{"id":5455,"date":"2014-06-04T15:12:13","date_gmt":"2014-06-04T14:12:13","guid":{"rendered":"http:\/\/www.solucominsight.fr\/?p=5455"},"modified":"2019-12-23T11:14:05","modified_gmt":"2019-12-23T10:14:05","slug":"cybersecurite-quelle-prise-conscience-entreprises-analyse-rapports-annuels-du-cac40","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/06\/cybersecurite-quelle-prise-conscience-entreprises-analyse-rapports-annuels-du-cac40\/","title":{"rendered":"Cybers\u00e9curit\u00e9, quelle prise de conscience des entreprises ? Analyse des rapports annuels du CAC40"},"content":{"rendered":"<p>La <strong>cybers\u00e9curit\u00e9<\/strong> est au c\u0153ur de l\u2019actualit\u00e9 et de l\u2019\u00e9volution de la r\u00e9glementation. Elle constitue un enjeu majeur pour les entreprises qui doivent mettre en place des actions pour se prot\u00e9ger. Comment les plus grandes entreprises fran\u00e7aises s\u2019emparent-elles du sujet et comment cela se refl\u00e8te-t-il dans leurs rapports annuels ?<\/p>\n<p>L\u2019Autorit\u00e9 des march\u00e9s financiers (AMF) obligent depuis 2009 les entreprises \u00e0 pr\u00e9ciser les <i>facteurs risques<\/i> dans leurs rapports annuels. Nous avons donc souhait\u00e9 mesurer le niveau de prise en compte des risques SI en r\u00e9alisant pour cela une \u00e9tude comparative des rapports annuels des entreprises du CAC40 sur les ann\u00e9es 2010 (premi\u00e8re ann\u00e9e o\u00f9 l\u2019obligation a \u00e9t\u00e9 prise en compte) et 2013 (rapports les plus r\u00e9cents). L\u2019\u00e9tude a \u00e9t\u00e9 r\u00e9alis\u00e9e en se basant sur les rapports et documents de r\u00e9f\u00e9rence disponibles au 15 mai 2014.<\/p>\n<p>Elle nous a permis d\u2019identifier le niveau de prise en compte des enjeux cyber par ces entreprises et les actions mises en place pour se prot\u00e9ger.<\/p>\n<h2>Une prise en compte de la cybers\u00e9curit\u00e9 en forte augmentation mais qui reste \u00ab\u00a0timor\u00e9e\u00a0\u00bb<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5456\" src=\"http:\/\/www.solucominsight.fr\/wp-content\/uploads\/2014\/06\/entreprises-CAC40.jpg\" alt=\"entreprises CAC40\" width=\"605\" height=\"247\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/06\/entreprises-CAC40.jpg 605w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/06\/entreprises-CAC40-437x178.jpg 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/06\/entreprises-CAC40-71x29.jpg 71w\" sizes=\"auto, (max-width: 605px) 100vw, 605px\" \/><\/p>\n<p>L\u2019analyse des rapports montre une prise en compte forte des enjeux cybers\u00e9curit\u00e9 par les entreprises d\u00e8s l\u2019ann\u00e9e 2010, avec une augmentation en 2013\u00a0: en 2013, 95% des entreprises \u00a0mentionnent une strat\u00e9gie SSI contre 73% en 2010. Le terme \u00ab\u00a0cyber\u00a0\u00bb en lui-m\u00eame apparait dans plus de 50% des rapports annuels. La prise en compte des probl\u00e9matiques cybers\u00e9curit\u00e9 en France est donc quasi unanime. En comparaison, au Royaume-Uni, il apparait que <a href=\"http:\/\/www.scmagazineuk.com\/60-percent-of-ftse-companies-mention-cyber-security-risks-in-annual-reports\/article\/339052\/ \" target=\"_blank\" rel=\"noopener noreferrer\">seules 60% des entreprises du FTSE100 mentionnent la probl\u00e9matique des risques SI<\/a>. Ce chiffre est cependant \u00e0 nuancer car la base de comparaison de <a href=\"https:\/\/www.trustwave.com\/Resources\/Trustwave-Blog\/Has-Cyber-Security-Awareness-Improved-Among-the-Largest-U-K--Businesses-\/\" target=\"_blank\" rel=\"noopener noreferrer\">ces deux \u00e9tudes<\/a> est diff\u00e9rente (40 entreprises au CAC vs 100 au FTSE).<\/p>\n<p>La part des entreprises ayant initi\u00e9 des actions pour faire face aux risques SSI est \u00e9galement croissante\u00a0: elle est pass\u00e9e de 45% en 2010 \u00e0 78% en 2013.<\/p>\n<p>Malgr\u00e9 cette prise en compte de plus en plus croissante, les entreprises sont encore peu loquaces d\u00e8s lors qu\u2019il s\u2019agit de mentionner les incidents cyber dont elles ont pu \u00eatre victimes. Deux entreprises uniquement le pr\u00e9cisent, alors qu\u2019elles sont beaucoup plus nombreuses \u00e0 en avoir \u00e9t\u00e9 victimes (publiquement \u00a0ou non). Ce sujet est encore tabou\u00a0; l\u2019\u00e9volution du cadre r\u00e9glementaire \u00e0 venir dans les prochaines ann\u00e9es devrait changer la donne.<\/p>\n<h2>Des informations h\u00e9t\u00e9rog\u00e8nes dans les rapports de 2013<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-5457 alignleft\" src=\"http:\/\/www.solucominsight.fr\/wp-content\/uploads\/2014\/06\/chiffres-cles-cac-40.png\" alt=\"chiffres cles cac 40\" width=\"211\" height=\"332\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/06\/chiffres-cles-cac-40.png 211w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/06\/chiffres-cles-cac-40-121x191.png 121w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/06\/chiffres-cles-cac-40-25x39.png 25w\" sizes=\"auto, (max-width: 211px) 100vw, 211px\" \/>Ces rapports mettent en lumi\u00e8re les sujets cl\u00e9s pour les entreprises aujourd\u2019hui.\u00a0 Beaucoup mentionnent la n\u00e9cessit\u00e9 de l\u2019ouverture de leurs syst\u00e8mes d\u2019information, de la protection des donn\u00e9es personnelles et les \u00e9volutions organisationnelles et technologiques que cela pourrait entra\u00eener. Les impacts du Big Data, du Cloud Computing ou du BYOD sont cit\u00e9s dans plus de la moiti\u00e9 des rapports. \u00a0<b><\/b><\/p>\n<p>Les entreprises pr\u00e9cisent \u00e9galement les menaces auxquelles elles doivent faire face. Une trace du pass\u00e9 subsiste car encore beaucoup de rapports mentionnent les virus. Mais pour la majorit\u00e9 des entreprises, l\u2019espionnage industriel et l\u2019\u00e9volution de la cybercriminalit\u00e9 apparaissent comme des craintes fortes\u00a0: ces deux tendances sont pr\u00e9sent\u00e9es comme des menaces pesant sur l\u2019entreprise. \u00c0 noter, un r\u00e9alisme de plusieurs acteurs qui indiquent subir ou pouvoir subir des pertes dues \u00e0 ces menaces, malgr\u00e9 les efforts de protection et la prise en compte de ces risques. Le message semble s&#8217;\u00eatre bien diffus\u00e9 : l\u2019invuln\u00e9rabilit\u00e9 n\u2019existe pas en mati\u00e8re de cybercriminalit\u00e9. Cette prise en compte se manifeste \u00e9galement par la mention de normes, standards internationaux ou recommandations faites par des acteurs comme l\u2019Agence Nationale de la S\u00e9curit\u00e9 des Syst\u00e8mes d\u2019Information (ANSSI) ou l\u2019Organisation Internationale de Normalisation (ISO), m\u00eame si seules cinq entreprises mentionnent utiliser ces normes. Ce chiffre qui peut paraitre faible par rapport \u00e0 la r\u00e9alit\u00e9 observ\u00e9e sur le terrain.<\/p>\n<p>Le sujet de la s\u00e9curit\u00e9 des SI industriels reste le parent pauvre des rapports. Alors qu&#8217;il concerne la moiti\u00e9 des entreprises du CAC 40, seules 3 le mentionnent dans leur rapport.<\/p>\n<p>Il est \u00e9galement int\u00e9ressant de relever que la nature de la cible des rapports annuels (actionnaires, investisseurs) modifie la nature des messages. Plus que de projets techniques de s\u00e9curisation, les entreprises parlent de gouvernance s\u00e9curit\u00e9 et de contr\u00f4le interne. Le niveau de prise en compte est \u00e9galement tr\u00e8s variable dans le vocabulaire utilis\u00e9 et la pr\u00e9cision des termes employ\u00e9s.\u00a0 Il doit cependant \u00eatre relativis\u00e9 consid\u00e9rant le degr\u00e9 d\u2019implication des fonctions s\u00e9curit\u00e9 dans la r\u00e9daction des rapports&#8230; et la sensibilisation encore jeune des fonctions communication et financi\u00e8re responsables de ces documents aux probl\u00e9matiques s\u00e9curit\u00e9. Les informations communiqu\u00e9es et le niveau de d\u00e9tails\u00a0 des programmes mis en \u0153uvre est \u00e9galement tr\u00e8s variable\u00a0: de quelques lignes mentionnant le risque \u2026 \u00e0 des extraits des m\u00e9thodologies utilis\u00e9es.<\/p>\n<h2>\u00a0Quelles \u00e9volutions attendre dans les rapports de 2014\u00a0?<\/h2>\n<p>Plus personne ne nie aujourd\u2019hui l\u2019enjeu cybers\u00e9curit\u00e9. Les entreprises semblent ainsi de plus en plus conscientes des impacts potentiels et agissent afin de se prot\u00e9ger. Des efforts de transparence sont cependant encore \u00e0 r\u00e9aliser, particuli\u00e8rement concernant la notification des incidents et leur mention.<\/p>\n<p align=\"left\">La prise en compte de la cybers\u00e9curit\u00e9 devrait encore conna\u00eetre une augmentation forte entre 2013 et 2014, du fait de la succession des incidents mais aussi de la promulgation de la Loi de Programmation Militaire, qui entra\u00eeneront m\u00e9caniquement des actions dans les entreprises concern\u00e9es (notamment les Op\u00e9rateurs d\u2019Importance Vitale).<\/p>\n<p align=\"left\">[Article r\u00e9dig\u00e9 sur la base d&#8217;une \u00e9tude r\u00e9alis\u00e9e par <strong>Oumeima Guessous<\/strong>, <strong>Pierre-Alain Pocquet<\/strong> et<strong> Victor Stril, <\/strong>consultants]<\/p>\n<div>\n<hr align=\"left\" size=\"1\" width=\"33%\" \/>\n<hr align=\"left\" size=\"1\" width=\"33%\" \/>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>La cybers\u00e9curit\u00e9 est au c\u0153ur de l\u2019actualit\u00e9 et de l\u2019\u00e9volution de la r\u00e9glementation. Elle constitue un enjeu majeur pour les entreprises qui doivent mettre en place des actions pour se prot\u00e9ger. Comment les plus grandes entreprises fran\u00e7aises s\u2019emparent-elles du sujet&#8230;<\/p>\n","protected":false},"author":15,"featured_media":6147,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3222,36,34],"tags":[],"coauthors":[837],"class_list":["post-5455","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyberrisk-management-strategy","category-cybersecurity-digital-trust","category-strategie-d-entreprise"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Cybers\u00e9curit\u00e9, quelle prise de conscience des entreprises ? Analyse des rapports annuels du CAC40 - RiskInsight<\/title>\n<meta name=\"description\" content=\"Comment les grandes entreprises fran\u00e7aises s\u2019emparent-elles de l&#039;enjeu de la cybers\u00e9curit\u00e9 et comment cela se refl\u00e8te-t-il dans leurs rapports annuels ?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/06\/cybersecurite-quelle-prise-conscience-entreprises-analyse-rapports-annuels-du-cac40\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cybers\u00e9curit\u00e9, quelle prise de conscience des entreprises ? Analyse des rapports annuels du CAC40 - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"Comment les grandes entreprises fran\u00e7aises s\u2019emparent-elles de l&#039;enjeu de la cybers\u00e9curit\u00e9 et comment cela se refl\u00e8te-t-il dans leurs rapports annuels ?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/06\/cybersecurite-quelle-prise-conscience-entreprises-analyse-rapports-annuels-du-cac40\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2014-06-04T14:12:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-12-23T10:14:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/06\/fotolia-59730780.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1500\" \/>\n\t<meta property=\"og:image:height\" content=\"996\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"G\u00e9r\u00f4me Billois\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"G\u00e9r\u00f4me Billois\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/06\/cybersecurite-quelle-prise-conscience-entreprises-analyse-rapports-annuels-du-cac40\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/06\/cybersecurite-quelle-prise-conscience-entreprises-analyse-rapports-annuels-du-cac40\/\"},\"author\":{\"name\":\"G\u00e9r\u00f4me Billois\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17\"},\"headline\":\"Cybers\u00e9curit\u00e9, quelle prise de conscience des entreprises ? Analyse des rapports annuels du CAC40\",\"datePublished\":\"2014-06-04T14:12:13+00:00\",\"dateModified\":\"2019-12-23T10:14:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/06\/cybersecurite-quelle-prise-conscience-entreprises-analyse-rapports-annuels-du-cac40\/\"},\"wordCount\":968,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/06\/cybersecurite-quelle-prise-conscience-entreprises-analyse-rapports-annuels-du-cac40\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/06\/fotolia-59730780.jpg\",\"articleSection\":[\"Cyberrisk Management &amp; Strategy\",\"Cybersecurity &amp; Digital Trust\",\"M\u00e9tiers - Strat\u00e9gie d\u2019entreprise\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/06\/cybersecurite-quelle-prise-conscience-entreprises-analyse-rapports-annuels-du-cac40\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/06\/cybersecurite-quelle-prise-conscience-entreprises-analyse-rapports-annuels-du-cac40\/\",\"name\":\"Cybers\u00e9curit\u00e9, quelle prise de conscience des entreprises ? Analyse des rapports annuels du CAC40 - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/06\/cybersecurite-quelle-prise-conscience-entreprises-analyse-rapports-annuels-du-cac40\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/06\/cybersecurite-quelle-prise-conscience-entreprises-analyse-rapports-annuels-du-cac40\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/06\/fotolia-59730780.jpg\",\"datePublished\":\"2014-06-04T14:12:13+00:00\",\"dateModified\":\"2019-12-23T10:14:05+00:00\",\"description\":\"Comment les grandes entreprises fran\u00e7aises s\u2019emparent-elles de l'enjeu de la cybers\u00e9curit\u00e9 et comment cela se refl\u00e8te-t-il dans leurs rapports annuels ?\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/06\/cybersecurite-quelle-prise-conscience-entreprises-analyse-rapports-annuels-du-cac40\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/06\/cybersecurite-quelle-prise-conscience-entreprises-analyse-rapports-annuels-du-cac40\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/06\/cybersecurite-quelle-prise-conscience-entreprises-analyse-rapports-annuels-du-cac40\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/06\/fotolia-59730780.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/06\/fotolia-59730780.jpg\",\"width\":1500,\"height\":996},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/06\/cybersecurite-quelle-prise-conscience-entreprises-analyse-rapports-annuels-du-cac40\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybers\u00e9curit\u00e9, quelle prise de conscience des entreprises ? Analyse des rapports annuels du CAC40\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17\",\"name\":\"G\u00e9r\u00f4me Billois\",\"description\":\"G\u00e9r\u00f4me Billois is a Partner at Wavestone in the Cybersecurity and Digital Trust practice. He graduated from the National Institute of Applied Sciences in Lyon. He has deep expertise in risk management and cybersecurity, developed over more than 15 years of experience. G\u00e9r\u00f4me is a board member of CLUSIF, a member of the ISO JTC1\/SC27 committee, responsible for information security standardisation, and a founding member of Club27001, a non-profit dedicated to promoting the ISO 27001 standard. He holds CISA, CISSP and ISO 27001 PA certifications. G\u00e9r\u00f4me co-authored several books on cybersecurity (Eyrolles, Cepadues, Wiley &amp; Sons, Larcier), is a regular media and conference speaker (Assises de la S\u00e9curit\u00e9, ISACA, CLUSIF, CNIS, etc.), and gives university lectures.\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/gerome-billois\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cybers\u00e9curit\u00e9, quelle prise de conscience des entreprises ? Analyse des rapports annuels du CAC40 - RiskInsight","description":"Comment les grandes entreprises fran\u00e7aises s\u2019emparent-elles de l'enjeu de la cybers\u00e9curit\u00e9 et comment cela se refl\u00e8te-t-il dans leurs rapports annuels ?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/06\/cybersecurite-quelle-prise-conscience-entreprises-analyse-rapports-annuels-du-cac40\/","og_locale":"en_US","og_type":"article","og_title":"Cybers\u00e9curit\u00e9, quelle prise de conscience des entreprises ? Analyse des rapports annuels du CAC40 - RiskInsight","og_description":"Comment les grandes entreprises fran\u00e7aises s\u2019emparent-elles de l'enjeu de la cybers\u00e9curit\u00e9 et comment cela se refl\u00e8te-t-il dans leurs rapports annuels ?","og_url":"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/06\/cybersecurite-quelle-prise-conscience-entreprises-analyse-rapports-annuels-du-cac40\/","og_site_name":"RiskInsight","article_published_time":"2014-06-04T14:12:13+00:00","article_modified_time":"2019-12-23T10:14:05+00:00","og_image":[{"width":1500,"height":996,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/06\/fotolia-59730780.jpg","type":"image\/jpeg"}],"author":"G\u00e9r\u00f4me Billois","twitter_misc":{"Written by":"G\u00e9r\u00f4me Billois","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/06\/cybersecurite-quelle-prise-conscience-entreprises-analyse-rapports-annuels-du-cac40\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/06\/cybersecurite-quelle-prise-conscience-entreprises-analyse-rapports-annuels-du-cac40\/"},"author":{"name":"G\u00e9r\u00f4me Billois","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17"},"headline":"Cybers\u00e9curit\u00e9, quelle prise de conscience des entreprises ? Analyse des rapports annuels du CAC40","datePublished":"2014-06-04T14:12:13+00:00","dateModified":"2019-12-23T10:14:05+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/06\/cybersecurite-quelle-prise-conscience-entreprises-analyse-rapports-annuels-du-cac40\/"},"wordCount":968,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/06\/cybersecurite-quelle-prise-conscience-entreprises-analyse-rapports-annuels-du-cac40\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/06\/fotolia-59730780.jpg","articleSection":["Cyberrisk Management &amp; Strategy","Cybersecurity &amp; Digital Trust","M\u00e9tiers - Strat\u00e9gie d\u2019entreprise"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/06\/cybersecurite-quelle-prise-conscience-entreprises-analyse-rapports-annuels-du-cac40\/","url":"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/06\/cybersecurite-quelle-prise-conscience-entreprises-analyse-rapports-annuels-du-cac40\/","name":"Cybers\u00e9curit\u00e9, quelle prise de conscience des entreprises ? Analyse des rapports annuels du CAC40 - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/06\/cybersecurite-quelle-prise-conscience-entreprises-analyse-rapports-annuels-du-cac40\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/06\/cybersecurite-quelle-prise-conscience-entreprises-analyse-rapports-annuels-du-cac40\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/06\/fotolia-59730780.jpg","datePublished":"2014-06-04T14:12:13+00:00","dateModified":"2019-12-23T10:14:05+00:00","description":"Comment les grandes entreprises fran\u00e7aises s\u2019emparent-elles de l'enjeu de la cybers\u00e9curit\u00e9 et comment cela se refl\u00e8te-t-il dans leurs rapports annuels ?","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/06\/cybersecurite-quelle-prise-conscience-entreprises-analyse-rapports-annuels-du-cac40\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2014\/06\/cybersecurite-quelle-prise-conscience-entreprises-analyse-rapports-annuels-du-cac40\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/06\/cybersecurite-quelle-prise-conscience-entreprises-analyse-rapports-annuels-du-cac40\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/06\/fotolia-59730780.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/06\/fotolia-59730780.jpg","width":1500,"height":996},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/06\/cybersecurite-quelle-prise-conscience-entreprises-analyse-rapports-annuels-du-cac40\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Cybers\u00e9curit\u00e9, quelle prise de conscience des entreprises ? Analyse des rapports annuels du CAC40"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17","name":"G\u00e9r\u00f4me Billois","description":"G\u00e9r\u00f4me Billois is a Partner at Wavestone in the Cybersecurity and Digital Trust practice. He graduated from the National Institute of Applied Sciences in Lyon. He has deep expertise in risk management and cybersecurity, developed over more than 15 years of experience. G\u00e9r\u00f4me is a board member of CLUSIF, a member of the ISO JTC1\/SC27 committee, responsible for information security standardisation, and a founding member of Club27001, a non-profit dedicated to promoting the ISO 27001 standard. He holds CISA, CISSP and ISO 27001 PA certifications. G\u00e9r\u00f4me co-authored several books on cybersecurity (Eyrolles, Cepadues, Wiley &amp; Sons, Larcier), is a regular media and conference speaker (Assises de la S\u00e9curit\u00e9, ISACA, CLUSIF, CNIS, etc.), and gives university lectures.","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/gerome-billois\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/5455","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=5455"}],"version-history":[{"count":10,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/5455\/revisions"}],"predecessor-version":[{"id":12428,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/5455\/revisions\/12428"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/6147"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=5455"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=5455"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=5455"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=5455"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}