<--begin article rewrite-->
1. A Continuously Growing Cybersecurity Ecosystem
In recent years, the French cybersecurity landscape has maintained its expansion, with a total of 226 organizations identified. This includes 179 startups, showing an increase of 11 compared to the previous year, and 46 scale-ups, up by 4. These figures illustrate the ongoing vitality of France’s cybersecurity sector, which continues to attract new entrants while also witnessing the maturation of existing companies.
Regarding the pace of startup creation, the country remains active, although there is a slight slowdown observed in 2025. Specifically, 43 new cybersecurity startups have been launched this year, which is comparable to the 50 in 2024 and the 45 recorded in 2023. Despite this moderating trend, innovation remains robust, with new entities emerging across various thematic domains.
Focusing on the thematic areas of these new entrants, the 43 startups primarily concentrate on key cybersecurity challenges: Application Security (+5 new companies), Artificial Intelligence (+3), Anti-fraud solutions (+4), Governance (+4), and Vulnerability Management (+3). This focus reflects shifting interests towards emerging technologies and core security imperatives.
2. Market Consolidation and Maturation
The cybersecurity market in France is moving toward a phase of consolidation. In 2025, around 33 startups have exited the radar, compared to 47 in 2024, indicating a market that is becoming more competitive and beginning to stabilize.
The main reasons for these exits include:
- Liquidation or closure: 11 startups (slightly up from 10 in 2024)
- Age of the company (>7 years): 9 startups (a significant decrease from 25 in 2024)
- Acquisitions: 8 startups (a considerable increase from just 1 in 2024), representing 24% of exits and signaling an active M&A environment
- Transition to scale-up status: 4 startups (down from 10 in 2024)
This shift suggests that the market’s landscape is becoming more mature, with companies either integrating into larger entities or moving beyond their initial startup phase.
3. Fewer, but Larger Funding Rounds
While the total number of funding rounds has decreased, the average size of investments has increased, underscoring a market that is favoring larger capital infusions for promising companies amidst a more cautious investment climate.
Between June 2024 and May 2025, cybersecurity startups and scale-ups in France have collectively raised €289 million, marking a slight decline compared to the €341 million secured during the previous year. The distribution of funding highlights this trend:
- Ten funding rounds exceeding €10 million each, up from 8 in 2024
- Funding rounds below €10 million totaling €17 million, a decrease from 21 rounds amounting to €56 million in 2023/2024
For context, the peak of investment occurred during 2021/2022, with a record €630 million raised, highlighting the high watermark before normalization processes set in.
4. Decentralization of the Ecosystem Across Regions
The geographic distribution of cybersecurity companies reveals a gradual decentralization, with 55% of organizations now located outside Île-de-France, up slightly from 54% in 2024. This signals a spreading of innovation hubs across the country, fostering regional development.
In 2025, all 12 newly formed startups are situated in Paris, emphasizing the capital’s ongoing dominance as a hub. Major regional centers include:
- Paris: 94 companies, relatively stable compared to last year
- Rennes: maintaining stability with 11 companies
- Lille: experiencing a slight decrease to 12 companies
- Lyon: showcasing growth, now hosting 7 companies (+3)
5. Job Creation Trends and International Expansion
The French cybersecurity ecosystem has seen an increase in total direct employment, now totaling approximately 6,168 jobs in 2025—an increase from 5,846 in 2024. However, the pace of job creation appears to have plateaued, mainly because most startups remain small, with 70% employing fewer than 10 people and only 7% having more than 20 employees.
Beyond local job figures, a significant portion of these companies are actively exporting their solutions internationally. About 61% of the organizations participate in global markets, with key destinations including:
- Europe, which is the primary target for 118 companies
- The Americas, with 57 companies (+7 from previous year)
- Asia-Pacific, with 34 companies (+16)
Most scale-ups (93%) export within Europe, demonstrating a focus on established markets, although some companies—especially in Asia—opt to concentrate there exclusively, bypassing the highly competitive American market.
6. Innovation and Cutting-Edge Technologies Fueling Growth
Over half of the startups born in 2024 and 2025 (51%) are dedicated to innovative solutions or tackling new cybersecurity challenges, particularly in deeptech and artificial intelligence sectors. This represents a significant increase (+8%) compared to previous years, although newer entrants tend to adopt a more cautious approach, with a slight decrease (-2%) in risky innovative projects.
Specific applications of AI are rapidly expanding:
- 30% of companies integrate AI into their products to automate tasks, accelerate processes, and enhance cybersecurity value. Use cases include threat detection, incident response orchestration, awareness training optimization, data classification, and fraud detection.
- Another 23% leverage AI tools to assist users directly, utilizing chatbots, link creation, and automatic document generation.
Regarding AI safety, 15 organizations now focus on securing AI use, protecting environments and data, safeguarding models and training phases, ensuring governance and compliance, detecting deepfakes, and designing AI systems optimized for security (“secure by design”).
Furthermore, startups are offering innovative solutions aligned with market needs, including:
- Enhancing Security Operations Center (SOC) processes through agent-based AI
- Operational resilience innovations (MVC)
- Developing digital twins of networks
- Advanced cryptography and post-quantum migration techniques
- Risks management related to third-party vendors (TPRM)
- Inventory and mapping of information systems
- Security of embedded and connected systems
Regulatory frameworks such as NIS 2, DORA, CRA, RED/Machines are driving companies to develop more robust tools for compliance and control, creating further opportunities for innovation.
Adoption of cybersecurity certifications is also on the rise, with 15% of startups and nearly half (49%) of scale-ups holding one or more certifications, notably ISO 27001, SOC 2 Type 1 & 2, and CSPN.
In terms of intellectual property, 31 patents are held by startup companies (including 3 from new entrants), while 17 are owned by scale-ups, reflecting ongoing innovation efforts.
Methodology of the 2025 Cybersecurity Radar (7th Edition)
This survey identifies French-based startups and scale-ups that are less than 50% engaged in consulting activities. Typically, startups are younger than 7 years old and have fewer than 35 employees, while scale-ups are recognized through significant funding rounds (at least €10 million in the past three years) or substantial revenue growth (over €2.5 million with annual growth exceeding 25% over three years), and usually employ fewer than 250 people. The validation process relies on open-source data and direct contacts to ensure accurate classification.
