French local authorities’ leaders facing the operational management of cyber threats: a typological approach[Les dirigeants de collectivités territoriales françaises confrontés à la gestion opérationnelle des cybermenaces : une approche typologique]

Data assessing the extent to which local authority managers take into account the security of theirinformation systems (IS) are rare in general andnon-existent in France. Yet this security is a major strategic imperative that goes beyond the local level, as shown by the constant increase in cyberattacks against local authorities - including small ones - since the beginning of the Covid crisis19.The theoretical underpinnings of this article are based on the work related to the adoption and appropriation of digital tools in TOE mode by Tor-natzky and Fleischer (1990), on that related to digital risks in public organisations by Norris et al. (2019) as well as on that related to cyberattacksby Février (2020). It is empirically based on data from the only survey specifically carried out to date on cybersecurity among 67 managers of local au-thorities with fewer than 3,500 inhabitants, with a statistical treatment that is successively descriptive and by hierarchical classification. The articleasks the question of the 'why' of this vulnerability by deciphering the obstacles delaying the deployment of a real IS security policy for local autho-rities. The analysis carried out tends to highlight worrying gaps in the awareness of the reality of digital risks by territorial decision-makers and pro-poses a typology of the profiles of local authorities' leaders in relation to digital risk management. The objective is to contribute to the operationalization by the public authorities of a proactive approach of structural security of territorial IS as well as of citizens' personal data.