French companies are lagging behind on DMARC, a technical specification that secures domain names and email addresses and provides protection against phishing. Large companies like Chronopost, which have to send SMS and emails to their partners and thousands of customers every day and have not implemented DMARC policies, provide a backdoor to malicious actors who want to phish: By not securing their assets, they open the door for hackers to contact partners and customers while posing as a legitimate actor.

Red Sift, a new UK player specialising in digital asset protection, believes DMARC is about to take off among large and medium-sized companies in France for two main reasons.

The first concerns the EU’s NIS 2 directive, which creates cybersecurity obligations for large companies, but also for their partners. A necessary legislation, three years after a hacking attack on Sopra Steria allowed attackers to steal tens of millions of euros from the company and its partners. With a DMARC policy, you can protect against phishing and other presidential-related scams while meeting the requirements of NIS 2.

The second aspect is financial. Insurance companies assess a company’s level of cybersecurity and rely on that assessment to adjust the insurance rate. DMARC tools such as Red Sift’s Hardenize make it possible to identify vulnerabilities in the IT shield, provide actionable advice on how to fix them, and quickly improve the score assigned by the rating agencies – thereby lowering prices.

Consequently, the introduction of a DMARC policy fulfils numerous challenges: Securing the IT network, building trust, complying with the NIS2 directive and lowering insurance prices.