Attacks on security equipment at the edge of information systems, targeted ransomware, sophisticated phishing attacks, attacks on supply chains, theft and leakage of sensitive data, exploitation of vulnerabilities in everyday tools: the cyber security landscape is changing fast, driven by the increasing professionalism of cyber criminals and the proliferation of attack vectors. Cyber threats now come from everywhere and spare no-one: from very small businesses to major groups, including public authorities, healthcare and higher education establishments, no organisation is immune. Whatever its size, business sector or level of digital maturity. Against this backdrop, how can you anticipate tomorrow's cyber attacks, strengthen your organisational resilience and ensure that cyber security becomes everyone's business?

Europe's cybersecurity regulatory landscape is expanding at a rapid pace: the NIS2 directive for critical sectors, the DORA regulation for the financial sector, the Cyber Resilience Act (CRA) for digital products, etc. These reference texts impose new obligations in terms of resilience, transparency, governance and security. But between legal complexity and operational impact, companies often struggle to turn these requirements into concrete action plans. Common points, specific features, upcoming deadlines: how do these three major regulatory pillars affect organisations' cyber resilience strategies? What are the essential steps for compliance? How do these requirements fit in with existing cyber security systems? What are the new responsibilities for managers, CIOs and technology suppliers? Here are some answers, to help you move from a reactive approach to a controlled compliance strategy.

Against a backdrop of accelerating digitalisation and increasingly sophisticated cyber threats, the question is no longer whether an organisation will be targeted, but when and how. SMEs and SMIs in particular are on the front line when it comes to cyber attacks, which are often targeted precisely because they are less prepared than large companies. Yet it is possible to protect oneself effectively without mobilising resources that are out of reach. It all starts with a clear understanding of your exposure to risk. That's why cyber risk analysis is becoming an essential step in anticipating vulnerabilities, prioritising security actions and strengthening resilience. How can we put in place a practical approach to assessing exposure to cyber threats? What are the tools and methodologies for identifying the relevant risks? How can technical issues be translated into strategic decisions? What practices should you adopt to build a clear, actionable risk map tailored to your sector? Discover the keys to moving from a reactive posture to a genuine culture of proactive risk management.

Quantum computing, still in its infancy, already poses a credible threat to the traditional cryptographic algorithms on which information system security is based. Faced with this prospect, post-quantum cryptography (PQC) is no longer a theoretical possibility: it is becoming a strategic imperative to protect today the data that must remain confidential tomorrow. Algorithms currently being standardised (NIST), performance and implementation challenges, constraints for integration into existing systems and transition timelines for businesses and government agencies: is quantum-resistant cryptography technically and operationally ready? Discover the cryptographic changes that must be made without delay, or risk exposing critical infrastructure to future threats today.

In a context where industrial infrastructures are increasingly interconnected, managing access to control systems (SCADA, PLC, DCS, etc.) has become a key issue in operational cybersecurity. Remote access, external maintenance, network segmentation, user rights: the slightest flaw can open the door to attacks with serious consequences for production, security and business continuity. What are the specific challenges of identity and access management (IAM) in industrial environments? How can security, traceability and operational continuity be reconciled? What tools and methodologies can be used to control access without slowing down field teams or service providers? With securing access to industrial control systems no longer just a best practice but a regulatory requirement (NIS2 directive, IEC 62443 and ISO/IEC 27001 standards), critical infrastructure operators and industrial companies must implement robust, traceable access policies tailored to the specificities of OT environments.

With cyberattacks on the rise and increasingly targeting smaller organisations, SMEs/SMIs and local authorities are now seen as the weak links in cybersecurity. Limited resources, heterogeneous infrastructure and a lack of awareness mean that these players are highly vulnerable, despite performing functions that are essential to the economy and everyday life. However, there is a clear mismatch between the specific needs of these organisations and the current offering in terms of cybersecurity. In this context, what responsibilities do public authorities, cybersecurity service providers and contractors have? How can we build a more accessible, clearer and better tailored cybersecurity offering that takes into account their constraints, in order to rethink cybersecurity that is trustworthy and adapted to the realities on the ground?

At a time when the ecological transition is forcing us to rethink our digital habits, sobriety is becoming imperative. Bucking the trend, cybersecurity systems are based on increasingly heavy architectures: multiple logs, redundant infrastructure, intensive encryption, real-time monitoring, long-term storage, etc. While these practices are essential to ensuring system security, they also generate a growing environmental footprint that is often overlooked in digital sobriety assessments. So how can we reconcile digital security with the demand for sobriety? Is it possible to secure systems in other ways, with less complexity, less data and a smaller footprint? Event log reduction and intelligent governance, selective encryption, Zero Trust and Edge computing architectures, security data retention periods, and the sharing of cyber tools at sectoral or regional level: what approaches can reduce environmental impact without exposing organisations to risk?

With the new European Machinery Regulation set to come into force in January 2027, cybersecurity is becoming a regulatory requirement for manufacturers, integrators and operators of industrial equipment. Designed to address the growing risks associated with the digitisation of machines and the interconnection of systems, this regulation imposes new IT security requirements from the design stage and throughout the entire life cycle of equipment. This new legal framework has concrete consequences for industrial players. What cyber requirements must be incorporated into design and conformity assessment? How can a ‘cybersecurity by design’ approach be implemented that is compatible with industrial processes? Find out how to prepare for secure and long-lasting compliance of your equipment and facilities.

The Zero-Trust model is emerging as a strategic response to modern threats, based on a simple principle: never trust, always verify. But between stated ambitions and the reality of existing information systems, integrating Zero-Trust remains a major challenge for businesses and public institutions alike. How can you assess your organisation's readiness for this paradigm shift? How can you integrate Zero Trust principles into an existing IT system without rebuilding everything? Which technological building blocks should you use (identity, micro-segmentation, supervision, IAM, SASE)? What governance should you put in place to align security, business and IT? There are many technical, organisational and operational challenges associated with implementing Zero Trust in complex, often heterogeneous and interconnected environments.

When faced with a cyberattack, every minute counts. Beyond technical emergency measures, the relationship with law enforcement agencies becomes a key lever for an effective, coordinated response that complies with legal obligations. However, many organisations still approach this cooperation in a rush, without a clear framework or advance strategy. When and how should you alert the public prosecutor's office, the police or the specialised gendarmerie? What information should be shared, in what form, and with what guarantees of confidentiality? How can you balance the requirements of the investigation, business recovery and crisis communication? Clarifying the legal, operational and organisational issues related to cyber crisis management in conjunction with the relevant authorities enables collaboration based on trust, responsiveness and compliance.

Cybersecurity is now a strategic issue for all organisations. But you still need the right talent to implement it. Against a backdrop of growing threats, companies are facing a chronic shortage of skilled professionals, exacerbated by increasing regulatory requirements, the diversification of cyber professions and the global war for talent. What profiles are really in demand today, and what skills do they require? How can you attract and retain talent in a highly competitive field? What role do work-study programmes, retraining, hybrid career paths and self-taught skills play? How can you rethink your recruitment criteria in the face of rapidly evolving technologies and threats? Discover practical insights to adapt your practices, open up the skills pool and build strong, sustainable cyber teams.