Posted 5 Dec 2019

Cybersecurity: French midcaps underestimate risk

Laurent Halimi blog profile image

By Laurent Halimi

Mid-sized enterprises (mid-caps) are aware of cyber-risk, but their estimate is still mixed, according to an Fifg/Besse survey.

Mid-sized enterprises (mid-caps) are not immune to the proliferation of cyber threats and the expansion of the attack surface. But their managers still underestimate the risk, according to an Ifop survey for the Bessed insurance broker.

55% of IMET managers surveyed consider cyber risk to be important but " not a priority ". On the other hand, 35% see it as a "strategic" rather than a technical risk. This rate rises to 45% for enterprises with annual turnover of more than EUR 200 million and to 59% for enterprises with more than 1000 employees.

Overall, 56% of respondents consider their company's exposure to this risk to be "important" or "very important". On the other hand, 44% consider it "moderate" (21%) or "low to non-existent" (23%).

Whether the level of appreciation of the cyber threat is high or low, 89% of respondents consider their organization to be prepared (or "very prepared" for 32% of the panel). However, risk governance varies depending on the threat assessment.

Is it possible to obtain insurance against cyber-risk ?


ETI managers estimate that their company's cyber risk averages 5.8 on a scale of 1 to 10. However, only 3% plan to recruit a dedicated cyber security profile by the fall of 2020. The RSSI will appreciate it.

On the other hand, 61% think their company has insurance to cover the cyber risk. However, according to the French Federation of insurance (FFA), the volume of premiums collected in France on cyber risk by insurers remains modest (80 million euros). "The collection of premiums is concentrated at the level of the large groups which are today almost all insured. This is not yet the case for midcaps or some announce a cyber insurance equipment rate of less than 10%, " according to the report.

"More aware than before [Edlr : CF.the PwC/Besssé survey], the managers of ETI reacted and integrated the strategic dimension of risk. But it is clear that the effort to raise awareness must be maintained and the investments needed to protect themselves must be stepped up, " said Pierre Besse, president of the company.