Cyber risk dominates
27% selected cyber risk – data breaches, criminal threats and widespread outages – as their top risk concern.
Cyber risk is now the number one threat concern for the French-based executives we surveyed. What was once seen as an IT problem has become a serious business risk, with the potential to disrupt operations, damage reputations and spread across supply chains with lasting impact.
Our tracking of executives based in France shows strong concern about cyber risk, but also high confidence in existing resilience measures. Many believe they would recover fully - financially and reputationally - after a cyber incident. In reality, this confidence is likely to be misplaced.
Cyber criminals are increasingly using AI driven tools to run fast, large scale phishing and reconnaissance attacks. These automated systems exploit the connected nature of modern technology, making attacks quicker and harder to detect or contain. As a result, cyber threats are escalating across organisations, regardless of their size or sector, with less warning and greater consequences.
Resilience today must be built into everyday business planning, not treated as a one-off exercise. Organisations need clear, well tested business continuity plans that allow them to respond quickly and effectively to cyber incidents.
Planning should also consider the real cost of an attack. This includes understanding how much financial impact the business can absorb, what cyber insurance is in place, where cover may be limited, and where controls or processes have gaps. Without this clarity, recovery will be slower, more expensive and more disruptive.
Source: Beazley Risk & Resilience Surveys.
French executives show a rebalancing of risk priorities. Technology obsolescence declines steadily from 29% to 22%, suggesting investments in tech are paying off. Cyber risk remains persistently high at 27%, but at a lower level than the global average of 31%, while IP risk rises sharply, matching cyber as the leading concern by 2026. This rise in concern over IP risk indicates a growing concern over data, innovation and competitive advantage amid digital transformation, geopolitical tension and regulation pressures.
French executives report strengthening perceived resilience across all four cyber and technology risk areas. Confidence rises steadily from 2024 to 2026, particularly for disruption and IP risk. While growing cyber confidence reflects sustained investment, it is likely overstated. Overall, organisations appear to feel better prepared than in previous years to manage today’s evolving digital and regulatory threats.
This year, risk concerns diverge by company size. Large organisations are more concerned about disruption and cyber risk, reflecting greater exposure to operational scale and threat complexity. Small firms show higher concern around IP risk, likely tied to reliance on proprietary knowledge, while technology obsolescence is now a lesser concern for both groups.
Large organisations report significantly higher perceived resilience across all risk areas than smaller ones. Confidence is strongest for IP and disruption risk, reflecting greater investment and maturity. Small organisations show lower levels of resilience to these risks, suggesting resource and capability constraints continue to shape preparedness relative to larger organisations.
Large organisations in France anticipate more severe downstream impacts from cyber attacks than smaller ones, particularly around third-party liability, reputational damage and long term financial disruption. Small firms place more emphasis on management time and operational strain, highlighting differing exposure profiles and recovery challenges by company size.
Cyber risk concern varies significantly by sector in France, peaking in Tech, Media & Telecoms, Commercial Property and Healthcare & Life Science. However, perceived preparedness is highest in technology driven sectors, whereas lower levels of preparedness in Hospitality, Energy and the Public Sector reveal lower levels of preparedness, and reveals that their exposure to cyber risk may be underestimated.