Cybersecurity is no longer a technical option reserved for large accounts: it is a matter of business continuity, compliance and trust, shared between employees and management. The view is now shared by French and European authorities alike: the question is no longer whether an attack will occur, but how it will be anticipated, detected and absorbed.*
For CIOs, CISOs, infrastructure managers and company leaders, the real question is no longer "should we act?" but "where do we start?" — and with whom. Integrated solutions like FleetGuard show that it is possible to move forward in a structured way, without reinventing everything in-house.
*Source: Ministry of the Interior, Annual Report on Cybercrime 2026
Would you like to assess your organisation's cyber maturity or discuss your security challenges? Get in touch with the bconnex group teams for an initial conversation.
