One Third of Large Companies Were Affected by an ICT Security Incident in 2018

From unavailability of ICT services and destruction or corruption of data to disclosure of confidential data, 16% of companies with 10 or more employees based in France reported having experienced an ICT security incident in 2018. Companies with 250 or more employees were twice as likely to be affected. Four out of ten were insured against such incidents.

In 2019, nearly all companies with 10 or more employees used at least one ICT security measure. To do so, two thirds used external suppliers, while more than half informed staff of their obligations in this area.

26% of companies reported having documents on measures, practices or procedures on ICT security, the same percentage as in 2015. This was the case for 71% of companies with 250 or more employees. Regardless of size, seven out of ten companies reported having drawn up or revised their documents over the past year.

In addition, 86% of companies regularly update their software and operating systems. This is the most common security measure. A significantly higher number of large companies implemented several ICT security measures simultaneously.

Finally, half of all companies had an access, rectification and erasure policy for personal data, double the number in 2015.