Complex and promising: this describes the relationship dynamic between French Chief Information Security Officers (CISOs) and the startup ecosystem within the cybersecurity sector, according to a recent study conducted by Cesin (the Club of Digital and Information Security Experts) in partnership with Auriga Cyber Ventures, a venture capital fund focused on European cybersecurity startups.
While 70% of CISOs report having initiated collaborations with startups, the actual financial commitment to these emerging solutions remains minimal, averaging only about 4% of their cybersecurity budgets. The question arises: why is the investment so modest? The study identifies several key obstacles hindering deeper integration, including the complexity of internal approval processes, lengthy validation cycles (often spanning six to twelve months), difficulty accessing relevant information, market fragmentation, and a perceived risk related to the immaturity or regulatory compliance of the offered solutions.
Despite the predominant reliance on cybersecurity stacks built around American solutions, startups possess distinct advantages in this landscape. Their capacity for innovation and flexibility is particularly valuable, especially when it comes to adapting existing solutions to counter emerging threats. This stands in stark contrast to traditional vendors, who are often criticized by CISOs for their inflexibility and pricing structures.
How can we shift the current landscape, especially as cybersecurity sovereignty becomes an increasingly pressing public concern? Nearly 30% of CISOs express openness to regular dialogue with funding and innovation stakeholders, and as many as 59% are willing to engage in more collaborative efforts to co-develop tailored cybersecurity solutions.
The study views this as a sign of optimism: “Through their strategic choices, technical requirements, and their capacity to secure purchase orders, CISOs are directly contributing to the growth and consolidation of emerging players in the cybersecurity space.” It emphasizes that without ongoing orders, sustainable supply and growth remain out of reach.
The ball is now in the court of CISOs—and their executive management teams.
This study is based on feedback from 175 CISOs.
Published by: Philippe Leroy
