For six out of ten French companies, the budget allocated to cybersecurity hardly exceeds 1,000 euros per year, according to a study revealed by Europe 1. A sum that barely protects a VSE of ten employees.
After recent awareness, linked in particular to attacks targeting hospitals, small French companies have efforts to make.
EUROPE INFO 1
French companies are aware of the risk of a cyberattack, but they are not protecting themselves enough.
This is the result of a study carried out by Ifop for the cybersecurity consulting company F-Secure *, and which Europe 1 reveals exclusively.
Concretely, nine out of ten companies believe that it is essential to guard against computer attacks.
Except that there is a gap, especially among VSEs and SMEs, between thinking and taking action: one in two companies does not secure their workstations and one in three does not even use antivirus .
>> Find the morning show of the day in replay and podcast here
Antivirus alone is no longer enough
This insufficiency is the result of a financial choice. According to this study, for 60% of SMEs, the budget for protecting their IT system should not exceed 1,000 euros per year. "With this sum, we are able to protect a small infrastructure, a TPE with less than ten employees. An antivirus is about 50 euros per year and a firewall for a small business is 300 euros per year. we add the interventions of the IT service provider, we arrive at 1,000 euros, "explains Guillaume Gamelin, vice-president of F-Secure France.
Problem: this is an insufficient sum for SMEs with 20 or 50 employees.
However, "the bigger the company and the more digitized it is, the more it is affected by cyber attacks", recalls Guillaume Gamelin.
And times have changed.
"Yesterday, all that was needed was antivirus software that was activated on demand. Today, with the complexity of new attacks, that is no longer enough. You have to invest in human resources to check and maintain computer systems at the daily ", underlines this specialist in cybersecurity.
Awareness during the Covid crisis
The study conducted for F-Secure highlights a discrepancy between the perception, by companies, of the risks associated with cyber attacks and the actions taken to protect themselves from them. "There is a growing awareness of cybersecurity, thanks to or because of the news and media coverage of attacks targeting hospitals and town halls", assures Guillaume Gamelin. "There was a tipping point during the Covid-19 crisis. The bosses are now better informed of the risks. The concern is shared as much by SMEs as by large groups. Everyone realizes that an attack IT can have very real and very harmful effects. "
Despite the concern, two-thirds of managers surveyed believe that their employees are sufficiently protected.
Which, given the amounts invested, is far from always being the case.
"There is sometimes a gap between the feeling of security of companies and their real level of protection, whether it is managed internally or by a service provider", warns the vice-president of F-Secure France.
Especially since the risk increases.
"There is a professionalization of hackers who are today grouped together as criminal organizations."
Efforts to be made to educate employees
For Guillaume Gamelin, we must therefore go beyond financial considerations and the sole issue of computer equipment. "The other aspect of the fight against cyberattacks, perhaps the most important, is the information and training of employees," he insists. The weak link in cybersecurity is first of all the human being in front of his computer who opens a fraudulent email, who clicks on a hacked link or who simply does not know the basic actions. "It is essential to educate employees so that they use strong passwords and that they change them regularly", insists Guillaume Gamelin.
It doesn't sound like much, but these fundamentals can save a company's data.
"Eight out of ten cyberattacks go through a known security vulnerability but not corrected with an update. It is essential to update your computer each time a new version of the antivirus is available" , recalls the vice-president of F-Secure France.
Despite everything, he has seen a reason for hope in recent months: "with the wave of Covid attacks, we can see that companies are investing more and more in the training of their employees".
* Quantitative study carried out online with a representative national sample of 500 "professionals" aged 18 and over, between March 31 and April 2, 2021. 75% of the companies surveyed have less than 10 employees.