Cybersecurity and Industrial Resilience: A Growing Concern
€250 Million: The Cost of a Cyber Attack on Saint-Gobain
The amount of €250 million is a stark reminder of the magnitude of the challenges facing the global industrial sector. This figure, highlighted during a professional meeting in Tunis, summarizes the extent of the risks that now weigh on the industry.
The Evolving Threat Landscape
In the context of the "Cybersecurity and Business Resilience" event, organized by the Tunisian-French Chamber of Commerce and Industry (CCITF), a panel of experts discussed the issue of industrial systems exposed to cyber threats. Moderated by Professor Faouzi Moussa, a specialist in new technologies, the discussion shed light on a often underestimated reality: the connected factory has become, willingly or not, a battleground for organized adversaries.
A Radically Expanded Defense Perimeter
For decades, industrial environments operated in isolation, impermeable to external intrusions. The advent of Industry 4.0 has put an end to this natural fortress. By merging operational technologies (OT) and traditional information technology (IT), digitalization has created vulnerabilities that malicious actors, including organized crime groups and state-sponsored entities, are eager to exploit.
The Challenges of Industrial Cybersecurity
Ali Laribi, founder of Fortress Plus and a cybersecurity consultant, described this transformation with precision. In an industrial environment, the security priorities are different from those in an office setting: the availability of systems and the physical protection of operators take precedence over data confidentiality. However, industrial infrastructures face two major structural handicaps: the continued use of outdated technologies, which are often unpatched and vulnerable, and the introduction of new attack surfaces through digitalization. As a result, the cybersecurity maturity of the industrial sector lags significantly behind that of the financial sector, with a compliance rate of around 40% in France.
The Importance of Regulatory Frameworks
According to Ali Laribi, regulatory frameworks such as the NIS 2 directive and the European Cyber Resilience Act are essential for imposing a common defense standard on critical infrastructures.
Sagemcom: Cybersecurity as a Condition for Industrial Survival
Rim Raboudi, Director of Information Security at Sagemcom, a manufacturer of connected products, demonstrated the importance of cybersecurity in the industrial sector. The company's production chain cannot tolerate any interruptions, with each shutdown resulting in millions of euros in losses. In response, Sagemcom has structured its cybersecurity approach around several pillars, including a dual governance system, a Factory Security Officer, and adherence to international standards such as ISO 27001.
Safran: The Risk of Industrial Espionage
The Safran group, which employs 3,500 people in Tunisia and 110,000 worldwide, illustrates another aspect of industrial cyber risk: the protection of intellectual property. With 1,300 patents filed in 2025, the company is a prime target for economic espionage.
Persistent Blind Spots in Cyber Governance
Myriam Khelifi, a cybersecurity expert at EY, highlighted the structural weaknesses that industrial organizations continue to maintain despite themselves. These include:
- The lack of clear responsibilities in the event of an incident
- The absence of a prior mapping of critical assets, leading to dispersed investments in security solutions
- The vulnerability of the supply chain, with many compromises occurring through unverified access granted to suppliers
- The lack of preparedness among executive teams to manage complex industrial cyber crises
These weaknesses are documented in the 2025 Cybersecurity Barometer, conducted in collaboration with the CESIA among 400 organizations across the African continent, including over a quarter of Tunisian respondents. The data is clear: despite a growing awareness of threats, 44% of organizations still allocate less than 5% of their IT budget to cybersecurity. In terms of governance, more than 40% of CISOs remain attached to the IT department, limiting their independence and strategic capacity.
Conclusion
The gap between the growing threat and stagnant resources remains a concern. As the industry continues to evolve, it is essential to address these blind spots and prioritize cybersecurity to ensure the resilience of industrial systems.
