2025, a decisive year for French cybersecurity

By Jean-Noël de Galzain, CEO of Wallix and President of Hexatrust

Faced with American hegemony, French cybersecurity players must join forces and offer alternative, comprehensive, and sovereign solutions. While the first value chains are emerging, it is now time to scale up to an industrial level.

Cybersecurity is at a key moment in its short history. It goes beyond the mere technical scope to become a matter of survival in an increasingly connected world. Inherent to digital technology, cybersecurity is a prerequisite to ensuring that an organization, company, or state not only maintains business continuity but also secures access to its data—an essential asset in the age of artificial intelligence.

In our globalized world, the perimeter to be secured is no longer limited to an enterprise’s information system. As supply chain attacks multiply, an organization’s security level is interdependent on that of its ecosystem of partners and subcontractors.

By extension, a major corporation must instill a cybersecurity culture across its entire supply chain so that suppliers, in turn, adopt basic cyber hygiene practices. This effort is not limited to Operators of Vital Importance (OIV) or Operators of Essential Services (OES) but applies to any organization handling sensitive, personal, or industrial data.

The strengthening of the regulatory framework—NIS2, DORA, Cyber Resilience Act (CRA)—is driving a growing number of organizations to adopt cybersecurity standards and shift their paradigm. With the cloudification of information systems, the widespread adoption of remote work, and increasing interdependence among companies, the Zero Trust approach is replacing the perimeter-based security model that prevailed for so long.

To ensure resilience, an organization must be able to condition access to its information system, continuously monitor its infrastructure and digital assets, detect any suspicious activity, respond immediately to potential threats, and effectively manage crisis situations.

“Platformization” of the cyber market

The market must rise to meet these increasing demands. In a holistic approach, cybersecurity vendors must provide solutions that are at least interoperable and, at best, fully integrated to offer a comprehensive response to organizational needs.

With this “platformization” of the market, companies no longer need to build their cybersecurity framework piece by piece. Instead, they can opt for a packaged offering that covers the entire value chain—from identity and access management to advanced threat detection and incident response.

This “one-stop shopping” approach makes cybersecurity more accessible to smaller organizations that lack the budget or in-house expertise to select and purchase various solutions. Not only does bundling complementary solutions lower the entry cost, but the subscription model also reduces complexity while simplifying cost comparison.

Platformization also raises the cybersecurity maturity level of companies that must contend with legacy systems, where new technologies coexist with older ones. Given the convergence between OT and IT, industrial players can use this model to catch up on cybersecurity best practices.

100% sovereign alternatives

In addition to democratizing the cyber market, there is a pressing issue of technological sovereignty. The European industry is now mature enough to offer an alternative to foreign, particularly non-European, solutions. In France, our ecosystem is particularly rich in software vendors, integrators, and service providers, driven by the Cyber Campus, ANSSI, Cybermalveillance.org, and professional associations like Hexatrust.

By joining forces, we can build complete, 100% sovereign value chains. One example is the CollabNext project, which has now entered its commercialization phase. As an alternative to Microsoft 365 or Google Workplace, this collaborative office suite “made in France” by Jamespot brings together cloud providers certified under SecNumCloud 3.2 and specialized vendors in professional messaging, video conferencing, and identity and access management, including WALLIX.

Of course, these alternative solutions must be competitive and integrate the latest innovations. Sovereignty should not come at the expense of functionality or user experience. The solution, therefore, incorporates AI to enhance daily use cases, helping users save time and streamline their workflows.

Ultimately, we must make these solutions desirable so that organizations adopt them not just to comply with regulations but also because they genuinely meet their needs and aspirations.

Preserving our autonomy: A matter of survival

Now that these alternative value propositions are scaling up ambitiously, business leaders must take responsibility. To safeguard their technological independence and protect their data from extraterritorial laws like the Cloud Act or FISA, they must integrate sovereignty as a key criterion in their procurement strategy.

Beyond digital workplaces and existing applications, the use of generative AI and AI-based solutions in enterprises will require strict precautions regarding data access and protection. This is essential to preserving strategic assets and maintaining competitiveness.

Given today’s geopolitical landscape, where some leaders advocate for total deregulation and seek to impose a new form of technological imperialism, the challenge is significant in ensuring our autonomy and that of our businesses.

This model of a digital environment that upholds strategic independence is a crucial differentiator—one that can extend beyond France and Europe. Around the world, nations in Africa, the Middle East, Southeast Asia, and South America are also seeking to break free from dominant influences. Sovereignty and scaling up are deeply intertwined, making this a critical economic and societal challenge.