The FIGs: An economic power serving U.S. tech?

Like Forrester, IDC, and Gartner, most IT and cybersecurity trend analysis firms are American. But do their analyses, rankings, and criteria primarily favor U.S. companies and technologies—at the expense of Europe’s needs and ecosystem? And what solutions could reduce this dependency, strengthening French and European sovereignty and resilience?

For Emmanuel Mawet (founder and editor-in-chief of the site Effisyn SDS), Forrester, IDC, and Gartner—the so-called FIGs—are unavoidable players in the technology market for trends and analysis. However, “they all aim to provide their clients and users with the tools needed to understand the new technology sector, assess its potential impact on established businesses, and guide them through the transformations required,” he wrote in June 2020.

Ludovic Leforestier confirms that the FIGs—and their business model built on research, consulting, and events—shape IT and cybersecurity purchasing decisions worldwide: “Gartner often has the CIO’s ear. And when those CIOs want to buy something, they call Gartner,” notes the co-founder of the Institute of Industry Analyst Relations.

According to him, they nonetheless play a key role in structuring the IT and cybersecurity markets, notably by standardizing categories, legitimizing players, and opening up competition: “When you standardize a market—its categories and its technology—you define everything that’s included and everything that’s left out,” he reminds us.

A Convenient Shortcut

Emmanuel Mawet believes that senior executives in large corporations too often hide behind these consulting firms to shield themselves from accountability in case of failure. “These decisions—or more precisely, non-decisions—lead both them and their competitors to behave like a herd of sheep. That’s hardly a winning strategy for gaining a meaningful competitive edge,” he confides.

Are these decision-makers therefore favoring solutions validated by American firms as a guarantee of legitimacy and personal protection?
“Their choices are often driven more by fear of personal risk than by an objective analysis of real needs and budget constraints,” observes Luc Cottin (Chief Information Security Officer at Rcube Professional Services). “That fosters rigid, unadaptable governance and strengthens interdependence on American giants—at the expense of sovereignty and local innovation.”

Strong Cultural Biases

This dependency reflects a strong cultural bias, Cottin adds: “American rankings tend to favor players who can afford to pay to appear in them, and often ignore European or emerging solutions,” he laments. “Their business model and influence distort the market, where notoriety takes precedence over relevance. Moreover, U.S. solutions are often oversized, expensive, and poorly suited to SMEs or local needs.”

For Jean-Noël de Galzain, this dominance of American players in cybersecurity fosters deeper technological and economic dependence—and a loss of sovereignty for Europe. “The fact that 83% of digital products are purchased outside Europe illustrates this imbalance,” says the president of Hexatrust, the alliance of French and European players in trusted cybersecurity and cloud. “And customers often don’t realize that instead of buying from the other side of the world, they could find something right around the corner.”

According to Maxime Alay-Eddine, Hexatrust board member and founder of Galeax, European regulations (GDPR, NIS2, DORA) are attempting to correct this trend but often run up against resistance from U.S. giants, who refuse to acknowledge or comply with them.

What Are the Solutions?

How can this dependency be reduced? Luc Cottin suggests training and raising awareness among decision-makers about European alternatives and the risks of overreliance on American providers. More broadly, he advocates for favoring geographical proximity, sustainability, and the localization of data within Europe.

For Ludovic Leforestier, European IT and cybersecurity vendors could also do better to appear in these trend reports: “Too often, they underinvest in marketing and analyst relations compared to their American counterparts—and that’s disastrous,” he regrets, also pointing to the undercapitalization of European companies and startups: “Where a European firm struggles to raise 5 million dollars, an American one will raise ten times as much.”

Hexatrust calls for the emergence of analysis frameworks that highlight existing French and European solutions. “Europe’s challenge is to build a resilient, sovereign cyber ecosystem by mapping local offerings and promoting European solutions. That requires independent analytical tools and better visibility for European players—often innovative but still under the radar,” explains Alay-Eddine.

Building European Champions

The goal is to reduce dependency on the United States and foster the rise of European champions: “It’s not about opposing the FIGs but ensuring that, here in Europe, our companies have a presence and a voice among users,” insists de Galzain.

“It’s essential that European players can provide analyses based on real knowledge of the European market and its digital and technological stakeholders, to put it into perspective with the American market,” adds Mawet. “If we don’t defend our own players and vision, neither the Chinese nor the Americans will do it for us.”

Since 2004, KuppingerCole Analysts, a European trend and advisory firm based in Germany, has been offering resilient solutions for risk, identity, access, and governance management. Dedicated to the European, EMEA, and Asia-Pacific markets, it positions itself as “an alternative” to Gartner: “Our methodology differs in some aspects—for instance, we go into greater technical depth, which sometimes leads to different perspectives or results,” explains co-founder Martin Kuppinger.

Mapping What Exists

To meet the growing demand for sovereign solutions in Europe, the firm plans to launch a series of research studies focused on specific market segments and regional vendors. “The goal is to give clients a clear view of these ecosystems. We want to highlight regional vendors and help clients make informed decisions, since non-U.S. providers often struggle with visibility and market presence,” he details. “Our methodology will provide a comprehensive picture of the market, comparable to a technical RFP process, allowing us to examine in depth each vendor’s strengths, innovations, and overall fit for different types of clients.”

Meanwhile, Hexatrust and CESIN are developing a database of European cybersecurity solutions, based on a collaborative approach and neutral standards such as the NIST CSF. “We want to demonstrate that credible alternatives exist in these fields by highlighting European sovereignty, resilience, and innovation,” explains de Galzain. “Our ambition is to structure an ecosystem that enables the emergence of champions in tech, cyber, cloud, and digital workplace solutions of French origin. France should be to Europe what Israel is to the United States in terms of cybersecurity.”

A first version is planned for late 2025 for France, with a European rollout expected in 2026.