A new report from technology advisory firm Information Services Group (ISG) finds that AI-driven threats and tighter regulation are reshaping how companies in France approach cybersecurity, prompting many to revise their protection strategies. Rising security budgets are translating into demand for new guidance and outside expertise to set priorities and address growing risks.
According to the 2025 ISG Provider Lens Cybersecurity – Services and Solutions report, French organizations are moving to a more layered and complex security model, with a growing number adopting AI-powered defense. The report links that shift to fresh regulatory requirements, increased cloud adoption, budget pressures, and a shortage of skilled workers, the AI security specialist says.
“The way companies in France choose security services is changing,” said Julien Escribe, partner and managing director, ISG. “With increasing security budgets, enterprises need guidance and insight to set the right priorities and tackle security problems.”
ISG’s analysis shows many firms favor consolidated security platforms over a collection of standalone tools. Organizations want service providers who can supplement internal teams, especially as migrations to multicloud and cloud topologies create integration, visibility and management headaches. Firms struggling to keep an eye on dispersed applications are turning to secure access service edge (SASE), which combines network security and connectivity into a single offering.
The report notes demand for integrated security platforms that provide a consolidated view of potential threats and centralized oversight of defenses. Under financial strain and facing a persistent talent gap, a large number of French businesses continue to rely on technical security service (TSS) providers for hands-on support, centralized tooling and automation.
ISG warns that companies must fold governance, risk and commence (GRC) policies into their security plans as EU measures such as the NIS2 directive and the AI Act move into French law. The report states that more than 15,000 French businesses are now subject to additional compliance requirements.
The study also documents that malicious actors are using AI to craft attacks, complicating detection and response efforts. In reaction, customers are turning to security service providers that use genAI and ML in their own tooling. Investment trends reported include greater spending on AI-driven detection, staff training focused on cyber risks, and automated response workflows.
Benoît Scheuber, a principal consultant and security analyst at ISG, said that AI is transforming cybersecurity and driving demand for providers who can stitch best-of-breed tools into cohesive operations, saying, "[Clients] seek providers that can integrate the best products into a unified platform for operational efficiency."
The report highlights vendor capabilities across managed detection and response, threat intelligence, cloud security services and consulting, and assesses how providers support compliance and automation needs in a market under regulatory pressure. Business leaders in France are weighing consolidation, AI-led tooling and external managed services as they try to maintain visibility, reduce complexity and sharpen incident response.