Friday, March 20, 2026
Cybersecurity: a crucial issue for local authorities
AUDITGOVERN
Cybersecurity: a crucial issue for local authorities
Faced with the rise of cyber threats, cybersecurity has become a strategic priority for local authorities. The digital transformation of public services is accompanied by the increasing management of sensitive data—civil status records, social records, health data—and critical systems such as urban planning, education, and security. A cybersecurity breach can have major consequences, ranging from the paralysis of services to a loss of public trust.
A highly exposed sector
Local authorities have become prime targets for cybercriminals. Ransomware attacks, phishing campaigns, and distributed denial-of-service (DDoS) attacks are on the rise. In 2024, according to the French National Cybersecurity Agency (ANSSI), more than 40% of local authorities experienced a security incident. This figure underscores the urgent need for a collective and coordinated response.
Increasingly demanding regulatory obligations
Regulations are also evolving in response to these threats. Beyond obligations related to the protection of personal data (GDPR) and online services (RGS), the European NIS2 directive (currently being transposed at the time of writing) requires local authorities to strengthen their security and resilience. Reactive measures are no longer sufficient; it is now necessary to anticipate, structure, and implement an approach tailored to the specific challenges of the public sector in order to provide the necessary resilience to cyber threats. Strategy and compliance have become inseparable in this process.
Build a robust strategy and don't forget the fundamentals
Implementing an effective cybersecurity strategy relies primarily on fundamentals such as:
- The completion of an inventory of digital assets and technical and organizational vulnerabilities.
- Appointing an information systems security officer (ISSO), even on a part-time basis, ensures strategic guidance for this approach.
- Strengthening basic technical measures (security hygiene) = regular updates, offline backups, strong authentication, network segmentation, managed EDR, access review and strengthening password strength
- Raising awareness among staff and elected officials, as well as preparing for crisis management, strengthens overall resilience.
These measures require expertise that local authorities cannot rely on solely internal resources. This is why local authorities must anticipate, budget, and sometimes rely on outsourced services.
The ‘cybersecurity services’ market offered by CANUT: a shared response for the territories
To support communities in their cybersecurity approach, the CANUT purchasing center offers a framework agreement dedicated to Cybersecurity AMOA services, including: definition of security strategy and policies, technical audits (penetration testing, configuration review), support for cybersecurity regulations, certification, risk analysis, solution study, awareness and training.
Local authorities can therefore benefit from a market that meets their specific needs by subscribing through the CANUT portal.
For the South-East region (Auvergne-Rhône-Alpes, Provence-Alpes-Côte d’Azur, Corsica), the RED IT group (of which Avangarde Cyber Sécurité is a member) holds lot no. 6 of the framework agreement ‘cybersecurity services’ and provides local support with more than 100 security experts in the region.
Are you a CISO/IT Director/CISO within a local authority? Do you have questions or need more information about the cybersecurity services market? Come and meet us at Lyon Cyber Expo.