In a global context, where threats are evolving rapidly (identity theft, ransoms…) and where regulations strengthen our legislative capabilities (RGPD, CCPA, NIS Directive, EU Cybersecurity Act…), Cybersecurity and Digital Trust teams within Wavestone have analysed the maturity levels of cybersecurity of businesses who are in a major financial centers. For this study, the practice has analysed financial communications (annual reports, international data agreements, Form 10-K or 20-F etc) from 290 businesses, published on the 1st of June 2020.

Regulated financial communications are the opportunity for businesses to communicate with their investors, in a transparent way, about the cyber-risk and to highlight their investments in regard to these cyber-risks. Whilst some companies are beginning to show signs of maturity, not all of them yet are seizing this opportunity.

Discover the results of this unique study, which analyzes the level of maturity shown from all the following angles: involvement of executive committees, investments in cybersecurity, GDPR, governance, risks, etc.

In addition to this international analysis, each Wavestone office carried out a detailed study, shedding light on the practices observed locally. The detailed studies make it possible to deepen the analysis completed on all the themes.


For the first year, the CAC 40 takes the lead in the rankings. French companies are showing good signs of maturity (involvement of managers, systematization of control structures, GDPR, awareness raising, etc.)

Find out more

United States

In 2nd position, the US particularly stands out with a strong financial sector. A solid jump by the Service sector and significant cybersecurity investments and programmes were observed.

Find out more

United Kingdom

The United Kingdom demonstrates a high-level of understanding of cyber risks and a significant commitment by Executive Committees on the subject of cybersecurity.

Find out more



The IT sector leads the way in Belgium and BEL20 companies feature a solid coverage of privacy matters and a good level of investments in cybersecurity programmes.

Find out more


This year, SMI companies finally showcase a good level of coverage regarding cybersecurity issues. Sharp increases in GDPR coverage and Executives Committees involvement were observed.

Find out more

Hong Kong

hong kong

HSI companies demonstrate a low average and highly variable score: the IT sector scores best, Finance is underperforming, and Food & Agriculture seems to ignore the matter.

Find out more


hong kong

Cybersecurity Governance is the topic where Singapore’s STI scores best in our global study. Finance and Technology sectors are ahead of the curve, while other industries demonstrate a low average.

Find out more

This publication was produced with the contributions of:

Abdelkarim ABDERRAHIM, Maryam AHSINA, Pablo ALONSO, Gérôme BILLOIS, Dominique BONNARD, Umar DAR, Eudes DESCROIX, Florian DROUIN, Anne GLOWACKI, Barbara GUEZ, Joy HAN, Chadi HANTOUCHE, Noëmie HONORE, Adam JONES, Othman LASRI, Yvan LEROUX, Alexandre LUKAT, Will MATHER, Valery PIALAT, Florian POUCHET, Shweta RAI, Marie SCHMIDT, Olivia SPRINGATE, Marc VAN OENE, Joseph VITOUX, Dominique YANG, Anthony YIP