Orange Cyberdefense's 'Come to Jesus' moment: getting closer to the mother, facing eternity, whispers & prayers

Orange Cyberdefense hosted an Analyst Day to share its evolutions and strategic updates. Some changes in the approach related to Orange Group and the evolution of posture are noticable.

Coming closer to the mother ship

Mitesh Chauhan (Global SVP, Product Management) described Orange Cyberdefense’s plans to leverage the broader Orange Group’s research and infrastructure capabilities. “With current AI and agentic wave and next PQC agenda, we must rely on Orange Group assets such as Orange Innovation for Agentic IA and PQC, Orange Business for SaSe and QKD,” Chauhan stated.

Orange Cyberdefense’s decision to tighten integration with Orange Group represents a calculated bet that the technological complexity of two emerging landscapes—artificial intelligence overall impact from defending to using and the coming transition to post-quantum cryptography—requires resources beyond what even a large MSSP can independently marshal.

PQC begins to show a transition agenda. It should start in the banking industry before the end of 2026, following recommendations from various regulators and authorities. Orange Cyberdefense, once somewhat distant from the Mother company ecosystems because of history and spin-out attempts, is now coming closer to the Groupe Technical systems, mainly Orange Innovation for PQC.

Orange Innovation’s efforts in PQC and quantum key distribution (QKD), via Orange Business, provide Orange Cyberdefense with early access to cryptographic technologies expected to become standard in enterprise security within the next five to seven years. Similarly, as AI moves from narrow machine learning models to agentic systems that can autonomously pursue goals and adapt strategies, Orange Cyberdefense gains competitive advantage by connecting to Orange Innovation’s research to evaluate current and future options  rather than waiting for these capabilities to commoditize in the security vendor marketplace.

As a matter of fact, Orange is rather well positioned in the PQC market by leveraging its network assets for Qbit distribution and safety, cybersecurity expertise, and overall network legacy. Orange Business will offer Go to Market options to bB2 clients.

The scale of transformation, not a new religion

Hugues Foulon (CEO) delivered numbers that signal Orange Cyberdefense has crossed a threshold in the enterprise cybersecurity market. “We are adding a unit to our contracts. We have now multiple digit deals greater than twenty million euros” Foulon stated. These contracts represent not just revenue growth but a fundamental change in how European mid-market and enterprise customers are purchasing cybersecurity as an integrated platform rather than point solutions.

Beyond massive multiyear contracts, Orange Cyberdefense also emphasises its SME success with MicroSoc, a fully integrated « one portal » MSSP Service. Orange Cyberdefense is positioning itself to capture this Cybersecurity SMB adoption wave with a clear focus in France, Spain, Belgium, Switzerland, Romania, and Slovakia, where Orange’s footprint is strong with direct-operated telco services. This evolution becomes even more significant when understood against the backdrop of Europe’s NIS2 directive, which is driving small and medium enterprises.  

The constant Revenus growth (2023/204 : +11%) and the high level of revenues (1.3 billion € in 2025, PAC estimates) are not new in the Orange Cyberdefence report that has demonstrated for three years its real capacity to reach continental influence when it comes to operations from sales to delivery.

The vendors pressure rings hell’s bells…

Olivier de Paillerets, (Executive vice Presdient, Marketing & Technologies) articulated a tension that defines the current MSSP marketplace but is rarely spoken aloud. “As MSSP, we are currently under heavy pressure by international editors. Things must be more balanced, when they get breached, we are facing the customers at first. Anytime it is possible, we are building our platform service with local vendors” de Paillerets explained.

This statement reveals the structural imbalance in cybersecurity’s ecosystem. When global software vendors experience security breaches or their products fail to prevent attacks, managed security service providers like Orange Cyberdefense stand on the front lines facing angry customers and managing incident response.

De Paillerets’ commitment to incorporating local vendors into Orange Cyberdefense’s platform represents both a sovereignty play and a risk management strategy, creating a more distributed and resilient supply chain that reduces dependence on any single vendor whose security failure could cascade across Orange Cyberdefense’s entire customer base.

This approach aligns particularly well with the emerging political economy of European cybersecurity, where questions of digital sovereignty have shifted from academic debates to boardroom priorities. Orange Cyberdefense is treading a delicate line, recognising that it cannot entirely avoid major international security vendors while simultaneously creating options through local partnerships that give European customers greater control over their security infrastructure. To some extent, the move to more local vendors may be a form of forgiveness in response to many local criticisms that often targeted the partner choices in the « MicroSoc » building.

Facing eternity with the « Lighthouse philosophy »

Erik van Dijk (Product Manager, CTI) described Orange Cyberdefense’s aspirational identity shift. “Given our Threat Intelligence sources and analysing capacity, we are willing to become a lighthouse preventing impacts instead of a lifeboat rescuing after disaster” van Dijk declared.

The traditional MSSP model emphasises incident response capabilities—the lifeboat that arrives after an organisation has been breached to contain damage, investigate root causes, and restore operations.

As a new paradigm, the lighthouse model positions Orange Cyberdefense as a forward-looking intelligence capability that helps organisations understand threats before they materialise into breaches and make risk-informed decisions about where to invest in security controls. As a matter of fact, by adding CTI (Cyber Threat Intelligence) with an internal Impact model (C.T.E.M for Cyber Threat Exposure Management), Orange Cyberdefense mitigates real-life risks with detailed exposure on clients’ assets, able to generate an impact analysis per situation.

Operationally, this means Orange Cyberdefense is elevating threat intelligence and business impact analysis from supporting functions to core differentiators. Rather than simply detecting and responding to attacks, Orange Cyberdefense aims to provide customers with contextualized intelligence about which threats are most likely to target their specific assets and what the business consequences would be if those attacks succeeded.

By positioning as a lighthouse that provides continuous intelligence about threats navigated around rather than merely responding to occasional disasters, Orange Cyberdefense creates more visible and measurable value that justifies the multiple-digit deals Foulon described.

Sovereignty, like a prayer… but no miracles on business

The Analyst Day revealed that Orange Cyberdefense receives constant questions about digital sovereignty from customers and government stakeholders, even as actual contracts based purely on sovereignty considerations remain limited. Whispers & prayers more than effective business evolution. 

By incorporating more local editors and vendors into its SME platform, the company creates sovereignty optionality for customers who value it while maintaining the flexibility to leverage best-of-breed capabilities regardless of origin. This approach acknowledges that complete independence from global security vendors is neither technically feasible nor commercially attractive for most organizations, but that having European alternatives available reduces geopolitical risk and provides negotiating leverage.

Orange Cyberdefense, like all European MSSPs, has historically relied heavily on non-European cybersecurity vendors. By bringing local vendors into the platform, Orange Cyberdefense is not abandoning these relationships but rather creating a more balanced ecosystem that gives customers genuine choice and reduces single points of failure in the security supply chain.

Sky clarity for Orange Cyberdefense

Orange Cyberdefense is simultaneously scaling up to enterprise deals while platformizing services for SMEs, integrating more tightly with Orange Group while cultivating local vendor relationships, and shifting from reactive incident response to proactive threat intelligence.

These moves share a common logic: Orange Cyberdefense is leveraging its unique position as a large MSSP embedded within a major European telecommunications group to address the structural challenges that make cybersecurity difficult to deliver and purchase.

1. The parent company’s research capabilities provide access to emerging technologies like post-quantum cryptography and agentic AI.
2. The telecommunications infrastructure and customer relationships focused on SMB everywhere. Orange is a telco that provides a nice opportunity for upsale with highly bundled, sovereign offers.
3. The threat intelligence capabilities enable the shift from lifeboat to lighthouse that makes security value more visible and measurable.