Ransomware, data leaks: why the cyber threat remains very high in France

While the raw figures appear to be declining slightly, the assessment made by ANSSI remains far from reassuring.

In its 2025 Cyber Threat Overview, the French agency describes an environment still under intense pressure, marked both by the persistence of state-sponsored attacks and by the rise of cybercriminal activities.

Overall cyber threat figures declining?

Will cyber threats decrease further? – Source: ANSSI

In total, 3,586 security events were handled in 2025, representing an 18% decrease compared to 2024. This decline should be viewed with some nuance, however, as the previous year was marked by the Paris Olympic and Paralympic Games, which mechanically led to an increase in reports.

In total, ANSSI received 2,209 reports and processed 1,366 incidents, a volume almost identical to that of 2024, demonstrating that the pressure remains high.

Education, local authorities, and healthcare on the front line

Ransomware is still very prevalent in 2026 – Source: ANSSI

As in previous years, certain sectors account for a large share of attacks. Education and research are at the top, with 34% of reported incidents. Next come government ministries and local authorities, which represent 24% of recorded cases. Health and Telecommunications complete this ranking, with 10% and 9% respectively.

For ANSSI, this distribution confirms a well-established trend. These sectors present both high exposure, sometimes heterogeneous infrastructures, and high strategic value for attackers.

Government agencies, operators, and public institutions therefore remain prime targets, especially at a time when geopolitical tension continues to fuel cyberattacks…

An increasingly blurred line between espionage and cybercrime…

One of the most striking findings of the report concerns the gradual blurring of boundaries between different types of attackers. ANSSI refers to a veritable “technological and organizational fog” between state actors and cybercriminals. In other words, methods, tools, and sometimes capabilities are increasingly circulating between groups with different motivations. It should be noted that this trend is occurring while activities related to Russia and China remain under close scrutiny by the agency. At the same time, ANSSI notes a resurgence of cybercrime incidents, including a rise in data exfiltration. On this point, however, the agency urges caution. Of the 460 events analyzed as potential data leaks, only 42% could be confirmed as resulting from actual breaches. A significant portion of these announcements would therefore be opportunistic claims or the reuse of previously compromised data. Ultimately, this 2025 Panorama reveals less of a quantitative explosion than a qualitative transformation of the threat. For French organizations, the issue is no longer simply defending against identifiable attacks, but rather facing adversaries with increasingly hybrid profiles…