A new research report from Information Services Group (ISG), a technology advisory firm, reveals a significant transformation in the French cybersecurity landscape. The report, titled “2025 ISG Provider Lens Cybersecurity – Services and Solutions,” highlights that artificial intelligence (AI) threats and increasingly stringent regulations are compelling French businesses to reassess and adapt their security strategies. This shift is accompanied by an increase in security budgets, indicating a clear need for fresh guidance and expertise to establish effective priorities and combat evolving security challenges.

According to the ISG report, French enterprises are navigating a more complex, multi-layered security environment. Many are actively adopting AI-powered defense mechanisms to meet the demands introduced by new regulatory frameworks, the widespread adoption of cloud technologies, ongoing financial constraints, and a persistent shortage of skilled cybersecurity professionals. Julien Escribe, a partner and managing director at ISG, noted that the way companies in France select security services is undergoing a fundamental change, with growing budgets necessitating expert insight to tackle security problems effectively.

The report also indicates a move away from disparate security tools towards all-in-one solutions. Organizations are increasingly seeking service providers capable of supplementing their internal security teams. For businesses migrating to multicloud and cloud topologies, challenges related to integration, visibility, and management are prevalent. To maintain oversight of applications in these complex environments, companies are utilizing solutions such as Secure Access Service Edge (SASE), which unifies network security and connectivity into a single service.

French organizations are specifically looking for integrated security platforms that offer a unified view of potential threats and centralized oversight of their entire defense infrastructure. Furthermore, due to financial pressures and the continuing deficit of cybersecurity talent, many businesses continue to rely on technical security service (TSS) providers for support, centralized platforms, and automation capabilities.

A critical aspect of this evolving landscape is the imperative for French enterprises to integrate governance, risk, and compliance (GRC) policies into their security strategies. This requirement stems from new European Union regulations, such as the NIS2 directive and the AI Act, which are progressively being adopted into French law. The report estimates that over 15,000 French businesses are now subject to additional compliance obligations.

The report also addresses the escalating threat posed by malicious actors who leverage AI in cyberattacks, creating new challenges for detection and response. In response, companies are turning to security service providers that themselves utilize generative AI (genAI) and machine learning (ML) technologies. Clients are demonstrating increased investment in AI-driven detection systems, enhanced employee training, and automated response mechanisms. Benoît Scheuber, a principal consultant and security analyst at ISG, emphasized that AI is transforming the cybersecurity landscape, prompting companies to seek providers capable of integrating the best products into a unified platform for enhanced operational efficiency.