French small and medium-sized enterprises are facing an escalating threat: cyberattacks are increasingly targeting them directly. According to a study by the French Federation of Insurance in 2025, 61% of SMEs experienced at least one security incident in the past year, up from 47% in 2022. This rapid growth stems from several factors. First, SMEs typically operate with limited IT budgets and small teams, creating exploitable gaps. Second, they often form weak links in the supply chains of larger enterprises, making them strategic targets for cybercriminals.
The most frequent attack types
Ransomware remains the preferred weapon against SMEs. These malicious programmes encrypt an organisation’s data and demand payment for restoration. A French SME hit by ransomware spends an average of 85,000 euros to recover, according to France’s National Agency for Information Systems Security (ANSSI). Beyond immediate financial costs, consequences include operational shutdown, data loss and reputational damage. Manufacturing and logistics SMEs are particularly targeted, as production stoppages have major economic impacts.
Resource and expertise gaps
The primary obstacle facing SMEs is the lack of in-house cybersecurity expertise. More than 70% of French SMEs do not employ an IT manager or security specialist. This gap results in insufficient responsiveness to security alerts and delayed system updates. Unpatched software carries known vulnerabilities that attackers can exploit to access internal networks easily. Moreover, SMEs often lack funds to deploy robust security infrastructure, such as advanced firewalls or intrusion detection systems.
Accessible solutions and regulatory compliance
Several levers allow SMEs to strengthen their security posture without major investment. Implementing the basics, though simple, provides significant protection: multi-factor authentication, regular backups and staff training on phishing risks. ANSSI offers a free guidance document, “Cybersecurity for SMEs”, detailing these essential practices. GDPR compliance, though often perceived as administrative burden, forces SMEs to respect minimum data protection standards. Finally, affordable cyber insurance options now exist for SMEs, allowing them to cover the financial impacts of an attack.