When it comes to ransomware, beware of misleading statistics.
In its annual report, Cybermalveillance.gouv.fr does not present it that way, but invites readers to contextualize the volume of assistance requests from individuals. A number of those who consider themselves victims are actually facing a virus and/or a device malfunction, or even extortion-based scams.
Cyberharassment assistance requests triple among professional audiences
More broadly, the figures across all incident categories should be taken with caution, given the overlaps that can occur between them. Bank advisor fraud, for example, can stem from a virus infection or from the hacking of an email account.
Similarly, email account hacking is often at the root of transfer frauds. In the traditional scheme, the scammer identifies an outstanding invoice, impersonates the creditor, and cites a change of banking details.
A variant involves diverting salaries. Cybermalveillance.gouv.fr says it observed, in the fourth quarter of 2025, a new development: targeting employers after previously opening an account in the victim’s name, following identity theft. This phenomenon appears to respond to the introduction, in October 2025, of an interbank system for automatic identity verification for all SEPA transfers.
In terms of assistance requests, ransomwares rank fourth among businesses and associations; third among local authorities and administrations. For these groups, online account hacking has become, in 2025, the main source of inquiries (20.9%). There was no notable evolution in the vectors of compromise. In parallel, the volume of requests for cyberharassment more than tripled.
The situation for businesses and associations :
For local authorities and administrations :
Un premier FIC des territoires et des passerelles avec les CSIRT régionaux
Of the roughly 500,000 assistance requests received in 2025, about 93% came from individuals (+47% year-on-year). By contrast, 6% were from businesses/associations (+73%) and 1% from local authorities/ administrations (+22%). By extrapolation, Cybermalveillance.gouv.fr states that 7 individuals out of 1,000 used the 17Cyber, for 3 businesses/associations out of 1,000 and 141 local authorities out of 1,000.
There were “on-the-ground” interventions with local authorities throughout the year. Notably, in May, the first InCyber Forum for territories, at Le Creusot (Saône-et-Loire). And, in October, a CyberTour—first of its kind—with five stops (Rennes, Périgueux, Lille, Rouen, Paris-La Défense). The majority took place in Île-de-France (72 out of 127). However, Cybermalveillance notes that the bulk (59%) of the roughly 11,500 people it estimates it has educated on these occasions “reside in the region.”
The much-discussed “scaling up” across the territories also manifested itself by integrating, into the 17Cyber support services, telephone guidance from regional CSIRTs for the management of first-level incidents. By the end of 2025, the CSIRTs of Nouvelle-Aquitaine, Occitanie, Réunion, Grand Est and the Caribbean were in the loop.
